|
Plagegeister aller Art und deren Bekämpfung: Webseiten werden geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.12.2015, 20:39 | #1 |
| Webseiten werden geöffnet Hallo zusammen, seit einiger Zeit habe ich folgendes Phänomen: Wenn ich meinen Laptop im Leerlauf lasse, öffnet sich nach einer Zeit mein Browser und startet 3 Webseiten. Diese sind aber zufällig bzw. ändern sich häufig. Häufig dabei ist wheather1st und repadnet. Interessant ist auch, dass wenn ich weitere Reiter öffne, die Veränderung der Webseiten wirklich nur bei den 3 Reitern passiert. Da das Ganze also nur im Leerlauf ist, passiert nix, wenn ich dauernd am Rechner arbeite. Ich habe schon versucht, den Plagegeist zu finden, aber bisher hat nichts gefruchtet. Mein Scan mit OTL ergibt folgendes: Code:
ATTFilter OTL Extras logfile created on: 13.12.2015 20:14:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaG\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18125) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free 9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32 Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{95CE8116-8D99-4FCA-93D2-F8B7A526F678}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E08E12CF-131E-4137-84AD-8AA4F82BDCE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{FB5FA686-D142-4829-8030-7725CE87BF65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008E93F9-FC69-4EBB-883F-66E68296FE9F}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{030066CC-AAD3-4867-BB12-D708ADF84DFA}" = dir=out | name=f5 vpn | "{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{0538CDE4-F10A-431A-85FA-5BB50CAC5BD5}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{05F4F32E-7913-4C5E-8CF1-680512F4C1B4}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{060B68A2-0E87-49F3-9125-FCE78C64E83F}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{08B3BB07-C598-45AC-8F67-D52CD9608849}" = dir=out | name=sonicwall mobile connect | "{12C44774-64DF-4B86-ADE9-0D0B8E628997}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{14CC88BF-97AB-4BB8-A3B6-2671EF8053D1}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{1BDD9F30-9B12-4D95-8DB6-86EA6B618AD6}" = dir=in | name=zinio | "{2103EFFD-E5FF-4539-A376-6530F74C82FD}" = dir=in | name=f5 vpn | "{256D89D0-97A9-49F7-97EE-457436FF9349}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{2964E4A7-4C21-460F-A479-08042CA954F5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{2A911024-CAB5-4966-A72E-6545C2C0362F}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{2F44D823-B906-4CAC-BA0D-B205B9DE298F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{33DEAE49-2FE2-4963-81FD-84201208848C}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{34AAFA3E-58E4-4CBA-BE68-9DCC62703344}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{34B635D0-D5D4-420F-A7CE-DA223C7A43FD}" = dir=in | name=sonicwall mobile connect | "{3AD01CD3-ADDD-4A42-8934-3646F1D93173}" = dir=out | name=check point vpn | "{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{406AEF3F-13CA-48A2-A2EB-3D5A0AF58576}" = dir=in | name=juniper networks junos pulse | "{407EB8EA-8ACC-471D-9572-D4DB5537D539}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{433B6A74-6EB5-435D-90F4-04D81FB54E8C}" = dir=out | name=windows_ie_ac_001 | "{43C7692C-66F3-4517-9321-44688429C520}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{52D8B427-DBDC-4CB9-82B9-46D29E9DEDD7}" = dir=out | name=cut the rope | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{561B2837-F244-4873-B07F-BE235E69CE59}" = dir=in | name=skype | "{56C08B18-57FA-4A5E-9765-B489999BA5B8}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{57C684D4-69AD-4B4B-A0D1-F29AF0D78A16}" = dir=in | name=check point vpn | "{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{5E1B99A0-5382-42F8-8967-1410F2F1622A}" = dir=out | name=zinio | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{600FDE3D-EBFE-4B39-BBFA-CD59A85FFE5F}" = dir=out | name=juniper networks junos pulse | "{61C9E022-FA77-46A3-8F9C-D8618C5BC2E2}" = dir=in | name=acer explorer | "{63865281-D5F5-4D38-8362-F138AC278D23}" = dir=out | name=tunein radio | "{640EDFA4-EF12-403C-828E-B14A6C01E212}" = dir=out | name=txtr ebooks | "{68992693-29CA-43B5-80AF-EF5CAEE9CA26}" = dir=in | name=onenote | "{7571F6E2-911B-4F71-832D-F4CA20EAA8A1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{762BEE9E-2D67-4777-AA87-87BA6F0B8E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{79A02720-C531-4FC9-A2A3-E32C3CF74E98}" = dir=out | name=acer explorer | "{8039EE20-5698-4C20-9C5C-F5F1F62DE282}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{80BBF4C4-D90E-4463-A793-C7585FCB09DB}" = dir=out | name=onenote | "{8389E18C-FF1A-4106-921D-2CA803000037}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A160583C-A1BE-43F3-8FC1-C7D5E2EE9DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A42E427F-552C-454A-8E75-863672EBA8BE}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{A51982E3-8677-4D7A-8315-4590C92BCC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | "{A786D537-591C-4122-BC6A-0CA782F6CA20}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{A8D581C3-7CF7-4BFA-9D3D-9E00DEA41CF0}" = dir=in | name=music maker jam | "{A9398DBD-4C65-452C-B503-69C9FE158860}" = dir=out | name=skype | "{AC8A2880-75B7-4EEB-A4D3-7033FE198908}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | "{B09DAD64-EE5A-4AD3-A7C8-08380673CC62}" = dir=out | name=newsxpresso | "{B1278B12-29BF-4307-97E0-49303009947F}" = dir=out | name=music maker jam | "{B34D8AE4-D8C7-4056-8112-932D213FD866}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | "{B41A2AC4-5B49-4C64-B285-9CB1EB1548A3}" = dir=in | name=hp all-in-one printer remote | "{B5D04F1F-8B0A-4D24-AA27-C433C89F400B}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{B86484D9-A867-4139-9961-56EAFC27D0F3}" = dir=out | name=the treasures of montezuma 3 | "{B8E62E7E-5B3E-495E-8B22-4F463E68BC43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B9344F86-3B5E-41EA-9D86-B5BD2DBA468A}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{BB8DF291-466C-48C9-8D7E-C03F42159DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}" = dir=in | app=c:\program files (x86)\dropbox\client\dropbox.exe | "{C716DE4F-70D5-454E-AABD-7A9B119AA02B}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{C7C5B632-E33E-4356-8511-09866EEE7955}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | "{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{D1710745-DC8F-4360-A03D-B3457B217AEB}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{D27C2C67-608D-4E0E-9378-992FA77258D0}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe | "{D2811984-BF50-43EC-9E80-1E80C7576275}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{D309308A-4A28-4E1D-97C8-18234DAB58AD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D7501E89-045B-4D89-B6F1-AA40577F9D8F}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{DA4F0212-6072-4934-8983-7B887EE2C4D3}" = dir=out | name=hp all-in-one printer remote | "{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DE8330FA-41EF-4B00-B4E8-66E081C702A8}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{E31B11E3-ED46-4D1F-ABC6-99CA0BCEECA6}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{E516554E-9791-4EF8-95D7-074D6818D569}" = dir=out | name=windows_ie_ac_001 | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E847B8AF-B8CE-4E2D-9F56-BE812C64A3B1}" = dir=out | name=windows_ie_ac_001 | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{F06AF458-FD6D-40E1-ABDB-7CD54101F76B}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{F3FF704B-9F51-489B-8D97-A6126EF8708A}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F68C1501-D77F-438B-BC31-4EFD1752D87A}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{F6D4B300-3739-4C79-A6B0-22404E964637}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F79206ED-21DB-4990-8247-6DED8EE265B6}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{F92D8DEF-68F8-4B68-B9EC-B2E4FA11AD6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{FAD818EB-9F50-4ACD-BBE7-3AFFD0ABE3F4}" = dir=out | name=weatherbug.a | "TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | "TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | "UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | "UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | "UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management "{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client "{45BBA5DD-7F9F-AE62-7799-F85C96FD34EF}" = ccc-utility64 "{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät "{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}" = HP Unified IO "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67AA948F-8D83-4566-B84A-7CAABCF64E3F}" = Broadcom Card Reader Driver Installer "{6BF02415-70FD-A0AF-C9BF-9B05AC8FBA91}" = AMD Accelerated Video Transcoding "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager "{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten "{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}" = Broadcom NetLink Controller "{E3CA751C-E133-0BF1-3151-7A6D3FB88015}" = AMD Catalyst Install Manager "{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.9.0d5 "CCleaner" = CCleaner "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "Reason8.0Stable_64_is1" = Reason 8 8.3.2d7 "Sandboxie" = Sandboxie 5.06 (64-bit) "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1" = SuperEasy Audio Converter 2 v.2.1.3063 "{04973ECC-476F-CE5A-247E-47E04D00941B}" = CCC Help Chinese Traditional "{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish "{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional "{11C007CB-AD6B-4898-A6AF-BCCE6C2EF5B9}" = Nero WaveEditor "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU "{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive "{1D30EA2E-5341-493E-8D71-0EED788B6CD9}" = Nero WaveEditor Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003 "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{24EC20E9-E55D-2438-7EFB-EBDE180463B5}" = CCC Help Portuguese "{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding "{268949A6-DDCD-CFE5-BE95-7347AC66709C}" = CCC Help Korean "{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program "{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian "{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian "{2E302F5E-9C1C-CF99-D788-E4D3D707A0AD}" = CCC Help Chinese Standard "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{33BE5D36-1822-1B12-54A4-1CD01656B422}" = CCC Help Polish "{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2 "{3886CE18-322D-B7B8-F162-A96620DC4B47}" = Catalyst Control Center "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3C5FB6E7-DFAA-1E8D-6FEB-4B1CB8BF8F04}" = CCC Help Finnish "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3DBFC71A-D5F9-7A39-9C07-0FEB041824CB}" = CCC Help Japanese "{427B5B6C-7953-78D5-8A63-E113C848C9F5}" = CCC Help Danish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01 "{53DB1E4D-74B6-2C04-0A2B-3D3E0DC20D63}" = CCC Help Norwegian "{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian "{5785302F-570A-6D2C-E61B-E808A144102D}" = Catalyst Control Center Profiles Mobile "{585D1F10-5802-4A6C-BBEA-89814239C84A}" = Catalyst Control Center - Branding "{593F5702-AB44-F64D-2F45-1F37CDEA01B8}" = CCC Help Greek "{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}" = Avira Launcher "{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish "{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese "{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center "{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian "{62A87765-B535-FBCC-4743-45E7CF9F9810}" = CCC Help Swedish "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{652F176B-E10A-38BF-0B12-AFC52A17E56D}" = CCC Help Czech "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{78545512-1F84-4357-8A9A-D94D9C3CE4FA}" = HP Support Solutions Framework "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French "{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85EBE536-24B8-4B5A-D6E9-FC34A7C52B39}" = CCC Help Spanish "{8649C9CA-1F41-11E9-0F1E-DD494443A7F0}" = CCC Help Italian "{86E0DAF6-D3E4-ED45-908F-41EE680CCF0C}" = CCC Help German "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{8F6ABAF5-4B5D-78CF-FD6A-7EEDC71E74F2}" = Catalyst Control Center Localization All "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update "{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D67E683-1144-4C0C-A9F3-5171F7678FF3}" = Avira Launcher "{9D9F2DBE-3319-9844-2EDE-0DF98E832E8C}" = CCC Help Hungarian "{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe "{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent "{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish "{A46EBB0F-F784-E1CA-A97C-70E02C575057}" = CCC Help Thai "{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal "{AB96AFC8-CC8C-46DA-F710-FE3C6B26E137}" = CCC Help French "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AF87F2CA-71AA-9786-C8D9-3C38244E53DA}" = CCC Help Russian "{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek "{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B5A89E67-E8D0-70E8-6634-EE3554FD6353}" = CCC Help Dutch "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{BEDC9772-10E8-4BBA-9048-CD78CD93BF38}" = PDF Architect 3 View Module "{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard "{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai "{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German "{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs "{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM) "{D2C51AA1-77F3-5D86-114C-20DEBB3425DE}" = CCC Help English "{D4073D4E-4338-90DD-F2A2-E184826C5539}" = CCC Help Turkish "{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp "{DF47AB90-FB92-42F4-926E-1C4FF16029E7}" = Boxcryptor Classic 1.7 "{E9397ACE-64E3-49EA-98B0-F787F0637029}" = PDF Architect 3 Edit Module "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean "{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2 "{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}" = OEM Application Profile "{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish "{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{EE430B59-A026-4C96-8906-E4C05B7FCC37}" = Nero WaveEditor "{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1390872-2500-4408-A46C-CD16C960C661}" = HP Unified IO "{F1642ACD-1F50-FCC2-BDA6-C83762316958}" = PX Profile Update "{F2401C6F-8A6E-17B4-F550-3C54FAC8A5E8}" = Catalyst Control Center InstallProxy "{FAB06EA0-4907-47CE-B002-4EEFA36F806D}" = PDF Architect 3 Create Module "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese "{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English "4K Video Downloader_is1" = 4K Video Downloader 3.6 "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Avira Antivirus" = Avira Antivirus "Click2Music" = Click2Music "Dropbox" = Dropbox "DYMO Label v.8" = DYMO Label v.8 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "IObit_StartMenu8_is1" = Start Menu 8 "Line 6 Uninstaller" = Line 6 Uninstaller "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.0.1024 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Paperless Converter_is1" = Paperless Converter version 9.07 "Paperless Printer_is1" = Paperless Printer version 6.0.0.1 "PDF Architect 3" = PDF Architect 3 "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU "WebPost" = Microsoft Web Publishing Wizard 1.53 "WUCCCApp" = Catalyst Control Center ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Flux" = f.lux ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.12.2015 15:47:53 | Computer Name = KanockelHoppel | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Ausnahmecode: 0x80000003 Fehleroffset: 0x00007f81 ID des fehlerhaften Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0x01d132ba7d67b26c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe Berichtskennung: bbb8c115-9ead-11e5-bf14-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 09.12.2015 16:28:57 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10.12.2015 16:16:31 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = Error - 10.12.2015 16:39:10 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 11.12.2015 16:20:48 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = Error - 11.12.2015 16:49:30 | Computer Name = KanockelHoppel | Source = Microsoft-Windows-LocationProvider | ID = 2006 Description = There was an error with the Windows Location Provider database Error - 13.12.2015 08:19:21 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = Error - 13.12.2015 09:10:45 | Computer Name = KanockelHoppel | Source = Application Hang | ID = 1002 Description = Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13e8 Startzeit: 01d135a6739aa026 Endzeit: 0 Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 13.12.2015 09:13:39 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 13.12.2015 14:56:49 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = [ System Events ] Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = < End of report > Code:
ATTFilter OTL logfile created on: 13.12.2015 20:14:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaG\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18125) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free 9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32 Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MaG\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (IObit) PRC - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (IObit) PRC - C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit) PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) PRC - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH) PRC - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) ========== Modules (No Company Name) ========== MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._core_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._controls_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._windows_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._misc_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\unicodedata.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pythoncom27.dll () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32gui.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pyexpat.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._wizard.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32file.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32security.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32api.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\usb_ext.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._animate.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._html2.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32inet.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32process.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pdh.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pipe.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32ts.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32event.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\thumbnails_ext.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32profile.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32crypt.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\select.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ssl.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_hashlib.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_elementtree.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pywintypes27.dll () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ctypes.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_socket.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_psutil_windows.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_yappi.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\common.time34.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\hashobjs_ext.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\173a22546b0edc901297108f25229d5e\System.IdentityModel.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\bdec9c7688afbbb0209e3a43dcde5079\System.Data.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d6180cfaac57962ca62186c1151b5f7f\System.ServiceModel.Internals.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\780d94e5d6c1620ed4556ed4d6586007\System.Numerics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fbb07ef2f687508f75bfeacd97f2453b\SMDiagnostics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\c9a7382a4f3e988b25ec829e08e118fd\System.ComponentModel.Composition.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcc841985004e93985727bbcc8abb0b\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6ea7a7e4e486dea084e6b14dd1fd765e\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5c44c09f1895981c038cacfbda28fdbd\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ca77cfc1da7241e2dd280b446dc7b92b\System.Xml.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d626184834dde3f4906aff139d4e5bbf\System.Xaml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ee7f7e41d916e3f4ffa520ff42bdbd4\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f96edd5482f69d76e661cb0e279c25f6\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\673e962beaf835de9a3660ea255d2a5e\System.ServiceModel.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\fadd99ca6318632b3f3d4f31eb91db7a\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c98b70fea45b348a5283fad4dfa4b220\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\e3abc4d3f7fef760d13bf957613960cb\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e09d73263866a3b0472fd3a4d9aaccae\PresentationFramework.Aero2.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2f55a37d0019f1ae3660755f160d73da\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\8cb954738fb5d385430c075e24483e71\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\579202ba970d73dae32cc3a5c68af8e2\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\257fa713928375c0ac9b9f24904e988f\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\fastpath.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll () MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd () MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b1531097c798aa059b87e8bff3f5591\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\madexcept_.bpl () MOD - C:\Program Files (x86)\IObit\Classic Start\madbasic_.bpl () MOD - C:\Program Files (x86)\IObit\Classic Start\maddisAsm_.bpl () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\librsync.dll () MOD - C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32service.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32ts.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32security.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32process.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32profile.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32gui.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32file.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32event.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32api.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\sip.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\select.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll () MOD - C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\159c1674c74e3372bda64afddf88cb3b\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ee6d89830b1aea077e5fc12fb95df6a0\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\035d2a25a1bf16475e1bbc0a112b3388\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll () MOD - C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll () ========== Services (SafeList) ========== SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Avira.ServiceHost) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) SRV - (SMService) -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit) SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) SRV - (PDF Architect 3) -- C:\Program Files (x86)\PDF Architect 3\ws.exe (pdfforge GmbH) SRV - (PDF Architect 3 Creator) -- C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH) SRV - (PDF Architect 3 CrashHandler) -- C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe (pdfforge GmbH) SRV - (dbupdatem) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) SRV - (dbupdate) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (LMSvc) -- C:\Programme\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporate) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther Corporation) DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_VPN.sys (SoftEther Corporation) DRV:64bit: - (VBoxNetLwf) -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys (Oracle Corporation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp6.sys (Oracle Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (LMDriver) -- C:\Windows\SysNative\drivers\LMDriver.sys (Acer Incorporated) DRV:64bit: - (RadioShim) -- C:\Windows\SysNative\drivers\RadioShim.sys (Acer Incorporated) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {38AFC276-312F-43FF-A52A-7DA86F63BC34} IE - HKCU\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\PDF Architect 3: C:\Program Files (x86)\PDF Architect 3\np-previewer.dll (pdfforge GmbH) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pdf_architect_3_conv@pdfarchitect.org: C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension\ [2015.09.26 12:23:29 | 000,000,000 | ---D | M] [2015.11.29 19:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions [2015.11.29 19:54:10 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions\abs@avira.com ========== Chrome ========== CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.7.0_0\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\ O1 HOSTS File: ([2015.10.25 06:17:49 | 000,450,831 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15473 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PDF Architect 3 Helper) - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll (pdfforge GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect 3 Toolbar) - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll (pdfforge GmbH) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [BoxcryptorClassic.exe] C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) O4 - HKCU..\Run: [f.lux] C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinkeys = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation) O22 - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015.10.22 21:36:52 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2034.10.18 01:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2015.12.13 14:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0 [2015.12.13 14:03:34 | 000,145,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WEBPOST.DLL [2015.12.13 14:03:34 | 000,121,984 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CRSWPP.DLL [2015.12.13 14:03:34 | 000,112,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WPWIZDLL.DLL [2015.12.13 14:03:34 | 000,099,008 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\POSTWPP.DLL [2015.12.13 14:03:34 | 000,098,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FTPWPP.DLL [2015.12.13 14:03:34 | 000,093,456 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FPWPP.DLL [2015.12.13 14:03:34 | 000,050,816 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PIPARSE.DLL [2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish [2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing [2015.12.13 14:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2015.12.13 14:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2015.12.13 13:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [2015.12.11 21:48:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AutoKMS [2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\GWX [2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\GWX [2015.12.08 21:14:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys [2015.12.08 21:12:23 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2015.12.08 21:12:23 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2015.12.08 21:12:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2015.12.08 21:12:20 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2015.12.08 21:12:19 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2015.12.08 21:12:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2015.12.08 21:12:10 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2015.12.08 21:11:57 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2015.12.08 21:11:56 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2015.12.08 21:11:56 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll [2015.12.08 21:11:54 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2015.12.08 21:11:53 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2015.12.08 21:11:51 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll [2015.12.08 21:11:51 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2015.12.08 21:11:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll [2015.12.08 21:11:51 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2015.12.08 21:11:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2015.12.08 21:11:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2015.12.08 21:11:27 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll [2015.12.08 21:11:26 | 000,868,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll [2015.12.08 21:11:24 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll [2015.12.08 21:11:24 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL [2015.12.08 21:11:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll [2015.12.08 21:11:20 | 007,455,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.12.08 21:11:20 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2015.12.08 21:11:20 | 001,487,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2015.12.08 21:11:20 | 001,355,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2015.12.08 21:11:19 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll [2015.12.08 21:11:19 | 001,659,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2015.12.08 21:11:19 | 001,519,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2015.12.08 21:11:19 | 001,344,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll [2015.12.08 21:11:19 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll [2015.12.08 21:11:19 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll [2015.12.08 21:11:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll [2015.12.08 21:11:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll [2015.12.08 21:11:16 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll [2015.12.08 21:11:16 | 001,753,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll [2015.12.08 21:11:16 | 001,540,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll [2015.12.08 21:11:16 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll [2015.12.08 21:11:15 | 001,385,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll [2015.12.08 21:11:01 | 002,243,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015.12.08 21:11:01 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015.12.08 21:11:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015.12.08 21:11:01 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015.12.08 21:11:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015.12.08 21:11:01 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015.12.08 21:11:01 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015.12.08 21:11:01 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015.12.08 21:11:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015.12.08 21:11:01 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015.12.08 21:11:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015.12.08 21:11:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015.12.08 21:11:00 | 002,775,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2015.12.08 21:11:00 | 002,462,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2015.12.08 21:10:59 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe [2015.12.08 21:10:59 | 000,468,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS [2015.12.08 21:10:59 | 000,443,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys [2015.12.08 21:10:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininit.exe [2015.12.08 21:10:59 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PCPKsp.dll [2015.12.08 21:10:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PCPKsp.dll [2015.12.08 21:10:59 | 000,027,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys [2015.12.07 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\TeamViewer [2015.11.29 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Avira [2015.11.29 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Mozilla [2015.11.29 19:52:45 | 000,146,696 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2015.11.29 19:52:45 | 000,135,880 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2015.11.29 19:52:45 | 000,073,032 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2015.11.29 19:52:45 | 000,035,488 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2015.11.29 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2015.11.29 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2015.11.29 19:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2015.11.29 19:23:34 | 000,029,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aspnet_counters.dll [2015.11.29 19:23:33 | 000,028,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aspnet_counters.dll [2015.11.25 21:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 [2015.11.23 21:31:59 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015.11.23 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.11.23 21:31:43 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2015.11.23 21:31:43 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2015.11.23 21:31:43 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015.11.23 21:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9} [2015.11.23 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9} [2015.11.16 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E} [2015.11.16 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460} [2015.11.15 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\freac [2015.11.15 17:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter [2015.11.15 17:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freac [2015.11.15 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\SuperEasy Software [2015.11.15 17:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software [2015.11.15 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperEasy Software [2015.11.15 17:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4 [2015.11.15 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperEasy Software [2015.11.15 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Local\CrashDumps [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2021.10.21 14:36:56 | 000,000,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTKHDRC.dat [2021.10.04 08:34:42 | 000,000,712 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTMICEQ0.dat [2015.12.13 20:07:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015.12.13 20:00:54 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015.12.13 19:54:42 | 000,001,974 | ---- | M] () -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015.12.13 19:54:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015.12.13 19:54:12 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015.12.13 19:52:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015.12.13 18:01:09 | 000,001,138 | ---- | M] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog [2015.12.13 14:03:36 | 000,000,535 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2015.12.13 14:03:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2015.12.13 14:01:59 | 000,143,300 | ---- | M] () -- C:\WINDOWS\vssetup.ttf [2015.12.13 14:01:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\vssetup.for [2015.12.13 13:23:05 | 001,785,582 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015.12.13 13:23:05 | 000,769,092 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2015.12.13 13:23:05 | 000,725,380 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015.12.13 13:23:05 | 000,160,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2015.12.13 13:23:05 | 000,136,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015.12.10 21:11:50 | 000,495,520 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015.12.08 21:03:41 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015.12.07 20:49:29 | 000,001,481 | ---- | M] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk [2015.12.07 20:39:24 | 000,001,580 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2015.12.02 21:09:54 | 000,146,696 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2015.12.02 21:09:54 | 000,135,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2015.12.02 21:09:54 | 000,073,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2015.12.02 21:09:54 | 000,035,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2015.12.01 18:19:27 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2015.12.01 18:19:27 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2015.11.24 06:29:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2015.11.23 21:31:48 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.11.22 07:59:22 | 001,735,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2015.11.22 07:59:22 | 001,659,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2015.11.22 07:59:22 | 001,519,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2015.11.22 07:59:22 | 001,487,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2015.11.22 07:59:22 | 001,355,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2015.11.22 07:59:17 | 007,455,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.11.21 19:32:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll [2015.11.21 18:50:31 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll [2015.11.21 17:59:56 | 001,706,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll [2015.11.21 17:49:44 | 001,344,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll [2015.11.21 17:47:09 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll [2015.11.21 17:40:31 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll [2015.11.21 07:45:33 | 000,001,542 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader [2015.11.20 23:47:40 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015.11.20 19:18:57 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015.11.20 17:47:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015.11.20 17:46:51 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015.11.20 17:44:35 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015.11.20 17:44:05 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015.11.20 17:43:05 | 000,897,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015.11.20 17:42:20 | 002,243,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015.11.20 17:30:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015.11.20 17:29:43 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015.11.20 17:28:06 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015.11.20 17:27:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015.11.15 17:41:05 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk [2015.11.15 17:03:39 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.12.13 14:03:36 | 000,000,535 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2015.12.13 14:03:36 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2015.12.13 14:01:59 | 000,143,300 | ---- | C] () -- C:\WINDOWS\vssetup.ttf [2015.12.13 14:01:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\vssetup.for [2015.12.07 20:49:29 | 000,001,481 | ---- | C] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk [2015.12.05 17:55:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015.12.05 17:55:40 | 000,001,144 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015.11.29 19:54:29 | 000,001,138 | ---- | C] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog [2015.11.23 21:31:48 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.11.15 17:41:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk [2015.11.15 17:03:39 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk [2015.11.03 09:36:37 | 000,001,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2015.11.02 15:23:00 | 000,004,096 | -H-- | C] () -- C:\Users\MaG\AppData\Local\keyfile3.drm [2015.09.26 12:17:33 | 000,000,740 | ---- | C] () -- C:\Users\MaG\AppData\Local\recently-used.xbel [2015.09.22 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\hpiDp.vbs [2015.09.19 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\t4t5KB.vbs [2015.08.23 09:46:40 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\boukZ.vbs [2015.08.23 07:48:56 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\7o5cj3r.vbs [2015.08.16 21:11:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015.08.08 19:35:05 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\6U3x63w.vbs [2015.08.08 19:24:22 | 003,531,374 | ---- | C] () -- C:\Users\MaG\AppData\Local\curl.zip [2015.07.19 21:19:43 | 000,000,396 | ---- | C] () -- C:\Users\MaG\AppData\Local\G0rg5H.vbs [2015.07.18 20:48:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2015.07.18 19:07:27 | 001,774,862 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2015.03.19 20:01:54 | 000,187,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2015.03.19 20:01:48 | 017,289,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll [2014.11.21 05:05:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2014.11.21 05:03:37 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014.11.21 04:42:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014.07.21 21:04:58 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat [2014.07.21 21:04:58 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat [2014.07.21 21:04:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat [2014.07.21 21:04:04 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe [2014.07.21 21:04:04 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe [2014.07.21 21:03:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll [2014.02.11 22:40:42 | 000,000,217 | ---- | C] () -- C:\Users\MaG\.swfinfo ========== ZeroAccess Check ========== [2015.11.15 17:07:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.08.27 03:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.08.27 03:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.11.21 05:03:53 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014.11.21 05:05:05 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.11.21 05:03:52 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive:ms-properties @Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive.old:ms-properties < End of report > |
13.12.2015, 20:43 | #2 |
| Webseiten werden geöffnet Mein Scan mit OTL ergibt folgendes:
__________________Code:
ATTFilter OTL Extras logfile created on: 13.12.2015 20:14:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaG\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18125) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free 9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32 Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{95CE8116-8D99-4FCA-93D2-F8B7A526F678}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E08E12CF-131E-4137-84AD-8AA4F82BDCE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{FB5FA686-D142-4829-8030-7725CE87BF65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008E93F9-FC69-4EBB-883F-66E68296FE9F}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{030066CC-AAD3-4867-BB12-D708ADF84DFA}" = dir=out | name=f5 vpn | "{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{0538CDE4-F10A-431A-85FA-5BB50CAC5BD5}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{05F4F32E-7913-4C5E-8CF1-680512F4C1B4}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{060B68A2-0E87-49F3-9125-FCE78C64E83F}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{08B3BB07-C598-45AC-8F67-D52CD9608849}" = dir=out | name=sonicwall mobile connect | "{12C44774-64DF-4B86-ADE9-0D0B8E628997}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{14CC88BF-97AB-4BB8-A3B6-2671EF8053D1}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{1BDD9F30-9B12-4D95-8DB6-86EA6B618AD6}" = dir=in | name=zinio | "{2103EFFD-E5FF-4539-A376-6530F74C82FD}" = dir=in | name=f5 vpn | "{256D89D0-97A9-49F7-97EE-457436FF9349}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{2964E4A7-4C21-460F-A479-08042CA954F5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{2A911024-CAB5-4966-A72E-6545C2C0362F}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{2F44D823-B906-4CAC-BA0D-B205B9DE298F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{33DEAE49-2FE2-4963-81FD-84201208848C}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{34AAFA3E-58E4-4CBA-BE68-9DCC62703344}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{34B635D0-D5D4-420F-A7CE-DA223C7A43FD}" = dir=in | name=sonicwall mobile connect | "{3AD01CD3-ADDD-4A42-8934-3646F1D93173}" = dir=out | name=check point vpn | "{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{406AEF3F-13CA-48A2-A2EB-3D5A0AF58576}" = dir=in | name=juniper networks junos pulse | "{407EB8EA-8ACC-471D-9572-D4DB5537D539}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{433B6A74-6EB5-435D-90F4-04D81FB54E8C}" = dir=out | name=windows_ie_ac_001 | "{43C7692C-66F3-4517-9321-44688429C520}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{52D8B427-DBDC-4CB9-82B9-46D29E9DEDD7}" = dir=out | name=cut the rope | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{561B2837-F244-4873-B07F-BE235E69CE59}" = dir=in | name=skype | "{56C08B18-57FA-4A5E-9765-B489999BA5B8}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{57C684D4-69AD-4B4B-A0D1-F29AF0D78A16}" = dir=in | name=check point vpn | "{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{5E1B99A0-5382-42F8-8967-1410F2F1622A}" = dir=out | name=zinio | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{600FDE3D-EBFE-4B39-BBFA-CD59A85FFE5F}" = dir=out | name=juniper networks junos pulse | "{61C9E022-FA77-46A3-8F9C-D8618C5BC2E2}" = dir=in | name=acer explorer | "{63865281-D5F5-4D38-8362-F138AC278D23}" = dir=out | name=tunein radio | "{640EDFA4-EF12-403C-828E-B14A6C01E212}" = dir=out | name=txtr ebooks | "{68992693-29CA-43B5-80AF-EF5CAEE9CA26}" = dir=in | name=onenote | "{7571F6E2-911B-4F71-832D-F4CA20EAA8A1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{762BEE9E-2D67-4777-AA87-87BA6F0B8E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{79A02720-C531-4FC9-A2A3-E32C3CF74E98}" = dir=out | name=acer explorer | "{8039EE20-5698-4C20-9C5C-F5F1F62DE282}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{80BBF4C4-D90E-4463-A793-C7585FCB09DB}" = dir=out | name=onenote | "{8389E18C-FF1A-4106-921D-2CA803000037}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A160583C-A1BE-43F3-8FC1-C7D5E2EE9DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A42E427F-552C-454A-8E75-863672EBA8BE}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{A51982E3-8677-4D7A-8315-4590C92BCC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | "{A786D537-591C-4122-BC6A-0CA782F6CA20}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{A8D581C3-7CF7-4BFA-9D3D-9E00DEA41CF0}" = dir=in | name=music maker jam | "{A9398DBD-4C65-452C-B503-69C9FE158860}" = dir=out | name=skype | "{AC8A2880-75B7-4EEB-A4D3-7033FE198908}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | "{B09DAD64-EE5A-4AD3-A7C8-08380673CC62}" = dir=out | name=newsxpresso | "{B1278B12-29BF-4307-97E0-49303009947F}" = dir=out | name=music maker jam | "{B34D8AE4-D8C7-4056-8112-932D213FD866}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | "{B41A2AC4-5B49-4C64-B285-9CB1EB1548A3}" = dir=in | name=hp all-in-one printer remote | "{B5D04F1F-8B0A-4D24-AA27-C433C89F400B}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{B86484D9-A867-4139-9961-56EAFC27D0F3}" = dir=out | name=the treasures of montezuma 3 | "{B8E62E7E-5B3E-495E-8B22-4F463E68BC43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B9344F86-3B5E-41EA-9D86-B5BD2DBA468A}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{BB8DF291-466C-48C9-8D7E-C03F42159DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}" = dir=in | app=c:\program files (x86)\dropbox\client\dropbox.exe | "{C716DE4F-70D5-454E-AABD-7A9B119AA02B}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{C7C5B632-E33E-4356-8511-09866EEE7955}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | "{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{D1710745-DC8F-4360-A03D-B3457B217AEB}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{D27C2C67-608D-4E0E-9378-992FA77258D0}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe | "{D2811984-BF50-43EC-9E80-1E80C7576275}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{D309308A-4A28-4E1D-97C8-18234DAB58AD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D7501E89-045B-4D89-B6F1-AA40577F9D8F}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{DA4F0212-6072-4934-8983-7B887EE2C4D3}" = dir=out | name=hp all-in-one printer remote | "{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DE8330FA-41EF-4B00-B4E8-66E081C702A8}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{E31B11E3-ED46-4D1F-ABC6-99CA0BCEECA6}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{E516554E-9791-4EF8-95D7-074D6818D569}" = dir=out | name=windows_ie_ac_001 | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E847B8AF-B8CE-4E2D-9F56-BE812C64A3B1}" = dir=out | name=windows_ie_ac_001 | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{F06AF458-FD6D-40E1-ABDB-7CD54101F76B}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{F3FF704B-9F51-489B-8D97-A6126EF8708A}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F68C1501-D77F-438B-BC31-4EFD1752D87A}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{F6D4B300-3739-4C79-A6B0-22404E964637}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F79206ED-21DB-4990-8247-6DED8EE265B6}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{F92D8DEF-68F8-4B68-B9EC-B2E4FA11AD6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{FAD818EB-9F50-4ACD-BBE7-3AFFD0ABE3F4}" = dir=out | name=weatherbug.a | "TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | "TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | "UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | "UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | "UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management "{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client "{45BBA5DD-7F9F-AE62-7799-F85C96FD34EF}" = ccc-utility64 "{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät "{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}" = HP Unified IO "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67AA948F-8D83-4566-B84A-7CAABCF64E3F}" = Broadcom Card Reader Driver Installer "{6BF02415-70FD-A0AF-C9BF-9B05AC8FBA91}" = AMD Accelerated Video Transcoding "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager "{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten "{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}" = Broadcom NetLink Controller "{E3CA751C-E133-0BF1-3151-7A6D3FB88015}" = AMD Catalyst Install Manager "{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.9.0d5 "CCleaner" = CCleaner "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "Reason8.0Stable_64_is1" = Reason 8 8.3.2d7 "Sandboxie" = Sandboxie 5.06 (64-bit) "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1" = SuperEasy Audio Converter 2 v.2.1.3063 "{04973ECC-476F-CE5A-247E-47E04D00941B}" = CCC Help Chinese Traditional "{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish "{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional "{11C007CB-AD6B-4898-A6AF-BCCE6C2EF5B9}" = Nero WaveEditor "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU "{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive "{1D30EA2E-5341-493E-8D71-0EED788B6CD9}" = Nero WaveEditor Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003 "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{24EC20E9-E55D-2438-7EFB-EBDE180463B5}" = CCC Help Portuguese "{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding "{268949A6-DDCD-CFE5-BE95-7347AC66709C}" = CCC Help Korean "{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program "{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian "{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian "{2E302F5E-9C1C-CF99-D788-E4D3D707A0AD}" = CCC Help Chinese Standard "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{33BE5D36-1822-1B12-54A4-1CD01656B422}" = CCC Help Polish "{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2 "{3886CE18-322D-B7B8-F162-A96620DC4B47}" = Catalyst Control Center "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3C5FB6E7-DFAA-1E8D-6FEB-4B1CB8BF8F04}" = CCC Help Finnish "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3DBFC71A-D5F9-7A39-9C07-0FEB041824CB}" = CCC Help Japanese "{427B5B6C-7953-78D5-8A63-E113C848C9F5}" = CCC Help Danish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01 "{53DB1E4D-74B6-2C04-0A2B-3D3E0DC20D63}" = CCC Help Norwegian "{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian "{5785302F-570A-6D2C-E61B-E808A144102D}" = Catalyst Control Center Profiles Mobile "{585D1F10-5802-4A6C-BBEA-89814239C84A}" = Catalyst Control Center - Branding "{593F5702-AB44-F64D-2F45-1F37CDEA01B8}" = CCC Help Greek "{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}" = Avira Launcher "{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish "{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese "{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center "{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian "{62A87765-B535-FBCC-4743-45E7CF9F9810}" = CCC Help Swedish "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{652F176B-E10A-38BF-0B12-AFC52A17E56D}" = CCC Help Czech "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{78545512-1F84-4357-8A9A-D94D9C3CE4FA}" = HP Support Solutions Framework "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French "{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85EBE536-24B8-4B5A-D6E9-FC34A7C52B39}" = CCC Help Spanish "{8649C9CA-1F41-11E9-0F1E-DD494443A7F0}" = CCC Help Italian "{86E0DAF6-D3E4-ED45-908F-41EE680CCF0C}" = CCC Help German "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{8F6ABAF5-4B5D-78CF-FD6A-7EEDC71E74F2}" = Catalyst Control Center Localization All "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update "{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D67E683-1144-4C0C-A9F3-5171F7678FF3}" = Avira Launcher "{9D9F2DBE-3319-9844-2EDE-0DF98E832E8C}" = CCC Help Hungarian "{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe "{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent "{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish "{A46EBB0F-F784-E1CA-A97C-70E02C575057}" = CCC Help Thai "{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal "{AB96AFC8-CC8C-46DA-F710-FE3C6B26E137}" = CCC Help French "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AF87F2CA-71AA-9786-C8D9-3C38244E53DA}" = CCC Help Russian "{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek "{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B5A89E67-E8D0-70E8-6634-EE3554FD6353}" = CCC Help Dutch "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{BEDC9772-10E8-4BBA-9048-CD78CD93BF38}" = PDF Architect 3 View Module "{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard "{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai "{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German "{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs "{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM) "{D2C51AA1-77F3-5D86-114C-20DEBB3425DE}" = CCC Help English "{D4073D4E-4338-90DD-F2A2-E184826C5539}" = CCC Help Turkish "{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp "{DF47AB90-FB92-42F4-926E-1C4FF16029E7}" = Boxcryptor Classic 1.7 "{E9397ACE-64E3-49EA-98B0-F787F0637029}" = PDF Architect 3 Edit Module "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean "{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2 "{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}" = OEM Application Profile "{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish "{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{EE430B59-A026-4C96-8906-E4C05B7FCC37}" = Nero WaveEditor "{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1390872-2500-4408-A46C-CD16C960C661}" = HP Unified IO "{F1642ACD-1F50-FCC2-BDA6-C83762316958}" = PX Profile Update "{F2401C6F-8A6E-17B4-F550-3C54FAC8A5E8}" = Catalyst Control Center InstallProxy "{FAB06EA0-4907-47CE-B002-4EEFA36F806D}" = PDF Architect 3 Create Module "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese "{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English "4K Video Downloader_is1" = 4K Video Downloader 3.6 "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Avira Antivirus" = Avira Antivirus "Click2Music" = Click2Music "Dropbox" = Dropbox "DYMO Label v.8" = DYMO Label v.8 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "IObit_StartMenu8_is1" = Start Menu 8 "Line 6 Uninstaller" = Line 6 Uninstaller "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.0.1024 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Paperless Converter_is1" = Paperless Converter version 9.07 "Paperless Printer_is1" = Paperless Printer version 6.0.0.1 "PDF Architect 3" = PDF Architect 3 "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU "WebPost" = Microsoft Web Publishing Wizard 1.53 "WUCCCApp" = Catalyst Control Center ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Flux" = f.lux ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.12.2015 15:47:53 | Computer Name = KanockelHoppel | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Ausnahmecode: 0x80000003 Fehleroffset: 0x00007f81 ID des fehlerhaften Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0x01d132ba7d67b26c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe Berichtskennung: bbb8c115-9ead-11e5-bf14-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 09.12.2015 16:28:57 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 10.12.2015 16:16:31 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = Error - 10.12.2015 16:39:10 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 11.12.2015 16:20:48 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = Error - 11.12.2015 16:49:30 | Computer Name = KanockelHoppel | Source = Microsoft-Windows-LocationProvider | ID = 2006 Description = There was an error with the Windows Location Provider database Error - 13.12.2015 08:19:21 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = Error - 13.12.2015 09:10:45 | Computer Name = KanockelHoppel | Source = Application Hang | ID = 1002 Description = Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13e8 Startzeit: 01d135a6739aa026 Endzeit: 0 Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 13.12.2015 09:13:39 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 13.12.2015 14:56:49 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079 Description = [ System Events ] Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016 Description = < End of report > |
13.12.2015, 20:44 | #3 |
| Webseiten werden geöffnet Und die OTL.txt-File
__________________Code:
ATTFilter OTL logfile created on: 13.12.2015 20:14:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MaG\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18125) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free 9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32 Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MaG\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (IObit) PRC - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (IObit) PRC - C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit) PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) PRC - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH) PRC - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) ========== Modules (No Company Name) ========== MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._core_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._controls_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._windows_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._misc_.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\unicodedata.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pythoncom27.dll () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32gui.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pyexpat.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._wizard.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32file.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32security.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32api.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\usb_ext.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._animate.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._html2.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32inet.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32process.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pdh.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pipe.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32ts.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32event.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\thumbnails_ext.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32profile.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32crypt.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\select.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ssl.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_hashlib.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_elementtree.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pywintypes27.dll () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ctypes.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_socket.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_psutil_windows.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_yappi.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\common.time34.pyd () MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\hashobjs_ext.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\173a22546b0edc901297108f25229d5e\System.IdentityModel.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\bdec9c7688afbbb0209e3a43dcde5079\System.Data.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d6180cfaac57962ca62186c1151b5f7f\System.ServiceModel.Internals.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\780d94e5d6c1620ed4556ed4d6586007\System.Numerics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fbb07ef2f687508f75bfeacd97f2453b\SMDiagnostics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\c9a7382a4f3e988b25ec829e08e118fd\System.ComponentModel.Composition.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcc841985004e93985727bbcc8abb0b\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6ea7a7e4e486dea084e6b14dd1fd765e\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5c44c09f1895981c038cacfbda28fdbd\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ca77cfc1da7241e2dd280b446dc7b92b\System.Xml.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d626184834dde3f4906aff139d4e5bbf\System.Xaml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ee7f7e41d916e3f4ffa520ff42bdbd4\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f96edd5482f69d76e661cb0e279c25f6\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\673e962beaf835de9a3660ea255d2a5e\System.ServiceModel.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\fadd99ca6318632b3f3d4f31eb91db7a\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c98b70fea45b348a5283fad4dfa4b220\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\e3abc4d3f7fef760d13bf957613960cb\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e09d73263866a3b0472fd3a4d9aaccae\PresentationFramework.Aero2.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2f55a37d0019f1ae3660755f160d73da\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\8cb954738fb5d385430c075e24483e71\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\579202ba970d73dae32cc3a5c68af8e2\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\257fa713928375c0ac9b9f24904e988f\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\fastpath.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll () MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd () MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b1531097c798aa059b87e8bff3f5591\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll () MOD - C:\Program Files (x86)\IObit\Classic Start\madexcept_.bpl () MOD - C:\Program Files (x86)\IObit\Classic Start\madbasic_.bpl () MOD - C:\Program Files (x86)\IObit\Classic Start\maddisAsm_.bpl () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll () MOD - C:\Program Files (x86)\Dropbox\Client\librsync.dll () MOD - C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32service.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32ts.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32security.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32process.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32profile.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32gui.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32file.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32event.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32api.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\sip.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\select.pyd () MOD - C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll () MOD - C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\159c1674c74e3372bda64afddf88cb3b\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ee6d89830b1aea077e5fc12fb95df6a0\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\035d2a25a1bf16475e1bbc0a112b3388\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll () MOD - C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll () ========== Services (SafeList) ========== SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Avira.ServiceHost) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) SRV - (SMService) -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit) SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) SRV - (PDF Architect 3) -- C:\Program Files (x86)\PDF Architect 3\ws.exe (pdfforge GmbH) SRV - (PDF Architect 3 Creator) -- C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH) SRV - (PDF Architect 3 CrashHandler) -- C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe (pdfforge GmbH) SRV - (dbupdatem) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) SRV - (dbupdate) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (LMSvc) -- C:\Programme\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporate) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther Corporation) DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_VPN.sys (SoftEther Corporation) DRV:64bit: - (VBoxNetLwf) -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys (Oracle Corporation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp6.sys (Oracle Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (LMDriver) -- C:\Windows\SysNative\drivers\LMDriver.sys (Acer Incorporated) DRV:64bit: - (RadioShim) -- C:\Windows\SysNative\drivers\RadioShim.sys (Acer Incorporated) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {38AFC276-312F-43FF-A52A-7DA86F63BC34} IE - HKCU\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\PDF Architect 3: C:\Program Files (x86)\PDF Architect 3\np-previewer.dll (pdfforge GmbH) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pdf_architect_3_conv@pdfarchitect.org: C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension\ [2015.09.26 12:23:29 | 000,000,000 | ---D | M] [2015.11.29 19:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions [2015.11.29 19:54:10 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions\abs@avira.com ========== Chrome ========== CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.7.0_0\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\ CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\ O1 HOSTS File: ([2015.10.25 06:17:49 | 000,450,831 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15473 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PDF Architect 3 Helper) - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll (pdfforge GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect 3 Toolbar) - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll (pdfforge GmbH) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [BoxcryptorClassic.exe] C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) O4 - HKCU..\Run: [f.lux] C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinkeys = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation) O22 - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015.10.22 21:36:52 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2034.10.18 01:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2015.12.13 14:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0 [2015.12.13 14:03:34 | 000,145,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WEBPOST.DLL [2015.12.13 14:03:34 | 000,121,984 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CRSWPP.DLL [2015.12.13 14:03:34 | 000,112,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WPWIZDLL.DLL [2015.12.13 14:03:34 | 000,099,008 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\POSTWPP.DLL [2015.12.13 14:03:34 | 000,098,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FTPWPP.DLL [2015.12.13 14:03:34 | 000,093,456 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FPWPP.DLL [2015.12.13 14:03:34 | 000,050,816 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PIPARSE.DLL [2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish [2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing [2015.12.13 14:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2015.12.13 14:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2015.12.13 13:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [2015.12.11 21:48:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AutoKMS [2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\GWX [2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\GWX [2015.12.08 21:14:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys [2015.12.08 21:12:23 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2015.12.08 21:12:23 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2015.12.08 21:12:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2015.12.08 21:12:20 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2015.12.08 21:12:19 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2015.12.08 21:12:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2015.12.08 21:12:10 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2015.12.08 21:11:57 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2015.12.08 21:11:56 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2015.12.08 21:11:56 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll [2015.12.08 21:11:54 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2015.12.08 21:11:53 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2015.12.08 21:11:51 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll [2015.12.08 21:11:51 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2015.12.08 21:11:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll [2015.12.08 21:11:51 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2015.12.08 21:11:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2015.12.08 21:11:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2015.12.08 21:11:27 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll [2015.12.08 21:11:26 | 000,868,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll [2015.12.08 21:11:24 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll [2015.12.08 21:11:24 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL [2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL [2015.12.08 21:11:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll [2015.12.08 21:11:20 | 007,455,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.12.08 21:11:20 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2015.12.08 21:11:20 | 001,487,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2015.12.08 21:11:20 | 001,355,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2015.12.08 21:11:19 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll [2015.12.08 21:11:19 | 001,659,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2015.12.08 21:11:19 | 001,519,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2015.12.08 21:11:19 | 001,344,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll [2015.12.08 21:11:19 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll [2015.12.08 21:11:19 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll [2015.12.08 21:11:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll [2015.12.08 21:11:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll [2015.12.08 21:11:16 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll [2015.12.08 21:11:16 | 001,753,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll [2015.12.08 21:11:16 | 001,540,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll [2015.12.08 21:11:16 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll [2015.12.08 21:11:15 | 001,385,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll [2015.12.08 21:11:01 | 002,243,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015.12.08 21:11:01 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015.12.08 21:11:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015.12.08 21:11:01 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015.12.08 21:11:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015.12.08 21:11:01 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015.12.08 21:11:01 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015.12.08 21:11:01 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015.12.08 21:11:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015.12.08 21:11:01 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015.12.08 21:11:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015.12.08 21:11:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015.12.08 21:11:00 | 002,775,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2015.12.08 21:11:00 | 002,462,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2015.12.08 21:10:59 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe [2015.12.08 21:10:59 | 000,468,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS [2015.12.08 21:10:59 | 000,443,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys [2015.12.08 21:10:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininit.exe [2015.12.08 21:10:59 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PCPKsp.dll [2015.12.08 21:10:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PCPKsp.dll [2015.12.08 21:10:59 | 000,027,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys [2015.12.07 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\TeamViewer [2015.11.29 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Avira [2015.11.29 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Mozilla [2015.11.29 19:52:45 | 000,146,696 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2015.11.29 19:52:45 | 000,135,880 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2015.11.29 19:52:45 | 000,073,032 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2015.11.29 19:52:45 | 000,035,488 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2015.11.29 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2015.11.29 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2015.11.29 19:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2015.11.29 19:23:34 | 000,029,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aspnet_counters.dll [2015.11.29 19:23:33 | 000,028,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aspnet_counters.dll [2015.11.25 21:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 [2015.11.23 21:31:59 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015.11.23 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.11.23 21:31:43 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2015.11.23 21:31:43 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2015.11.23 21:31:43 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015.11.23 21:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9} [2015.11.23 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9} [2015.11.16 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E} [2015.11.16 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460} [2015.11.15 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\freac [2015.11.15 17:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter [2015.11.15 17:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freac [2015.11.15 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\SuperEasy Software [2015.11.15 17:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software [2015.11.15 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperEasy Software [2015.11.15 17:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4 [2015.11.15 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperEasy Software [2015.11.15 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Local\CrashDumps [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2021.10.21 14:36:56 | 000,000,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTKHDRC.dat [2021.10.04 08:34:42 | 000,000,712 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTMICEQ0.dat [2015.12.13 20:07:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015.12.13 20:00:54 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015.12.13 19:54:42 | 000,001,974 | ---- | M] () -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015.12.13 19:54:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015.12.13 19:54:12 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015.12.13 19:52:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015.12.13 18:01:09 | 000,001,138 | ---- | M] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog [2015.12.13 14:03:36 | 000,000,535 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2015.12.13 14:03:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2015.12.13 14:01:59 | 000,143,300 | ---- | M] () -- C:\WINDOWS\vssetup.ttf [2015.12.13 14:01:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\vssetup.for [2015.12.13 13:23:05 | 001,785,582 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015.12.13 13:23:05 | 000,769,092 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2015.12.13 13:23:05 | 000,725,380 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015.12.13 13:23:05 | 000,160,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2015.12.13 13:23:05 | 000,136,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015.12.10 21:11:50 | 000,495,520 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015.12.08 21:03:41 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015.12.07 20:49:29 | 000,001,481 | ---- | M] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk [2015.12.07 20:39:24 | 000,001,580 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2015.12.02 21:09:54 | 000,146,696 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2015.12.02 21:09:54 | 000,135,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2015.12.02 21:09:54 | 000,073,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2015.12.02 21:09:54 | 000,035,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2015.12.01 18:19:27 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2015.12.01 18:19:27 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2015.11.24 06:29:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2015.11.23 21:31:48 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.11.22 07:59:22 | 001,735,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2015.11.22 07:59:22 | 001,659,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2015.11.22 07:59:22 | 001,519,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2015.11.22 07:59:22 | 001,487,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2015.11.22 07:59:22 | 001,355,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2015.11.22 07:59:17 | 007,455,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.11.21 19:32:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll [2015.11.21 18:50:31 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll [2015.11.21 17:59:56 | 001,706,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll [2015.11.21 17:49:44 | 001,344,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll [2015.11.21 17:47:09 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll [2015.11.21 17:40:31 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll [2015.11.21 07:45:33 | 000,001,542 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader [2015.11.20 23:47:40 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015.11.20 19:18:57 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015.11.20 17:47:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015.11.20 17:46:51 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015.11.20 17:44:35 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015.11.20 17:44:05 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015.11.20 17:43:05 | 000,897,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015.11.20 17:42:20 | 002,243,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015.11.20 17:30:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015.11.20 17:29:43 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015.11.20 17:28:06 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015.11.20 17:27:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015.11.15 17:41:05 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk [2015.11.15 17:03:39 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.12.13 14:03:36 | 000,000,535 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2015.12.13 14:03:36 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2015.12.13 14:01:59 | 000,143,300 | ---- | C] () -- C:\WINDOWS\vssetup.ttf [2015.12.13 14:01:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\vssetup.for [2015.12.07 20:49:29 | 000,001,481 | ---- | C] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk [2015.12.05 17:55:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015.12.05 17:55:40 | 000,001,144 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015.11.29 19:54:29 | 000,001,138 | ---- | C] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog [2015.11.23 21:31:48 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.11.15 17:41:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk [2015.11.15 17:03:39 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk [2015.11.03 09:36:37 | 000,001,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2015.11.02 15:23:00 | 000,004,096 | -H-- | C] () -- C:\Users\MaG\AppData\Local\keyfile3.drm [2015.09.26 12:17:33 | 000,000,740 | ---- | C] () -- C:\Users\MaG\AppData\Local\recently-used.xbel [2015.09.22 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\hpiDp.vbs [2015.09.19 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\t4t5KB.vbs [2015.08.23 09:46:40 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\boukZ.vbs [2015.08.23 07:48:56 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\7o5cj3r.vbs [2015.08.16 21:11:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015.08.08 19:35:05 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\6U3x63w.vbs [2015.08.08 19:24:22 | 003,531,374 | ---- | C] () -- C:\Users\MaG\AppData\Local\curl.zip [2015.07.19 21:19:43 | 000,000,396 | ---- | C] () -- C:\Users\MaG\AppData\Local\G0rg5H.vbs [2015.07.18 20:48:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2015.07.18 19:07:27 | 001,774,862 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2015.03.19 20:01:54 | 000,187,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2015.03.19 20:01:48 | 017,289,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll [2014.11.21 05:05:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2014.11.21 05:03:37 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014.11.21 04:42:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014.07.21 21:04:58 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat [2014.07.21 21:04:58 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat [2014.07.21 21:04:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat [2014.07.21 21:04:04 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe [2014.07.21 21:04:04 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe [2014.07.21 21:03:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll [2014.02.11 22:40:42 | 000,000,217 | ---- | C] () -- C:\Users\MaG\.swfinfo ========== ZeroAccess Check ========== [2015.11.15 17:07:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.08.27 03:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.08.27 03:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.11.21 05:03:53 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014.11.21 05:05:05 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.11.21 05:03:52 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive:ms-properties @Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive.old:ms-properties < End of report > malwarebyte hat folgendes erbracht Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 13.12.2015 Suchlaufzeit: 20:09 Protokolldatei: Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.13.04 Rootkit-Datenbank: v2015.12.07.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: MaG Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 413893 Abgelaufene Zeit: 24 Min., 52 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 6 PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL, , [18802a7a94f7b086ef59f70c5fa58a76], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DPBHO.DLL, , [2c6c782c3952072f0d3b679cc63e47b9], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla1, , [c2d6dfc5b8d3bb7b9c0c52b0887cfc04], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla2, , [bfd920845d2ed66075339d6546be18e8], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla3, , [1f796e3622694fe7891f14eed034d52b], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DPBHO.DLL, , [99ff4a5ab2d9a6900a3e33d08084db25], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 4 PUP.Optional.DownloadProtect, C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}, , [52462d7743484bebab33c6e54cb837c9], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}, , [bade6b39c7c423136e700ba037cd9e62], PUP.Optional.DownloadProtect, C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}, , [fc9c782c256683b37e6072398a7a1ce4], PUP.Optional.DownloadProtect, C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}, , [fa9e485c17749e98815d614a897b0af6], Dateien: 11 PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla1, , [4a4ea400098295a13d690af819eb6a96], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla2, , [a9ef881cacdffb3bc2e49a6824e0dd23], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla3, , [28700c989af1b482763010f2fd07b848], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}\config.json, , [52462d7743484bebab33c6e54cb837c9], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}\def.bin, , [52462d7743484bebab33c6e54cb837c9], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}\config.json, , [bade6b39c7c423136e700ba037cd9e62], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}\def.bin, , [bade6b39c7c423136e700ba037cd9e62], PUP.Optional.DownloadProtect, C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}\config.json, , [fc9c782c256683b37e6072398a7a1ce4], PUP.Optional.DownloadProtect, C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}\def.bin, , [fc9c782c256683b37e6072398a7a1ce4], PUP.Optional.DownloadProtect, C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}\config.json, , [fa9e485c17749e98815d614a897b0af6], PUP.Optional.DownloadProtect, C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}\def.bin, , [fa9e485c17749e98815d614a897b0af6], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Danke für jeden Tipp |
13.12.2015, 20:55 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Webseiten werden geöffnet Hi bitte kein OTL mehr verwenden! Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2015, 21:04 | #5 |
| Webseiten werden geöffnet Danke cosinus, dass du dich meiner Problematik annimmst. Die Files ergeben: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 durchgeführt von MaG (Administrator) auf KANOCKELHOPPEL (13-12-2015 21:00:08) Gestartet von C:\Users\MaG\Downloads Geladene Profile: MaG & (Verfügbare Profile: MaG & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Flux Software LLC) C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Propellerhead Software AB) C:\Program Files\Propellerhead\Reason 8\Reason.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-10-05] (Malwarebytes) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAVolume] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation) HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation) SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-07-21] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015-12-13] ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-09-17] (pdfforge GmbH) FireFox: ======== FF ProfilePath: C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Extension: Avira Browser Safety - C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-26] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-29] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-22] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden> CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22] CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22] CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-21] (Adobe Systems) [Datei ist nicht signiert] S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-02] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-02] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250648 2015-11-18] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-06] (IObit) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-02] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation) R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-08-04] (SoftEther Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) S3 SEE; C:\Windows\System32\drivers\see.sys [49024 2015-08-20] (SoftEther Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-05-20] (Synaptics Incorporated) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-13 21:00 - 2015-12-13 21:00 - 00035870 _____ C:\Users\MaG\Downloads\FRST.txt 2015-12-13 21:00 - 2015-12-13 21:00 - 00000000 ____D C:\FRST 2015-12-13 20:57 - 2015-12-13 20:59 - 02369536 _____ (Farbar) C:\Users\MaG\Downloads\FRST64.exe 2015-12-13 20:27 - 2015-12-13 20:27 - 00085016 _____ C:\Users\MaG\Downloads\Extras.Txt 2015-12-13 20:26 - 2015-12-13 20:26 - 00154888 _____ C:\Users\MaG\Downloads\OTL.Txt 2015-12-13 20:13 - 2015-12-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\MaG\Downloads\OTL.exe 2015-12-13 14:03 - 2015-12-13 14:03 - 00001273 _____ C:\WINDOWS\VB.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000535 _____ C:\WINDOWS\ODBCINST.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000288 _____ C:\WINDOWS\ODBC.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\WINDOWS\msapps 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Web Publish 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 _____ C:\WINDOWS\wplog.txt 2015-12-13 14:03 - 1998-05-15 15:57 - 00093456 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FPWPP.DLL 2015-12-13 14:03 - 1998-05-14 17:30 - 00099008 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSTWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00145360 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WEBPOST.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00121984 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\CRSWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00112064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPWIZDLL.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00098960 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FTPWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00050816 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\PIPARSE.DLL 2015-12-13 14:02 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2015-12-13 14:01 - 2015-12-13 14:01 - 00143300 _____ C:\WINDOWS\vssetup.ttf 2015-12-13 14:01 - 2015-12-13 14:01 - 00001409 _____ C:\WINDOWS\vssetup.for 2015-12-13 13:20 - 2015-12-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-11 21:48 - 2015-12-13 19:57 - 00003510 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-11 21:48 - 2015-12-13 19:55 - 00000000 ____D C:\WINDOWS\AutoKMS 2015-12-11 21:47 - 2015-12-11 21:47 - 00000000 ____D C:\Users\MaG\Downloads\Microsoft Toolkit 2015-12-11 21:43 - 2015-12-11 21:43 - 27362856 _____ C:\Users\MaG\Downloads\Microsoft Toolkit.zip 2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-12-08 21:59 - 2015-12-08 21:59 - 00000386 _____ C:\Users\MaG\Downloads\delete-office2007-activation-64bit.reg 2015-12-08 21:14 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 21:12 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 21:12 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 21:12 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 21:12 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 21:12 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 21:12 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-08 21:12 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-08 21:12 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-12-08 21:12 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-08 21:12 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-08 21:12 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-12-08 21:12 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 21:12 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 21:12 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-08 21:12 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-08 21:12 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-12-08 21:12 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-08 21:12 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 21:12 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-08 21:12 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-08 21:12 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-12-08 21:11 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-08 21:11 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 21:11 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-12-08 21:11 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-12-08 21:11 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-12-08 21:11 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-12-08 21:11 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 21:11 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-12-08 21:11 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-12-08 21:11 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 21:11 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 21:11 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 21:11 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 21:11 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-08 21:11 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-08 21:11 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-08 21:11 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-12-08 21:11 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-12-08 21:11 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-12-08 21:11 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-12-08 21:11 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-12-08 21:11 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-12-08 21:11 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-12-08 21:11 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-12-08 21:11 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-12-08 21:11 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-12-08 21:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-12-08 21:11 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-12-08 21:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-12-08 21:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-12-08 21:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-08 21:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-12-08 21:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-08 21:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-08 21:11 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-08 21:11 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-12-08 21:11 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 21:11 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-08 21:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-08 21:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-12-08 21:11 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-12-08 21:11 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-12-08 21:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-12-08 21:11 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-08 21:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-08 21:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-08 21:11 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-12-08 21:11 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 21:11 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-12-08 21:11 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-12-08 21:11 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 21:11 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 21:11 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 21:11 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-08 21:11 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-08 21:11 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-12-08 21:11 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-08 21:11 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls 2015-12-08 21:11 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-12-08 21:11 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-12-08 21:11 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-12-08 21:10 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-08 21:10 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2015-12-08 21:10 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2015-12-08 21:10 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys 2015-12-08 21:10 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2015-12-08 21:10 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2015-12-08 21:10 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2015-12-08 21:10 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-12-07 21:03 - 2015-12-07 21:03 - 00443744 _____ C:\Users\MaG\Downloads\keyfinder_2.0.10.10.zip 2015-12-07 20:49 - 2015-12-07 20:49 - 00001481 _____ C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk 2015-12-07 20:46 - 2015-12-07 20:46 - 00000000 ____D C:\Users\MaG\Downloads\TeamViewerPortable 2015-12-07 20:45 - 2015-12-07 21:23 - 00000000 ____D C:\Users\MaG\AppData\Roaming\TeamViewer 2015-12-07 20:45 - 2015-12-07 20:46 - 27578035 _____ C:\Users\MaG\Downloads\TeamViewerPortable.zip 2015-12-07 20:44 - 2015-12-07 20:44 - 06944152 _____ (TeamViewer) C:\Users\MaG\Downloads\TeamViewerQS_de-jfa.exe 2015-12-05 17:55 - 2015-12-13 21:00 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-05 17:55 - 2015-12-13 19:54 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-05 17:55 - 2015-12-05 17:55 - 00004120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 17:55 - 2015-12-05 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-29 19:54 - 2015-12-13 18:01 - 00001138 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog 2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Mozilla 2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Avira 2015-11-29 19:52 - 2015-12-02 21:09 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-11-29 19:52 - 2015-12-02 21:09 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-11-29 19:52 - 2015-12-02 21:09 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-11-29 19:52 - 2015-12-02 21:09 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-11-29 19:50 - 2015-12-13 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-11-29 19:49 - 2015-11-29 19:54 - 00000000 ____D C:\ProgramData\Avira 2015-11-29 19:49 - 2015-11-29 19:54 - 00000000 ____D C:\Program Files (x86)\Avira 2015-11-29 19:49 - 2015-11-29 19:49 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MaG\Downloads\avira_de_av_565b4865d4552__ws.exe 2015-11-29 19:23 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-11-29 19:23 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-11-25 21:10 - 2015-11-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2015-11-25 21:03 - 2015-11-25 21:03 - 09552328 _____ (IObit ) C:\Users\MaG\Downloads\sm8-setup (1).exe 2015-11-23 21:31 - 2015-12-13 20:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-23 21:31 - 2015-11-23 21:31 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-23 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-23 21:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-11-23 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-11-23 21:30 - 2015-11-23 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\MaG\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-23 21:25 - 2015-11-23 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaG\Downloads\HijackThis_2.0.5 (1).exe 2015-11-22 20:14 - 2015-11-22 20:14 - 00049502 _____ C:\Users\MaG\Downloads\fsekrit.zip 2015-11-22 20:14 - 2015-11-22 20:14 - 00000000 ____D C:\Users\MaG\Downloads\fsekrit 2015-11-21 08:24 - 2015-11-21 08:24 - 00000571 _____ C:\Users\MaG\Downloads\bbr (1).vcf 2015-11-21 08:17 - 2015-11-21 08:17 - 00000558 _____ C:\Users\MaG\Downloads\MalermeisterKlocksin.vcf 2015-11-21 08:16 - 2015-11-21 08:16 - 00000571 _____ C:\Users\MaG\Downloads\bbr.vcf 2015-11-21 08:15 - 2015-11-21 08:15 - 00000571 _____ C:\Users\MaG\Downloads\vcf 2015-11-15 17:41 - 2015-11-15 17:44 - 00000000 ____D C:\Users\MaG\AppData\Roaming\freac 2015-11-15 17:41 - 2015-11-15 17:41 - 00000983 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk 2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter 2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\Program Files (x86)\freac 2015-11-15 17:40 - 2015-11-15 17:40 - 07534391 _____ C:\Users\MaG\Downloads\freac-1.0.26.exe 2015-11-15 17:03 - 2015-11-15 17:03 - 23385120 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\MaG\Downloads\supereasy_audio_converter_2_2.1.3063_8217.exe 2015-11-15 17:03 - 2015-11-15 17:03 - 00001375 _____ C:\Users\Public\Desktop\Audio Converter 2.lnk 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\SuperEasy Software 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\SuperEasy Software 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Program Files (x86)\SuperEasy Software 2015-11-15 17:03 - 2013-04-02 10:20 - 00506312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2015-11-15 17:03 - 2013-04-02 10:20 - 00354760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2015-11-15 17:00 - 2015-12-10 21:39 - 00000000 ____D C:\Users\MaG\AppData\Local\CrashDumps 2015-11-15 16:59 - 2015-11-15 17:00 - 01391294 _____ C:\Users\MaG\Downloads\setup_1.9.4.exe 2015-11-14 20:59 - 2015-11-14 20:59 - 00001069 _____ C:\Users\Administrator\Desktop\Notepad++.lnk ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-10-21 14:36 - 2013-10-24 23:44 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat 2021-10-04 08:34 - 2013-10-24 23:44 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat 2015-12-13 21:00 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-13 20:46 - 2014-01-05 09:52 - 00000000 ____D C:\Users\MaG\Documents\Outlook-Dateien 2015-12-13 20:04 - 2015-10-03 19:28 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3000335157-3192853593-1025591007-1001 2015-12-13 19:57 - 2015-10-24 21:06 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1CCAF13-B0DA-4533-8F98-76EA3C1430D0} 2015-12-13 19:55 - 2015-07-18 17:15 - 00000000 ____D C:\Users\MaG\AppData\Local\Dropbox 2015-12-13 19:55 - 2015-03-14 20:03 - 00000000 ___RD C:\Users\MaG\Google Drive 2015-12-13 19:55 - 2013-12-18 21:24 - 00000000 ___RD C:\Users\MaG\Dropbox 2015-12-13 19:54 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\MaG\OneDrive 2015-12-13 19:53 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-13 18:05 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-13 18:00 - 2015-07-18 19:05 - 00000000 ____D C:\ProgramData\ProductData 2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help 2015-12-13 14:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2015-12-13 13:49 - 2015-07-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-13 13:23 - 2014-11-21 04:35 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-13 13:23 - 2014-11-21 03:45 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-13 13:23 - 2014-11-21 03:45 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-13 13:20 - 2015-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-11 21:20 - 2015-08-16 19:38 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-10 21:11 - 2015-10-25 06:23 - 00495520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-09 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 20:59 - 2015-07-30 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-09 20:54 - 2015-07-30 20:53 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-08 21:03 - 2015-07-18 17:15 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-08 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-07 20:39 - 2015-11-03 09:36 - 00001580 _____ C:\WINDOWS\Sandboxie.ini 2015-12-02 21:09 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 18:19 - 2014-11-21 12:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2014-11-21 12:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-30 21:08 - 2015-08-19 21:00 - 00000000 ____D C:\Users\MaG\AppData\Roaming\vlc 2015-11-29 21:11 - 2015-09-26 12:32 - 00000000 ____D C:\Users\MaG\AppData\Local\PDFCreator 2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\ProgramData\WildTangent 2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-11-29 20:21 - 2013-10-25 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-29 20:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-29 19:45 - 2014-02-15 20:57 - 00000000 ____D C:\AdwCleaner 2015-11-25 21:10 - 2015-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-24 06:34 - 2015-08-09 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-11-24 06:29 - 2015-08-16 21:11 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files\{C8CB9DA7-B575-4B96-82FC-A2CA5C901B07} 2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files (x86)\{EE16DB03-3219-471E-9F46-B6D5D7D2545A} 2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files\{5665CFBB-D258-48CB-AB68-3F94D8D32D50} 2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files (x86)\{8BA17998-868A-4AE1-AC30-9AEC1FF5C583} 2015-11-21 07:45 - 2015-10-22 22:30 - 00001542 _____ C:\WINDOWS\system32\.crusader 2015-11-15 19:51 - 2015-08-16 19:45 - 00000000 ____D C:\Users\MaG 2015-11-14 20:59 - 2015-07-21 07:34 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Notepad++ ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-29 10:36 - 2015-08-29 10:37 - 0035078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2015-09-19 19:49 - 2015-09-22 19:49 - 0000106 _____ () C:\Users\MaG\AppData\Roaming\sn.txt 2015-08-08 19:35 - 2015-08-08 19:35 - 0000516 _____ () C:\Users\MaG\AppData\Local\6U3x63w.vbs 2015-08-23 07:48 - 2015-08-23 07:49 - 0000516 _____ () C:\Users\MaG\AppData\Local\7o5cj3r.vbs 2015-08-23 09:46 - 2015-08-23 09:46 - 0000362 _____ () C:\Users\MaG\AppData\Local\boukZ.vbs 2015-08-08 19:24 - 2015-08-08 19:24 - 3531374 _____ () C:\Users\MaG\AppData\Local\curl.zip 2015-07-19 21:19 - 2015-07-19 21:19 - 0000396 _____ () C:\Users\MaG\AppData\Local\G0rg5H.vbs 2015-09-22 19:49 - 2015-09-22 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\hpiDp.vbs 2015-11-02 15:23 - 2015-11-02 15:23 - 0004096 ____H () C:\Users\MaG\AppData\Local\keyfile3.drm 2015-09-26 12:17 - 2015-09-26 12:17 - 0000740 _____ () C:\Users\MaG\AppData\Local\recently-used.xbel 2015-09-19 19:49 - 2015-09-19 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\t4t5KB.vbs 2015-07-18 20:48 - 2015-07-18 20:48 - 0000057 _____ () C:\ProgramData\Ament.ini Einige Dateien in TEMP: ==================== C:\Users\MaG\AppData\Local\Temp\avgnt.exe C:\Users\MaG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0kk4y.dll C:\Users\MaG\AppData\Local\Temp\vs60wiz.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-13 20:04 ==================== Ende von FRST.txt ============================ |
13.12.2015, 21:05 | #6 |
| Webseiten werden geöffnetCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01 durchgeführt von MaG (2015-12-13 21:01:04) Gestartet von C:\Users\MaG\Downloads Windows 8.1 (X64) (2015-08-16 19:54:48) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3000335157-3192853593-1025591007-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-3000335157-3192853593-1025591007-501 - Limited - Disabled) MaG (S-1-5-21-3000335157-3192853593-1025591007-1001 - Administrator - Enabled) => C:\Users\MaG ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.3.1785 - Open Media LLC) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}) (Version: 1.1.51.19070 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.51.19070 - Avira Operations GmbH & Co. KG) Hidden Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH) Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Click2Music (HKLM-x32\...\Click2Music) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.) f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Flux) (Version: - ) f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - ) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer) Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.) Paperless Printer version 6.0.0.1 (HKLM-x32\...\Paperless Printer_is1) (Version: 6.0.0.1 - Pragnaan Software Private Limited) PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH) PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd) Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.4.0.1 - IObit) Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SuperEasy Audio Converter 2 v.2.1.3063 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.3063 - SuperEasy Software GmbH & Co. KG) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version: - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 25-11-2015 21:17:38 Uniblue PC Mechanic installation 29-11-2015 19:20:51 Windows Update 29-11-2015 19:54:48 Avira System Speedup 2.0.4 01-12-2015 21:26:11 Windows Modules Installer 09-12-2015 20:48:29 Windows Update 13-12-2015 18:02:08 Removed ProjectLibre ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-10-25 06:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Da befinden sich 15464 zusätzliche Einträge. ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {056F8D16-DB30-43D6-B844-A69F83C0F1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {12A9DDFE-D969-4D3A-8E95-C8E9F5015F2D} - \keepup -> Keine Datei <==== ACHTUNG Task: {140A4242-6565-4DED-A620-FCD33E1ACB7B} - \DriverMgr -> Keine Datei <==== ACHTUNG Task: {2F92AB55-ED59-44C8-9CB9-32A071ACA7ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {3188352C-4465-4817-9661-56246372F4DF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-12-11] () Task: {3D2DC3F9-CD09-4DFD-B0D3-6770489C3348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.) Task: {52DD1A58-FA65-4F78-A296-7AE686322590} - \WinKit -> Keine Datei <==== ACHTUNG Task: {555DB673-B627-4011-9EAC-9C66B3D9A07B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {5F9A392D-0F93-4D49-B04F-4DF5E1E59674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {656557D2-E953-4133-A4DA-B6DA2A45183A} - \SpyHunter4Startup -> Keine Datei <==== ACHTUNG Task: {8413920D-CE6F-46F6-9574-9188FAF2496B} - \Urla1 -> Keine Datei <==== ACHTUNG Task: {B134DC93-6F45-42D3-A489-2C24C7DDF40B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation) Task: {B3BCCB8F-F563-4DA2-B325-27F95EA8B431} - \Urla2 -> Keine Datei <==== ACHTUNG Task: {D3ADBE5B-7D24-478B-9F7A-0746B1F3DBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.) Task: {F32D7DA5-8C47-4F4D-AEE0-A7398C655912} - \Urla3 -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-07-24 19:53 - 2012-03-28 20:28 - 00019456 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\QWritex64.dll 2013-10-25 00:04 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-07-18 18:46 - 2015-10-30 14:14 - 00658944 _____ () C:\Program Files\Propellerhead\Reason 8\DeviceCache\P8541119\P8541119.dll 2015-07-19 14:13 - 2015-02-03 14:32 - 08200704 _____ () C:\Users\MaG\AppData\Roaming\Propellerhead Software\RackExtensions\se.audiorealism.Dominator.1.1.0\Dominator64.dll 2015-07-18 18:46 - 2015-10-30 14:14 - 00661504 _____ () C:\Program Files\Propellerhead\Reason 8\DeviceCache\P8374819\P8374819.dll 2015-07-19 14:14 - 2013-11-06 12:43 - 03514880 _____ () C:\Users\MaG\AppData\Roaming\Propellerhead Software\RackExtensions\com.robpapen.SubBoomBassRE.1.0.4\SubBoomBassRE64.dll 2015-07-18 19:05 - 2015-11-06 12:05 - 00618784 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-10-24 22:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-10-24 22:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-10-24 22:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-10-24 22:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-10-24 22:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00348960 _____ () C:\program files (x86)\iobit\Classic Start\madExcept_.bpl 2015-11-25 21:10 - 2015-11-06 12:04 - 00183584 _____ () C:\program files (x86)\iobit\Classic Start\madBasic_.bpl 2015-11-25 21:10 - 2015-11-06 12:04 - 00050976 _____ () C:\program files (x86)\iobit\Classic Start\madDisAsm_.bpl 2015-11-25 21:10 - 2015-11-06 12:05 - 00268920 _____ () C:\program files (x86)\iobit\Classic Start\sqlite3.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00053024 _____ () C:\program files (x86)\iobit\Classic Start\parseAuto.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00618784 _____ () C:\program files (x86)\iobit\Classic Start\ProductStatistics.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00041248 _____ () C:\program files (x86)\iobit\Classic Start\winkey.dll 2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll 2015-12-13 13:19 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-13 13:19 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-13 13:19 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-13 13:19 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-10-17 09:00 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-10-17 09:00 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-10-17 09:00 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-10-17 09:00 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-12-13 19:54 - 2015-12-13 19:54 - 00098816 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32api.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00110080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pywintypes27.dll 2015-12-13 19:54 - 2015-12-13 19:54 - 00364544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pythoncom27.dll 2015-12-13 19:54 - 2015-12-13 19:54 - 00046080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_socket.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 01208320 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ssl.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00320512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00776704 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_hashlib.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 01176576 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._core_.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00806400 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00816128 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._windows_.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 01067008 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._controls_.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00733184 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._misc_.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00682496 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00088064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ctypes.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00119808 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32file.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00108544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32security.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00007168 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\hashobjs_ext.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00017920 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\thumbnails_ext.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00079360 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\usb_ext.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00167936 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32gui.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00018432 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32event.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00128512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_elementtree.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00127488 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pyexpat.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00013824 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\common.time34.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00036864 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_psutil_windows.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00038912 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32inet.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00525640 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00011264 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32crypt.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00077312 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._html2.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00027136 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00020480 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_yappi.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00035840 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32process.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00686080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\unicodedata.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00123392 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._wizard.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00024064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pipe.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00010240 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\select.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00025600 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pdh.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00017408 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32profile.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00022528 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32ts.pyd 2015-12-13 19:54 - 2015-12-13 19:54 - 00078848 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._animate.pyd 2013-10-24 23:35 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-07-19 21:26 - 2015-11-23 21:05 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll 2013-10-25 00:04 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-08-29 11:23 - 2015-08-29 11:23 - 00065536 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\93d162e2\00d49700_20bfcb01\Outlook07DymoAddIn.DLL 2015-08-29 11:23 - 2015-08-29 11:23 - 00094208 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\cab056c2\004bcda4_1fbfcb01\DYMO.Common.DLL 2015-08-29 11:23 - 2015-08-29 11:23 - 00007168 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\236d28c5\00d49700_20bfcb01\Outlook07DymoAddIn.resources.DLL 2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D" HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D27C2C67-608D-4E0E-9378-992FA77258D0}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{8039EE20-5698-4C20-9C5C-F5F1F62DE282}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{B34D8AE4-D8C7-4056-8112-932D213FD866}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe FirewallRules: [{A51982E3-8677-4D7A-8315-4590C92BCC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{C7C5B632-E33E-4356-8511-09866EEE7955}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{407EB8EA-8ACC-471D-9572-D4DB5537D539}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{D309308A-4A28-4E1D-97C8-18234DAB58AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{F6D4B300-3739-4C79-A6B0-22404E964637}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{12C44774-64DF-4B86-ADE9-0D0B8E628997}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{BB8DF291-466C-48C9-8D7E-C03F42159DE8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe FirewallRules: [UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe FirewallRules: [{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe FirewallRules: [UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe FirewallRules: [TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/13/2015 07:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/13/2015 02:13:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/13/2015 02:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13e8 Startzeit: 01d135a6739aa026 Endzeit: 0 Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (12/13/2015 01:19:21 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/11/2015 09:49:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (12/11/2015 09:20:48 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/10/2015 09:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/10/2015 09:16:31 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/09/2015 09:28:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/09/2015 08:47:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Ausnahmecode: 0x80000003 Fehleroffset: 0x00007f81 ID des fehlerhaften Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0 Pfad der fehlerhaften Anwendung: delegate_execute.exe1 Pfad des fehlerhaften Moduls: delegate_execute.exe2 Berichtskennung: delegate_execute.exe3 Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5 Systemfehler: ============= Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 01:15:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/13/2015 01:15:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. CodeIntegrity: =================================== Date: 2015-11-29 19:20:29.410 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 21:09:49.665 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-23 21:21:20.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-22 19:10:56.911 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-21 08:39:12.900 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-11 21:05:08.622 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-09 21:36:25.750 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-07 21:26:46.886 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-04 07:20:00.911 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-01 16:10:00.396 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Prozentuale Nutzung des RAM: 60% Installierter physikalischer RAM: 8072.27 MB Verfügbarer physikalischer RAM: 3194.2 MB Summe virtueller Speicher: 9352.27 MB Verfügbarer virtueller Speicher: 4473.32 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:521.96 GB) NTFS Drive z: (Boxcryptor Classic) (Fixed) (Total:681.75 GB) (Free:521.96 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 2A9D57C6) Partition: GPT. ==================== Ende von Addition.txt ============================ |
13.12.2015, 21:20 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Webseiten werden geöffnet Avira bitte deinstallieren. Ab Windows 8 ist MSE fest eingebaut und nennt sich Windows Defender. Zitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2015, 21:35 | #8 |
| Webseiten werden geöffnet Merci - mach ich - avira ist deinstalliert. Office hatte ich mal installiert - muss noch ein Rest Zustand sein. Das lösche ich auch... So - Neustart ist erfolgt. Avira und der Rest ist beseitigt. Da aber das Problem erst seit kurzen ist, wird es damit definitiv nicht zusammenhängen. Kann man noch was anderes herausfinden? |
13.12.2015, 21:43 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Webseiten werden geöffnet Ja, schon klar, das hören wir immer - "nein, niemals macht ja die gecrackte Software ein Problem" Selbst wenn das stimmt, wir dulden keine Cracks und Keygens und stellen den Support ein und es geht erst weiter wenn der ganze Dreck weg ist. Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2015, 21:55 | #10 |
| Webseiten werden geöffnet hier ist addition.txt FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01 durchgeführt von MaG (2015-12-13 21:47:37) Gestartet von C:\Users\MaG\Downloads Windows 8.1 (X64) (2015-08-16 19:54:48) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3000335157-3192853593-1025591007-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-3000335157-3192853593-1025591007-501 - Limited - Disabled) MaG (S-1-5-21-3000335157-3192853593-1025591007-1001 - Administrator - Enabled) => C:\Users\MaG ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.3.1785 - Open Media LLC) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB) Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH) Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Click2Music (HKLM-x32\...\Click2Music) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.) f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Flux) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - ) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname) Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.) Paperless Printer version 6.0.0.1 (HKLM-x32\...\Paperless Printer_is1) (Version: 6.0.0.1 - Pragnaan Software Private Limited) PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH) PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd) Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.4.0.1 - IObit) Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SuperEasy Audio Converter 2 v.2.1.3063 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.3063 - SuperEasy Software GmbH & Co. KG) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version: - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 25-11-2015 21:17:38 Uniblue PC Mechanic installation 29-11-2015 19:20:51 Windows Update 29-11-2015 19:54:48 Avira System Speedup 2.0.4 01-12-2015 21:26:11 Windows Modules Installer 09-12-2015 20:48:29 Windows Update 13-12-2015 18:02:08 Removed ProjectLibre ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-10-25 06:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Da befinden sich 15464 zusätzliche Einträge. ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {056F8D16-DB30-43D6-B844-A69F83C0F1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {12A9DDFE-D969-4D3A-8E95-C8E9F5015F2D} - \keepup -> Keine Datei <==== ACHTUNG Task: {140A4242-6565-4DED-A620-FCD33E1ACB7B} - \DriverMgr -> Keine Datei <==== ACHTUNG Task: {2F92AB55-ED59-44C8-9CB9-32A071ACA7ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {3D2DC3F9-CD09-4DFD-B0D3-6770489C3348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.) Task: {555DB673-B627-4011-9EAC-9C66B3D9A07B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {5F9A392D-0F93-4D49-B04F-4DF5E1E59674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {656557D2-E953-4133-A4DA-B6DA2A45183A} - \SpyHunter4Startup -> Keine Datei <==== ACHTUNG Task: {8413920D-CE6F-46F6-9574-9188FAF2496B} - \Urla1 -> Keine Datei <==== ACHTUNG Task: {B134DC93-6F45-42D3-A489-2C24C7DDF40B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation) Task: {B3BCCB8F-F563-4DA2-B325-27F95EA8B431} - \Urla2 -> Keine Datei <==== ACHTUNG Task: {D3ADBE5B-7D24-478B-9F7A-0746B1F3DBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.) Task: {F32D7DA5-8C47-4F4D-AEE0-A7398C655912} - \Urla3 -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-07-24 19:53 - 2012-03-28 20:28 - 00019456 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\QWritex64.dll 2013-10-25 00:04 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-08-19 20:07 - 2015-08-19 20:08 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll 2015-07-18 19:05 - 2015-11-06 12:05 - 00618784 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-10-24 22:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-10-24 22:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-10-24 22:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-10-24 22:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-10-24 22:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00348960 _____ () C:\program files (x86)\iobit\Classic Start\madExcept_.bpl 2015-11-25 21:10 - 2015-11-06 12:04 - 00183584 _____ () C:\program files (x86)\iobit\Classic Start\madBasic_.bpl 2015-11-25 21:10 - 2015-11-06 12:04 - 00050976 _____ () C:\program files (x86)\iobit\Classic Start\madDisAsm_.bpl 2015-11-25 21:10 - 2015-11-06 12:05 - 00268920 _____ () C:\program files (x86)\iobit\Classic Start\sqlite3.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00053024 _____ () C:\program files (x86)\iobit\Classic Start\parseAuto.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00618784 _____ () C:\program files (x86)\iobit\Classic Start\ProductStatistics.dll 2015-11-25 21:10 - 2015-11-06 12:05 - 00041248 _____ () C:\program files (x86)\iobit\Classic Start\winkey.dll 2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll 2015-12-13 13:19 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-13 13:19 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-13 13:19 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-13 13:19 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-13 13:19 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-13 13:19 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-13 13:19 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-10-17 09:00 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-10-17 09:00 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-10-17 09:00 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-10-17 09:00 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-12-13 21:29 - 2015-12-13 21:29 - 00098816 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32api.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00110080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pywintypes27.dll 2015-12-13 21:29 - 2015-12-13 21:29 - 00364544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pythoncom27.dll 2015-12-13 21:29 - 2015-12-13 21:29 - 00046080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_socket.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 01208320 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_ssl.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00320512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32com.shell.shell.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00776704 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_hashlib.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 01176576 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._core_.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00806400 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._gdi_.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00816128 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._windows_.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 01067008 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._controls_.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00733184 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._misc_.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00682496 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pysqlite2._sqlite.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00088064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_ctypes.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00119808 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32file.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00108544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32security.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00007168 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\hashobjs_ext.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00017920 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\thumbnails_ext.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00079360 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\usb_ext.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00167936 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32gui.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00018432 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32event.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00128512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_elementtree.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00127488 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pyexpat.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00013824 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\common.time34.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00036864 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_psutil_windows.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00038912 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32inet.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00525640 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\windows._lib_cacheinvalidation.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00011264 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32crypt.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00077312 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._html2.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00027136 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_multiprocessing.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00020480 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_yappi.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00035840 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32process.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00686080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\unicodedata.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00123392 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._wizard.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00024064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32pipe.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00010240 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\select.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00025600 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32pdh.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00017408 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32profile.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00022528 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32ts.pyd 2015-12-13 21:29 - 2015-12-13 21:29 - 00078848 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._animate.pyd 2015-07-19 21:26 - 2015-11-23 21:05 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll 2013-10-25 00:04 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll 2013-10-24 23:35 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-08-29 11:23 - 2015-08-29 11:23 - 00065536 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\93d162e2\00d49700_20bfcb01\Outlook07DymoAddIn.DLL 2015-08-29 11:23 - 2015-08-29 11:23 - 00094208 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\cab056c2\004bcda4_1fbfcb01\DYMO.Common.DLL 2015-08-29 11:23 - 2015-08-29 11:23 - 00007168 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\236d28c5\00d49700_20bfcb01\Outlook07DymoAddIn.resources.DLL ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D27C2C67-608D-4E0E-9378-992FA77258D0}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{8039EE20-5698-4C20-9C5C-F5F1F62DE282}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{B34D8AE4-D8C7-4056-8112-932D213FD866}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe FirewallRules: [{A51982E3-8677-4D7A-8315-4590C92BCC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{C7C5B632-E33E-4356-8511-09866EEE7955}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{407EB8EA-8ACC-471D-9572-D4DB5537D539}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{D309308A-4A28-4E1D-97C8-18234DAB58AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{F6D4B300-3739-4C79-A6B0-22404E964637}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{12C44774-64DF-4B86-ADE9-0D0B8E628997}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{BB8DF291-466C-48C9-8D7E-C03F42159DE8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe FirewallRules: [UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe FirewallRules: [{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe FirewallRules: [UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe FirewallRules: [TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/13/2015 07:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/13/2015 02:13:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/13/2015 02:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13e8 Startzeit: 01d135a6739aa026 Endzeit: 0 Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (12/13/2015 01:19:21 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/11/2015 09:49:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (12/11/2015 09:20:48 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/10/2015 09:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/10/2015 09:16:31 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/09/2015 09:28:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/09/2015 08:47:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Ausnahmecode: 0x80000003 Fehleroffset: 0x00007f81 ID des fehlerhaften Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0 Pfad der fehlerhaften Anwendung: delegate_execute.exe1 Pfad des fehlerhaften Moduls: delegate_execute.exe2 Berichtskennung: delegate_execute.exe3 Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5 Systemfehler: ============= Error: (12/13/2015 09:41:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error: (12/13/2015 09:40:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error: (12/13/2015 09:39:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error: (12/13/2015 09:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar CodeIntegrity: =================================== Date: 2015-12-13 21:41:10.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-13 21:40:41.253 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-13 21:39:59.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-13 21:39:46.482 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-29 19:20:29.410 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 21:09:49.665 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-23 21:21:20.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-22 19:10:56.911 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-21 08:39:12.900 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-11 21:05:08.622 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Prozentuale Nutzung des RAM: 26% Installierter physikalischer RAM: 8072.27 MB Verfügbarer physikalischer RAM: 5933.22 MB Summe virtueller Speicher: 9352.27 MB Verfügbarer virtueller Speicher: 7003.68 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:523.34 GB) NTFS Drive z: (Boxcryptor Classic) (Fixed) (Total:681.75 GB) (Free:523.34 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 2A9D57C6) Partition: GPT. ==================== Ende von Addition.txt ============================ und hier die andere FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 durchgeführt von MaG (Administrator) auf KANOCKELHOPPEL (13-12-2015 21:46:57) Gestartet von C:\Users\MaG\Downloads Geladene Profile: MaG (Verfügbare Profile: MaG & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Flux Software LLC) C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCAVolume] 0 SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-07-21] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015-12-13] ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-09-17] (pdfforge GmbH) FireFox: ======== FF ProfilePath: C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Extension: Avira Browser Safety - C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-26] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-29] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-22] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden> CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22] CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-21] (Adobe Systems) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-06] (IObit) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation) R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-08-04] (SoftEther Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) S3 SEE; C:\Windows\System32\drivers\see.sys [49024 2015-08-20] (SoftEther Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-05-20] (Synaptics Incorporated) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-13 21:43 - 2015-12-13 21:43 - 00713112 _____ C:\Users\MaG\Downloads\NoDefender.zip 2015-12-13 21:01 - 2015-12-13 21:04 - 00064885 _____ C:\Users\MaG\Downloads\Addition.txt 2015-12-13 21:00 - 2015-12-13 21:46 - 00028443 _____ C:\Users\MaG\Downloads\FRST.txt 2015-12-13 21:00 - 2015-12-13 21:46 - 00000000 ____D C:\FRST 2015-12-13 20:57 - 2015-12-13 20:59 - 02369536 _____ (Farbar) C:\Users\MaG\Downloads\FRST64.exe 2015-12-13 20:27 - 2015-12-13 20:27 - 00085016 _____ C:\Users\MaG\Downloads\Extras.Txt 2015-12-13 20:26 - 2015-12-13 20:26 - 00154888 _____ C:\Users\MaG\Downloads\OTL.Txt 2015-12-13 20:13 - 2015-12-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\MaG\Downloads\OTL.exe 2015-12-13 14:03 - 2015-12-13 14:03 - 00001273 _____ C:\WINDOWS\VB.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000535 _____ C:\WINDOWS\ODBCINST.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000288 _____ C:\WINDOWS\ODBC.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\WINDOWS\msapps 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Web Publish 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 _____ C:\WINDOWS\wplog.txt 2015-12-13 14:03 - 1998-05-15 15:57 - 00093456 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FPWPP.DLL 2015-12-13 14:03 - 1998-05-14 17:30 - 00099008 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSTWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00145360 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WEBPOST.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00121984 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\CRSWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00112064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPWIZDLL.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00098960 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FTPWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00050816 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\PIPARSE.DLL 2015-12-13 14:02 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2015-12-13 14:01 - 2015-12-13 14:01 - 00143300 _____ C:\WINDOWS\vssetup.ttf 2015-12-13 14:01 - 2015-12-13 14:01 - 00001409 _____ C:\WINDOWS\vssetup.for 2015-12-13 13:20 - 2015-12-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-11 21:48 - 2015-12-13 21:32 - 00003510 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-11 21:47 - 2015-12-11 21:47 - 00000000 ____D C:\Users\MaG\Downloads\Microsoft Toolkit 2015-12-11 21:43 - 2015-12-11 21:43 - 27362856 _____ C:\Users\MaG\Downloads\Microsoft Toolkit.zip 2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-12-08 21:59 - 2015-12-08 21:59 - 00000386 _____ C:\Users\MaG\Downloads\delete-office2007-activation-64bit.reg 2015-12-08 21:14 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 21:12 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 21:12 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 21:12 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 21:12 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 21:12 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 21:12 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-08 21:12 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-08 21:12 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-12-08 21:12 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-08 21:12 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-08 21:12 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-12-08 21:12 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 21:12 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 21:12 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-08 21:12 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-08 21:12 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-12-08 21:12 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-08 21:12 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 21:12 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-08 21:12 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-08 21:12 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-12-08 21:11 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-08 21:11 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 21:11 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-12-08 21:11 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-12-08 21:11 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-12-08 21:11 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-12-08 21:11 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 21:11 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-12-08 21:11 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-12-08 21:11 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 21:11 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 21:11 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 21:11 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 21:11 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-08 21:11 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-08 21:11 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-08 21:11 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-12-08 21:11 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-12-08 21:11 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-12-08 21:11 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-12-08 21:11 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-12-08 21:11 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-12-08 21:11 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-12-08 21:11 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-12-08 21:11 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-12-08 21:11 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-12-08 21:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-12-08 21:11 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-12-08 21:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-12-08 21:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-12-08 21:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-08 21:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-12-08 21:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-08 21:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-08 21:11 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-08 21:11 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-12-08 21:11 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 21:11 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-08 21:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-08 21:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-12-08 21:11 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-12-08 21:11 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-12-08 21:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-12-08 21:11 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-08 21:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-08 21:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-08 21:11 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-12-08 21:11 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 21:11 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-12-08 21:11 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-12-08 21:11 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 21:11 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 21:11 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 21:11 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-08 21:11 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-08 21:11 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-12-08 21:11 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-08 21:11 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls 2015-12-08 21:11 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-12-08 21:11 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-12-08 21:11 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-12-08 21:10 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-08 21:10 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2015-12-08 21:10 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2015-12-08 21:10 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys 2015-12-08 21:10 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2015-12-08 21:10 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2015-12-08 21:10 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2015-12-08 21:10 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-12-07 21:03 - 2015-12-07 21:03 - 00443744 _____ C:\Users\MaG\Downloads\keyfinder_2.0.10.10.zip 2015-12-07 20:49 - 2015-12-07 20:49 - 00001481 _____ C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk 2015-12-07 20:46 - 2015-12-07 20:46 - 00000000 ____D C:\Users\MaG\Downloads\TeamViewerPortable 2015-12-07 20:45 - 2015-12-07 21:23 - 00000000 ____D C:\Users\MaG\AppData\Roaming\TeamViewer 2015-12-07 20:45 - 2015-12-07 20:46 - 27578035 _____ C:\Users\MaG\Downloads\TeamViewerPortable.zip 2015-12-07 20:44 - 2015-12-07 20:44 - 06944152 _____ (TeamViewer) C:\Users\MaG\Downloads\TeamViewerQS_de-jfa.exe 2015-12-05 17:55 - 2015-12-13 21:29 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-05 17:55 - 2015-12-13 21:00 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-05 17:55 - 2015-12-05 17:55 - 00004120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 17:55 - 2015-12-05 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-29 19:54 - 2015-12-13 18:01 - 00001138 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog 2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Mozilla 2015-11-29 19:49 - 2015-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Avira 2015-11-29 19:49 - 2015-12-13 21:24 - 00000000 ____D C:\ProgramData\Avira 2015-11-29 19:49 - 2015-11-29 19:49 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MaG\Downloads\avira_de_av_565b4865d4552__ws.exe 2015-11-29 19:23 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-11-29 19:23 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-11-25 21:10 - 2015-11-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2015-11-25 21:03 - 2015-11-25 21:03 - 09552328 _____ (IObit ) C:\Users\MaG\Downloads\sm8-setup (1).exe 2015-11-23 21:31 - 2015-12-13 20:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-23 21:31 - 2015-11-23 21:31 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-23 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-23 21:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-11-23 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-11-23 21:30 - 2015-11-23 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\MaG\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-23 21:25 - 2015-11-23 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaG\Downloads\HijackThis_2.0.5 (1).exe 2015-11-22 20:14 - 2015-11-22 20:14 - 00049502 _____ C:\Users\MaG\Downloads\fsekrit.zip 2015-11-22 20:14 - 2015-11-22 20:14 - 00000000 ____D C:\Users\MaG\Downloads\fsekrit 2015-11-21 08:24 - 2015-11-21 08:24 - 00000571 _____ C:\Users\MaG\Downloads\bbr (1).vcf 2015-11-21 08:17 - 2015-11-21 08:17 - 00000558 _____ C:\Users\MaG\Downloads\MalermeisterKlocksin.vcf 2015-11-21 08:16 - 2015-11-21 08:16 - 00000571 _____ C:\Users\MaG\Downloads\bbr.vcf 2015-11-21 08:15 - 2015-11-21 08:15 - 00000571 _____ C:\Users\MaG\Downloads\vcf 2015-11-15 17:41 - 2015-11-15 17:44 - 00000000 ____D C:\Users\MaG\AppData\Roaming\freac 2015-11-15 17:41 - 2015-11-15 17:41 - 00000983 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk 2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter 2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\Program Files (x86)\freac 2015-11-15 17:40 - 2015-11-15 17:40 - 07534391 _____ C:\Users\MaG\Downloads\freac-1.0.26.exe 2015-11-15 17:03 - 2015-11-15 17:03 - 23385120 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\MaG\Downloads\supereasy_audio_converter_2_2.1.3063_8217.exe 2015-11-15 17:03 - 2015-11-15 17:03 - 00001375 _____ C:\Users\Public\Desktop\Audio Converter 2.lnk 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\SuperEasy Software 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\SuperEasy Software 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software 2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Program Files (x86)\SuperEasy Software 2015-11-15 17:03 - 2013-04-02 10:20 - 00506312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2015-11-15 17:03 - 2013-04-02 10:20 - 00354760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2015-11-15 17:00 - 2015-12-10 21:39 - 00000000 ____D C:\Users\MaG\AppData\Local\CrashDumps 2015-11-15 16:59 - 2015-11-15 17:00 - 01391294 _____ C:\Users\MaG\Downloads\setup_1.9.4.exe 2015-11-14 20:59 - 2015-11-14 20:59 - 00001069 _____ C:\Users\Administrator\Desktop\Notepad++.lnk ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-10-21 14:36 - 2013-10-24 23:44 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat 2021-10-04 08:34 - 2013-10-24 23:44 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat 2015-12-13 21:44 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-13 21:34 - 2015-10-03 19:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3000335157-3192853593-1025591007-1001 2015-12-13 21:32 - 2014-01-05 09:52 - 00000000 ____D C:\Users\MaG\Documents\Outlook-Dateien 2015-12-13 21:31 - 2013-12-18 21:24 - 00000000 ___RD C:\Users\MaG\Dropbox 2015-12-13 21:30 - 2015-07-18 17:15 - 00000000 ____D C:\Users\MaG\AppData\Local\Dropbox 2015-12-13 21:30 - 2015-03-14 20:03 - 00000000 ___RD C:\Users\MaG\Google Drive 2015-12-13 21:29 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\MaG\OneDrive 2015-12-13 21:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-13 21:24 - 2015-08-16 19:38 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-13 19:57 - 2015-10-24 21:06 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1CCAF13-B0DA-4533-8F98-76EA3C1430D0} 2015-12-13 18:05 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-13 18:00 - 2015-07-18 19:05 - 00000000 ____D C:\ProgramData\ProductData 2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help 2015-12-13 14:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2015-12-13 13:49 - 2015-07-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-13 13:23 - 2014-11-21 04:35 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-13 13:23 - 2014-11-21 03:45 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-13 13:23 - 2014-11-21 03:45 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-13 13:20 - 2015-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-10 21:11 - 2015-10-25 06:23 - 00495520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-09 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 20:59 - 2015-07-30 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-09 20:54 - 2015-07-30 20:53 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-08 21:03 - 2015-07-18 17:15 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-08 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-07 20:39 - 2015-11-03 09:36 - 00001580 _____ C:\WINDOWS\Sandboxie.ini 2015-12-02 21:09 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 18:19 - 2014-11-21 12:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2014-11-21 12:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-30 21:08 - 2015-08-19 21:00 - 00000000 ____D C:\Users\MaG\AppData\Roaming\vlc 2015-11-29 21:11 - 2015-09-26 12:32 - 00000000 ____D C:\Users\MaG\AppData\Local\PDFCreator 2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\ProgramData\WildTangent 2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-11-29 20:21 - 2013-10-25 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-29 20:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-29 19:45 - 2014-02-15 20:57 - 00000000 ____D C:\AdwCleaner 2015-11-25 21:10 - 2015-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-24 06:34 - 2015-08-09 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-11-24 06:29 - 2015-08-16 21:11 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files\{C8CB9DA7-B575-4B96-82FC-A2CA5C901B07} 2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files (x86)\{EE16DB03-3219-471E-9F46-B6D5D7D2545A} 2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files\{5665CFBB-D258-48CB-AB68-3F94D8D32D50} 2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files (x86)\{8BA17998-868A-4AE1-AC30-9AEC1FF5C583} 2015-11-21 07:45 - 2015-10-22 22:30 - 00001542 _____ C:\WINDOWS\system32\.crusader 2015-11-15 19:51 - 2015-08-16 19:45 - 00000000 ____D C:\Users\MaG 2015-11-14 20:59 - 2015-07-21 07:34 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Notepad++ ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-29 10:36 - 2015-08-29 10:37 - 0035078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2015-09-19 19:49 - 2015-09-22 19:49 - 0000106 _____ () C:\Users\MaG\AppData\Roaming\sn.txt 2015-08-08 19:35 - 2015-08-08 19:35 - 0000516 _____ () C:\Users\MaG\AppData\Local\6U3x63w.vbs 2015-08-23 07:48 - 2015-08-23 07:49 - 0000516 _____ () C:\Users\MaG\AppData\Local\7o5cj3r.vbs 2015-08-23 09:46 - 2015-08-23 09:46 - 0000362 _____ () C:\Users\MaG\AppData\Local\boukZ.vbs 2015-08-08 19:24 - 2015-08-08 19:24 - 3531374 _____ () C:\Users\MaG\AppData\Local\curl.zip 2015-07-19 21:19 - 2015-07-19 21:19 - 0000396 _____ () C:\Users\MaG\AppData\Local\G0rg5H.vbs 2015-09-22 19:49 - 2015-09-22 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\hpiDp.vbs 2015-11-02 15:23 - 2015-11-02 15:23 - 0004096 ____H () C:\Users\MaG\AppData\Local\keyfile3.drm 2015-09-26 12:17 - 2015-09-26 12:17 - 0000740 _____ () C:\Users\MaG\AppData\Local\recently-used.xbel 2015-09-19 19:49 - 2015-09-19 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\t4t5KB.vbs 2015-07-18 20:48 - 2015-07-18 20:48 - 0000057 _____ () C:\ProgramData\Ament.ini Einige Dateien in TEMP: ==================== C:\Users\MaG\AppData\Local\Temp\avgnt.exe C:\Users\MaG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0kk4y.dll C:\Users\MaG\AppData\Local\Temp\vs60wiz.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-13 20:04 ==================== Ende von FRST.txt ============================ leider kann ich den Defender nach der Deinstallation von avira nicht starten. Bringt mir nen Fehler - ist das normal? |
13.12.2015, 21:57 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Webseiten werden geöffnet Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2015, 22:26 | #12 |
| Webseiten werden geöffnet Scan ist nun durch - er hat keine Malware gefunden. Ich konnte also kein cleanup drücken. Was könnte ich noch machen? |
13.12.2015, 22:34 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Webseiten werden geöffnet Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2015, 22:55 | #14 |
| Webseiten werden geöffnet hier das Ergebnis von jrt JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 8.1 x64 Ran by MaG (Administrator) on 13.12.2015 at 22:42:07,66 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\MaG\AppData\Roaming\productdata (Folder) Registry: 3 Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{2DFF3579-5AA7-45B9-9328-1D38EA230861} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.12.2015 at 22:45:01,81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01 durchgeführt von MaG (Administrator) auf KANOCKELHOPPEL (13-12-2015 22:48:56) Gestartet von C:\Users\MaG\Downloads Geladene Profile: MaG (Verfügbare Profile: MaG & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCAVolume] 0 SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation) Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-07-21] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015-12-13] ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.) FF Extension: Avira Browser Safety - C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-26] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-29] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-22] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden> CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22] CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-21] (Adobe Systems) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-06] (IObit) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation) R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-08-04] (SoftEther Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) S3 SEE; C:\Windows\System32\drivers\see.sys [49024 2015-08-20] (SoftEther Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-05-20] (Synaptics Incorporated) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-13 22:47 - 2015-12-13 22:48 - 00039024 _____ C:\Users\MaG\Downloads\Addition.txt 2015-12-13 22:45 - 2015-12-13 22:45 - 00001094 _____ C:\Users\MaG\Desktop\JRT.txt 2015-12-13 22:45 - 2015-12-13 22:45 - 00000000 ____D C:\Users\MaG\AppData\Roaming\ProductData 2015-12-13 22:36 - 2015-12-13 22:36 - 01599336 _____ (Malwarebytes) C:\Users\MaG\Downloads\JRT.exe 2015-12-13 22:35 - 2015-12-13 22:36 - 01740288 _____ C:\Users\MaG\Downloads\AdwCleaner_5.025.exe 2015-12-13 22:00 - 2015-12-13 22:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-13 21:59 - 2015-12-13 22:27 - 00000000 ____D C:\Users\MaG\Desktop\mbar 2015-12-13 21:59 - 2015-12-13 21:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\MaG\Downloads\mbar-1.09.3.1001.exe 2015-12-13 21:43 - 2015-12-13 21:43 - 00713112 _____ C:\Users\MaG\Downloads\NoDefender.zip 2015-12-13 21:00 - 2015-12-13 22:49 - 00025613 _____ C:\Users\MaG\Downloads\FRST.txt 2015-12-13 21:00 - 2015-12-13 22:48 - 00000000 ____D C:\FRST 2015-12-13 20:57 - 2015-12-13 20:59 - 02369536 _____ (Farbar) C:\Users\MaG\Downloads\FRST64.exe 2015-12-13 20:27 - 2015-12-13 20:27 - 00085016 _____ C:\Users\MaG\Downloads\Extras.Txt 2015-12-13 20:26 - 2015-12-13 20:26 - 00154888 _____ C:\Users\MaG\Downloads\OTL.Txt 2015-12-13 20:13 - 2015-12-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\MaG\Downloads\OTL.exe 2015-12-13 14:03 - 2015-12-13 14:03 - 00001273 _____ C:\WINDOWS\VB.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000535 _____ C:\WINDOWS\ODBCINST.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000288 _____ C:\WINDOWS\ODBC.INI 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\WINDOWS\msapps 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Web Publish 2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 _____ C:\WINDOWS\wplog.txt 2015-12-13 14:03 - 1998-05-15 15:57 - 00093456 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FPWPP.DLL 2015-12-13 14:03 - 1998-05-14 17:30 - 00099008 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSTWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00145360 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WEBPOST.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00121984 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\CRSWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00112064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPWIZDLL.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00098960 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FTPWPP.DLL 2015-12-13 14:03 - 1998-04-29 17:52 - 00050816 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\PIPARSE.DLL 2015-12-13 14:02 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2015-12-13 14:01 - 2015-12-13 14:01 - 00143300 _____ C:\WINDOWS\vssetup.ttf 2015-12-13 14:01 - 2015-12-13 14:01 - 00001409 _____ C:\WINDOWS\vssetup.for 2015-12-13 13:20 - 2015-12-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-11 21:48 - 2015-12-13 21:32 - 00003510 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2015-12-11 21:47 - 2015-12-11 21:47 - 00000000 ____D C:\Users\MaG\Downloads\Microsoft Toolkit 2015-12-11 21:43 - 2015-12-11 21:43 - 27362856 _____ C:\Users\MaG\Downloads\Microsoft Toolkit.zip 2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-12-08 21:14 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 21:12 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 21:12 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 21:12 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 21:12 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 21:12 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 21:12 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-12-08 21:12 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-08 21:12 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-12-08 21:12 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-12-08 21:12 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-12-08 21:12 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-12-08 21:12 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 21:12 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 21:12 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-08 21:12 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-12-08 21:12 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-12-08 21:12 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-12-08 21:12 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 21:12 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-12-08 21:12 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-12-08 21:12 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-12-08 21:11 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-12-08 21:11 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 21:11 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-12-08 21:11 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-12-08 21:11 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-12-08 21:11 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-12-08 21:11 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 21:11 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-12-08 21:11 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-12-08 21:11 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 21:11 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 21:11 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 21:11 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 21:11 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-12-08 21:11 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-12-08 21:11 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-12-08 21:11 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-12-08 21:11 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-12-08 21:11 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-12-08 21:11 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-12-08 21:11 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-12-08 21:11 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-12-08 21:11 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-12-08 21:11 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-12-08 21:11 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-12-08 21:11 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-12-08 21:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-12-08 21:11 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-12-08 21:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-12-08 21:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-12-08 21:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-08 21:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-12-08 21:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-12-08 21:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-12-08 21:11 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-12-08 21:11 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-12-08 21:11 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 21:11 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-12-08 21:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-08 21:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-12-08 21:11 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-12-08 21:11 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-12-08 21:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-12-08 21:11 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-12-08 21:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-12-08 21:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-12-08 21:11 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-12-08 21:11 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 21:11 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-12-08 21:11 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-12-08 21:11 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 21:11 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 21:11 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 21:11 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-08 21:11 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-08 21:11 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-12-08 21:11 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-08 21:11 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls 2015-12-08 21:11 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-12-08 21:11 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-12-08 21:11 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-12-08 21:10 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-08 21:10 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2015-12-08 21:10 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2015-12-08 21:10 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2015-12-08 21:10 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys 2015-12-08 21:10 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2015-12-08 21:10 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2015-12-08 21:10 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2015-12-08 21:10 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-12-07 21:03 - 2015-12-07 21:03 - 00443744 _____ C:\Users\MaG\Downloads\keyfinder_2.0.10.10.zip 2015-12-07 20:49 - 2015-12-07 20:49 - 00001481 _____ C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk 2015-12-07 20:46 - 2015-12-07 20:46 - 00000000 ____D C:\Users\MaG\Downloads\TeamViewerPortable 2015-12-07 20:45 - 2015-12-07 21:23 - 00000000 ____D C:\Users\MaG\AppData\Roaming\TeamViewer 2015-12-07 20:45 - 2015-12-07 20:46 - 27578035 _____ C:\Users\MaG\Downloads\TeamViewerPortable.zip 2015-12-07 20:44 - 2015-12-07 20:44 - 06944152 _____ (TeamViewer) C:\Users\MaG\Downloads\TeamViewerQS_de-jfa.exe 2015-12-05 17:55 - 2015-12-13 22:40 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-05 17:55 - 2015-12-13 22:00 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-05 17:55 - 2015-12-05 17:55 - 00004120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 17:55 - 2015-12-05 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-29 19:54 - 2015-12-13 18:01 - 00001138 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog 2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Mozilla 2015-11-29 19:49 - 2015-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Avira 2015-11-29 19:49 - 2015-12-13 21:24 - 00000000 ____D C:\ProgramData\Avira 2015-11-29 19:49 - 2015-11-29 19:49 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MaG\Downloads\avira_de_av_565b4865d4552__ws.exe 2015-11-29 19:23 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-11-29 19:23 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-11-25 21:10 - 2015-11-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2015-11-25 21:03 - 2015-11-25 21:03 - 09552328 _____ (IObit ) C:\Users\MaG\Downloads\sm8-setup (1).exe 2015-11-23 21:31 - 2015-12-13 22:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-23 21:31 - 2015-12-13 21:59 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-23 21:31 - 2015-11-23 21:31 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-23 21:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-11-23 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-11-23 21:30 - 2015-11-23 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\MaG\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-23 21:25 - 2015-11-23 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaG\Downloads\HijackThis_2.0.5 (1).exe 2015-11-22 20:14 - 2015-11-22 20:14 - 00049502 _____ C:\Users\MaG\Downloads\fsekrit.zip 2015-11-22 20:14 - 2015-11-22 20:14 - 00000000 ____D C:\Users\MaG\Downloads\fsekrit 2015-11-21 08:24 - 2015-11-21 08:24 - 00000571 _____ C:\Users\MaG\Downloads\bbr (1).vcf 2015-11-21 08:17 - 2015-11-21 08:17 - 00000558 _____ C:\Users\MaG\Downloads\MalermeisterKlocksin.vcf 2015-11-21 08:16 - 2015-11-21 08:16 - 00000571 _____ C:\Users\MaG\Downloads\bbr.vcf 2015-11-21 08:15 - 2015-11-21 08:15 - 00000571 _____ C:\Users\MaG\Downloads\vcf 2015-11-15 17:41 - 2015-11-15 17:44 - 00000000 ____D C:\Users\MaG\AppData\Roaming\freac 2015-11-15 17:41 - 2015-11-15 17:41 - 00000983 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk 2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter 2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\Program Files (x86)\freac 2015-11-15 17:40 - 2015-11-15 17:40 - 07534391 _____ C:\Users\MaG\Downloads\freac-1.0.26.exe 2015-11-15 17:03 - 2015-11-15 17:03 - 23385120 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\MaG\Downloads\supereasy_audio_converter_2_2.1.3063_8217.exe 2015-11-15 17:03 - 2015-11-15 17:03 - 00001375 _____ C:\Users\Public\Desktop\Audio Converter 2.lnk 2015-11-15 17:03 - 2013-04-02 10:20 - 00506312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2015-11-15 17:03 - 2013-04-02 10:20 - 00354760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2015-11-15 17:00 - 2015-12-10 21:39 - 00000000 ____D C:\Users\MaG\AppData\Local\CrashDumps 2015-11-15 16:59 - 2015-11-15 17:00 - 01391294 _____ C:\Users\MaG\Downloads\setup_1.9.4.exe 2015-11-14 20:59 - 2015-11-14 20:59 - 00001069 _____ C:\Users\Administrator\Desktop\Notepad++.lnk ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-10-21 14:36 - 2013-10-24 23:44 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat 2021-10-04 08:34 - 2013-10-24 23:44 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat 2015-12-13 22:47 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-13 22:46 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\MaG\OneDrive 2015-12-13 22:45 - 2015-10-03 19:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3000335157-3192853593-1025591007-1001 2015-12-13 22:41 - 2015-07-18 17:15 - 00000000 ____D C:\Users\MaG\AppData\Local\Dropbox 2015-12-13 22:41 - 2015-03-14 20:03 - 00000000 ___RD C:\Users\MaG\Google Drive 2015-12-13 22:41 - 2013-12-18 21:24 - 00000000 ___RD C:\Users\MaG\Dropbox 2015-12-13 22:39 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-13 22:38 - 2015-08-16 21:11 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-12-13 22:38 - 2014-02-15 20:57 - 00000000 ____D C:\AdwCleaner 2015-12-13 22:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2015-12-13 22:38 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-13 22:27 - 2014-01-05 09:52 - 00000000 ____D C:\Users\MaG\Documents\Outlook-Dateien 2015-12-13 21:24 - 2015-08-16 19:38 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-13 19:57 - 2015-10-24 21:06 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1CCAF13-B0DA-4533-8F98-76EA3C1430D0} 2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help 2015-12-13 14:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2015-12-13 13:49 - 2015-07-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-13 13:23 - 2014-11-21 04:35 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-13 13:23 - 2014-11-21 03:45 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-13 13:23 - 2014-11-21 03:45 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-13 13:20 - 2015-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-10 21:11 - 2015-10-25 06:23 - 00495520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-09 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 20:59 - 2015-07-30 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-09 20:54 - 2015-07-30 20:53 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-08 21:03 - 2015-07-18 17:15 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-08 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-07 20:39 - 2015-11-03 09:36 - 00001580 _____ C:\WINDOWS\Sandboxie.ini 2015-12-02 21:09 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 18:19 - 2014-11-21 12:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2014-11-21 12:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-30 21:08 - 2015-08-19 21:00 - 00000000 ____D C:\Users\MaG\AppData\Roaming\vlc 2015-11-29 21:11 - 2015-09-26 12:32 - 00000000 ____D C:\Users\MaG\AppData\Local\PDFCreator 2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\ProgramData\WildTangent 2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-11-29 20:21 - 2013-10-25 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-29 20:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-25 21:10 - 2015-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-24 06:34 - 2015-08-09 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-11-21 07:45 - 2015-10-22 22:30 - 00001542 _____ C:\WINDOWS\system32\.crusader 2015-11-15 19:51 - 2015-08-16 19:45 - 00000000 ____D C:\Users\MaG 2015-11-14 20:59 - 2015-07-21 07:34 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Notepad++ ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-29 10:36 - 2015-08-29 10:37 - 0035078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2015-09-19 19:49 - 2015-09-22 19:49 - 0000106 _____ () C:\Users\MaG\AppData\Roaming\sn.txt 2015-08-08 19:35 - 2015-08-08 19:35 - 0000516 _____ () C:\Users\MaG\AppData\Local\6U3x63w.vbs 2015-08-23 07:48 - 2015-08-23 07:49 - 0000516 _____ () C:\Users\MaG\AppData\Local\7o5cj3r.vbs 2015-08-23 09:46 - 2015-08-23 09:46 - 0000362 _____ () C:\Users\MaG\AppData\Local\boukZ.vbs 2015-08-08 19:24 - 2015-08-08 19:24 - 3531374 _____ () C:\Users\MaG\AppData\Local\curl.zip 2015-07-19 21:19 - 2015-07-19 21:19 - 0000396 _____ () C:\Users\MaG\AppData\Local\G0rg5H.vbs 2015-09-22 19:49 - 2015-09-22 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\hpiDp.vbs 2015-11-02 15:23 - 2015-11-02 15:23 - 0004096 ____H () C:\Users\MaG\AppData\Local\keyfile3.drm 2015-09-26 12:17 - 2015-09-26 12:17 - 0000740 _____ () C:\Users\MaG\AppData\Local\recently-used.xbel 2015-09-19 19:49 - 2015-09-19 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\t4t5KB.vbs 2015-07-18 20:48 - 2015-07-18 20:48 - 0000057 _____ () C:\ProgramData\Ament.ini Einige Dateien in TEMP: ==================== C:\Users\MaG\AppData\Local\Temp\avgnt.exe C:\Users\MaG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0kk4y.dll C:\Users\MaG\AppData\Local\Temp\sqlite3.dll C:\Users\MaG\AppData\Local\Temp\vs60wiz.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-13 20:04 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01 durchgeführt von MaG (2015-12-13 22:49:13) Gestartet von C:\Users\MaG\Downloads Windows 8.1 (X64) (2015-08-16 19:54:48) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3000335157-3192853593-1025591007-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-3000335157-3192853593-1025591007-501 - Limited - Disabled) MaG (S-1-5-21-3000335157-3192853593-1025591007-1001 - Administrator - Enabled) => C:\Users\MaG ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.3.1785 - Open Media LLC) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB) Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH) Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Click2Music (HKLM-x32\...\Click2Music) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.) f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Flux) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - ) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname) Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.) Paperless Printer version 6.0.0.1 (HKLM-x32\...\Paperless Printer_is1) (Version: 6.0.0.1 - Pragnaan Software Private Limited) PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH) PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd) Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.4.0.1 - IObit) Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SuperEasy Audio Converter 2 v.2.1.3063 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.3063 - SuperEasy Software GmbH & Co. KG) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version: - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 25-11-2015 21:17:38 Uniblue PC Mechanic installation 29-11-2015 19:20:51 Windows Update 29-11-2015 19:54:48 Avira System Speedup 2.0.4 01-12-2015 21:26:11 Windows Modules Installer 09-12-2015 20:48:29 Windows Update 13-12-2015 18:02:08 Removed ProjectLibre 13-12-2015 22:42:21 JRT Pre-Junkware Removal ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-10-25 06:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Da befinden sich 15464 zusätzliche Einträge. ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {056F8D16-DB30-43D6-B844-A69F83C0F1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {12A9DDFE-D969-4D3A-8E95-C8E9F5015F2D} - \keepup -> Keine Datei <==== ACHTUNG Task: {140A4242-6565-4DED-A620-FCD33E1ACB7B} - \DriverMgr -> Keine Datei <==== ACHTUNG Task: {2F92AB55-ED59-44C8-9CB9-32A071ACA7ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {3188352C-4465-4817-9661-56246372F4DF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {3D2DC3F9-CD09-4DFD-B0D3-6770489C3348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.) Task: {52DD1A58-FA65-4F78-A296-7AE686322590} - \WinKit -> Keine Datei <==== ACHTUNG Task: {555DB673-B627-4011-9EAC-9C66B3D9A07B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {5F9A392D-0F93-4D49-B04F-4DF5E1E59674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {656557D2-E953-4133-A4DA-B6DA2A45183A} - \SpyHunter4Startup -> Keine Datei <==== ACHTUNG Task: {8413920D-CE6F-46F6-9574-9188FAF2496B} - \Urla1 -> Keine Datei <==== ACHTUNG Task: {B134DC93-6F45-42D3-A489-2C24C7DDF40B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation) Task: {B3BCCB8F-F563-4DA2-B325-27F95EA8B431} - \Urla2 -> Keine Datei <==== ACHTUNG Task: {D3ADBE5B-7D24-478B-9F7A-0746B1F3DBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.) Task: {F32D7DA5-8C47-4F4D-AEE0-A7398C655912} - \Urla3 -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-07-24 19:53 - 2012-03-28 20:28 - 00019456 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\QWritex64.dll 2013-10-25 00:04 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-07-18 19:05 - 2015-11-06 12:05 - 00618784 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-10-24 22:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-10-24 22:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-10-24 22:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-10-24 22:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-10-24 22:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-10-24 23:35 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-07-19 21:26 - 2015-11-23 21:05 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll 2013-10-25 00:04 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll 2015-12-08 21:03 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D27C2C67-608D-4E0E-9378-992FA77258D0}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{8039EE20-5698-4C20-9C5C-F5F1F62DE282}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{B34D8AE4-D8C7-4056-8112-932D213FD866}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe FirewallRules: [{A51982E3-8677-4D7A-8315-4590C92BCC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{C7C5B632-E33E-4356-8511-09866EEE7955}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{407EB8EA-8ACC-471D-9572-D4DB5537D539}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{D309308A-4A28-4E1D-97C8-18234DAB58AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{F6D4B300-3739-4C79-A6B0-22404E964637}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{12C44774-64DF-4B86-ADE9-0D0B8E628997}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{BB8DF291-466C-48C9-8D7E-C03F42159DE8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe FirewallRules: [UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe FirewallRules: [{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe FirewallRules: [UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe FirewallRules: [TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/13/2015 07:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/13/2015 02:13:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/13/2015 02:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13e8 Startzeit: 01d135a6739aa026 Endzeit: 0 Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (12/13/2015 01:19:21 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/11/2015 09:49:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (12/11/2015 09:20:48 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/10/2015 09:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/10/2015 09:16:31 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. Kontext: Windows Anwendung Details: Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a) Error: (12/09/2015 09:28:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/09/2015 08:47:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826 Ausnahmecode: 0x80000003 Fehleroffset: 0x00007f81 ID des fehlerhaften Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0 Pfad der fehlerhaften Anwendung: delegate_execute.exe1 Pfad des fehlerhaften Moduls: delegate_execute.exe2 Berichtskennung: delegate_execute.exe3 Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5 Systemfehler: ============= Error: (12/13/2015 10:38:45 PM) (Source: DCOM) (EventID: 10010) (User: KANOCKELHOPPEL) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (12/13/2015 10:38:45 PM) (Source: DCOM) (EventID: 10010) (User: KANOCKELHOPPEL) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "HP Support Solutions Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2015-12-13 21:57:41.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-13 21:41:10.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-13 21:40:41.253 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-13 21:39:59.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-13 21:39:46.482 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Prozentuale Nutzung des RAM: 19% Installierter physikalischer RAM: 8072.27 MB Verfügbarer physikalischer RAM: 6491.79 MB Summe virtueller Speicher: 9352.27 MB Verfügbarer virtueller Speicher: 7594.98 MB ==================== Laufwerke ================================ Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:523.14 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 2A9D57C6) Partition: GPT. ==================== Ende von Addition.txt ============================ |
13.12.2015, 23:00 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Webseiten werden geöffnet adwcleaner fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Webseiten werden geöffnet |
askbar, browser, dauernd, einiger, folge, folgendes, hallo zusammen, install.exe, laptop, launch, leerlauf, nichts, onedrive, phänomen, plagegeist, rechner, reiter, starte, startet, versuch, versucht, veränderung, webseite, webseiten, wirklich, zufällig, zusammen, ändern, öffnet |