|
Plagegeister aller Art und deren Bekämpfung: Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.12.2015, 22:22 | #1 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hallo, ich habe hier einen Win 8.1 PC der immer wieder mal einfach runterfährt, ohne Vorwarnung. Ein weitere Effekt ist, dass er plötzlich das WIN 8 Kennwort nicht mehr akzeptiert. Das Einzige was dann bisher geholfen hat war Netzteil abstecken, den Akku rauszunehmen und die Power Taste für ca 15 Sekunden gedrückt zu halten. Dann Akku rein und Anmelden geht wieder. Ist doch irgendwie seltsam... Da Ihr mir schon mehrfach geholfen habt, versuche ich es wieder ;o). FRST Ergebnisse anbei, habe auch noch ein MBAM.TXT mit 190 unerwünschten Programmen... Danke schon mal für jede Hilfe Karl-Heinz FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Claudi (Administrator) auf ClaudiS-HP (20-12-2015 19:09:49) Gestartet von C:\Users\Claudi\Desktop\khb Geladene Profile: Claudi (Verfügbare Profile: Claudi) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\System32\DnsBlockUpdateSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe () C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe (Buffalo Inc.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (SoftBrain Technologies Ltd.) C:\Users\Claudi\AppData\Local\SmartWeb\SmartWebHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [SmartWeb] => C:\Users\Claudi\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.) HKLM-x32\...\Run: [gmsd_de_005010043] => [X] HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\db456757-8f21-4dab-845c-a9ed4c42fced.exe [183232 2015-12-20] (AVAST Software) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [Amazon Music] => C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-09-15] () HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-04] (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2014-10-31] ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2015-08-04] ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2015-08-04] ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) Startup: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-27] ShortcutTarget: SmartWeb.lnk -> C:\Users\Claudi\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.) GroupPolicy: Beschränkung - Chrome <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings) Tcpip\Parameters: [DhcpNameServer] 192.168.11.254 192.168.0.1 Tcpip\..\Interfaces\{9D3A08C7-B385-4B62-A999-566051641C5E}: [DhcpNameServer] 192.168.11.254 Tcpip\..\Interfaces\{C8727673-5237-4FFF-A9A5-C08379F70019}: [DhcpNameServer] 192.168.11.254 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {D7D1189B-32FC-4BB1-8E12-D6FCF05F0437} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M8BAAAD7C-8818-4689-A938-D73D3AAEB233&SearchSource=58&CUI=&UM=8&UP=SPF5D2393B-E80E-47A9-ABAC-5B1D1907F2F1&D=072715&q={searchTerms}&SSPV=SP30367TA_sp_ie SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {D7D1189B-32FC-4BB1-8E12-D6FCF05F0437} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-20] (Oracle Corporation) BHO-x32: Kein Name -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> Keine Datei BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll [2011-11-22] (StumbleUpon Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-20] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google FF SelectedSearchEngine: google FF Homepage: hxxp://www.google.de?hl=de&gl=de FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF user.js: detected! => C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\user.js [2015-12-13] FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\google-avast.xml [2015-08-23] FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\istartsurf.xml [2015-08-04] FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\trovi.xml [2015-07-28] FF Extension: Download Protect - C:\Windows\Installer\{DDCD1A78-E9E9-4E15-A58F-50C30051E68E}\{F32F88C5-906A-42F9-B7BC-E7CAE5300851}.xpi [2015-12-13] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\extensions\defsearchp@gmail.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10] FF HKLM-x32\...\Firefox\Extensions: [{F32F88C5-906A-42F9-B7BC-E7CAE5300851}] - C:\Windows\Installer\{DDCD1A78-E9E9-4E15-A58F-50C30051E68E}\{F32F88C5-906A-42F9-B7BC-E7CAE5300851}.xpi Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-04] CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Claudi\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software) R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [Datei ist nicht signiert] S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.) S4 comyninu; C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\hnscA6FD.tmp [161792 2015-08-04] () [Datei ist nicht signiert] R2 DnsBlockUpdateSvc; C:\Windows\system32\DnsBlockUpdateSvc.exe [149024 2015-11-04] () R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [435064 2014-10-15] () R2 StumbleUponUpdater; C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [Datei ist nicht signiert] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S4 wezoryro; C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\knsz97BC.tmpfs [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-20] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-04] (AVAST Software) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-10-31] (Broadcom Corporation) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-20] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R2 WinDivert64; C:\Windows\system32\drivers\WinDivert64.sys [35376 2013-12-02] (Basil Projects) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-20 19:09 - 2015-12-20 19:09 - 00000000 ____D C:\FRST 2015-12-20 19:06 - 2015-12-20 19:09 - 00000000 ____D C:\Users\Claudi\Desktop\khb 2015-12-20 18:36 - 2015-12-20 18:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-20 18:36 - 2015-12-20 18:36 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-20 18:36 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-20 18:36 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-20 18:36 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-20 18:34 - 2015-12-20 18:35 - 22908888 _____ (Malwarebytes ) C:\Users\Claudi\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-20 18:32 - 2015-12-20 18:32 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Sun 2015-12-20 18:32 - 2015-12-20 18:32 - 00000000 ____D C:\Users\Claudi\.oracle_jre_usage 2015-12-20 18:30 - 2015-12-20 18:30 - 00000000 ____D C:\Users\Claudi\AppData\LocalLow\Oracle 2015-12-20 18:26 - 2015-12-20 18:26 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForClaudi 2015-12-20 18:26 - 2015-12-20 18:26 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForClaudi.job 2015-12-20 18:25 - 2015-12-20 18:25 - 02870984 _____ (ESET) C:\Users\Claudi\Downloads\esetsmartinstaller_deu.exe 2015-12-20 18:25 - 2015-12-20 18:25 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-14 19:10 - 2015-12-14 19:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 19:10 - 2015-12-14 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-13 19:59 - 2015-12-13 19:59 - 00000000 ____D C:\Program Files\{3052AF24-5114-4AE0-A58E-97453C636909} 2015-12-13 19:59 - 2015-12-13 19:59 - 00000000 ____D C:\Program Files (x86)\{D63DE6AD-32E7-41C5-B5AB-B0FBECD57358} 2015-12-10 12:46 - 2015-12-10 12:46 - 00000000 ____D C:\ProgramData\Nikon 2015-12-09 19:23 - 2015-12-10 21:30 - 00000000 ____D C:\Windows\system32\MpEngineStore 2015-12-09 19:22 - 2015-12-09 19:22 - 00000000 ____D C:\730793f83abf9adb9e788ebe 2015-12-09 18:39 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 18:39 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 18:39 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 18:38 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 18:38 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 18:38 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-09 18:38 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 18:38 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 18:38 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 18:38 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 18:38 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 18:38 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 18:38 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 18:38 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-09 18:38 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 18:38 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 18:38 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 18:38 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 18:38 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-09 18:38 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 18:38 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 18:38 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 18:38 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 18:38 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 18:38 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 18:38 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 18:38 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 18:38 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 18:38 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-09 18:38 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-09 18:38 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 18:38 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 18:38 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 18:38 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 18:38 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 18:38 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 18:38 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-09 18:38 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 18:38 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 18:38 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 18:37 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-12-09 18:37 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2015-12-09 18:37 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-12-09 18:37 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2015-12-09 18:37 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 18:37 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls 2015-12-09 18:36 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-09 18:36 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-09 18:36 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-09 18:36 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-09 18:36 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-09 18:36 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-09 18:36 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-09 18:36 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-09 18:36 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-09 18:36 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 18:36 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 18:36 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 18:36 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 18:36 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 18:36 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 18:36 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 18:36 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 18:36 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-09 18:36 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 18:36 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 18:36 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-09 18:36 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2015-12-09 18:36 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-12-09 18:36 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-12-09 18:33 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 18:33 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 18:33 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 18:33 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 18:33 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 18:33 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-12-09 18:33 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 18:33 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 18:33 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 18:33 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 18:33 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 18:33 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 18:33 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 18:33 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-09 18:33 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-09 18:33 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-12-09 18:33 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2015-12-09 18:33 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2015-12-09 18:33 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2015-12-09 18:33 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys 2015-12-09 18:33 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2015-12-09 18:33 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2015-12-09 18:32 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe 2015-12-09 18:32 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-12-04 18:55 - 2015-12-04 18:55 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-12-04 18:53 - 2015-12-04 19:03 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Nikon 2015-12-04 18:53 - 2015-12-04 18:53 - 00000000 ____D C:\Users\Claudi\AppData\Local\Nikon 2015-12-04 18:47 - 2015-12-04 18:47 - 00002106 _____ C:\Users\Public\Desktop\Picture Control Utility 2.lnk 2015-12-04 18:47 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Control Utility 2 2015-12-04 18:47 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2 2015-12-04 18:46 - 2015-12-04 18:46 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Plants 2015-12-04 18:46 - 2015-12-04 18:46 - 00000268 ___RH C:\ProgramData\Podcasting 2015-12-04 18:46 - 2015-12-04 18:46 - 00000020 ____H C:\ProgramData\PKP_DLes.DAT 2015-12-04 18:46 - 2015-12-04 18:46 - 00000012 ___RH C:\ProgramData\Resources 2015-12-04 18:46 - 2015-12-04 18:46 - 00000000 ____D C:\Windows\Downloaded Installations 2015-12-04 18:45 - 2015-12-16 18:30 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2015-12-04 18:45 - 2015-12-04 19:03 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Users\Claudi\AppData\Local\Downloaded Installations 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files\Nikon 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files\Common Files\Nikon 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files (x86)\Nikon 2015-12-04 18:45 - 2015-12-04 18:46 - 00000000 ____D C:\ProgramData\Ultima_T15 2015-12-04 18:45 - 2015-12-04 18:46 - 00000000 ____D C:\ProgramData\EnterNHelp 2015-12-04 18:45 - 2015-12-04 18:45 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL 2015-12-04 18:45 - 2015-12-04 18:45 - 00002076 _____ C:\Users\Public\Desktop\ViewNX 2.lnk 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Plug-In Settings 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Planets 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\ProgramData\Pop Flute 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\ProgramData\Plugins 2015-12-04 18:45 - 2015-12-04 18:45 - 00000012 ___RH C:\ProgramData\Robot 2015-12-04 18:45 - 2015-12-04 18:45 - 00000012 ___RH C:\ProgramData\Receipts 2015-12-04 18:45 - 2015-12-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2 2015-12-04 18:44 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 2015-12-04 18:43 - 2015-12-04 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon 2015-12-04 18:31 - 2015-12-04 18:41 - 112637472 _____ C:\Users\Claudi\Downloads\S-VNX2__-021003WF-EURDE-64BIT_.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-04 18:07 - 2015-12-04 18:07 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-04 18:07 - 2015-12-04 18:07 - 00000000 ____D C:\Program Files\Common Files\AV ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-20 19:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-20 18:44 - 2015-02-22 14:53 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\ClassicShell 2015-12-20 18:38 - 2015-02-21 14:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3361543711-125785448-4142314985-1001 2015-12-20 18:33 - 2015-04-05 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-20 18:33 - 2015-04-05 17:14 - 00000000 ____D C:\ProgramData\Oracle 2015-12-20 18:33 - 2015-04-05 17:14 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-20 18:32 - 2015-04-05 17:15 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-12-20 18:32 - 2015-02-21 14:44 - 00000000 ____D C:\Users\Claudi 2015-12-20 18:25 - 2015-02-21 14:47 - 00000000 ____D C:\Users\Claudi\Documents\Youcam 2015-12-20 18:24 - 2015-02-21 16:31 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-12-20 18:24 - 2015-02-21 16:31 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-12-20 18:23 - 2014-10-31 09:37 - 00801992 _____ C:\Windows\system32\perfh007.dat 2015-12-20 18:23 - 2014-10-31 09:37 - 00174994 _____ C:\Windows\system32\perfc007.dat 2015-12-20 18:23 - 2014-03-18 10:53 - 01924576 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-20 18:23 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-20 18:19 - 2015-03-18 21:13 - 00000000 ____D C:\Users\Claudi\OneDrive 2015-12-20 18:19 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-20 18:01 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-20 18:01 - 2013-08-22 15:44 - 00498472 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-20 18:00 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-20 17:56 - 2015-02-21 18:44 - 00000000 ____D C:\Users\Claudi\Documents\Outlook-Dateien 2015-12-20 16:14 - 2015-03-09 08:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-20 14:52 - 2015-02-21 15:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D2A4AD3-EC4A-4CB2-BE52-001D24320CCA} 2015-12-20 14:50 - 2015-09-30 18:34 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Skype 2015-12-16 18:25 - 2015-02-21 14:47 - 00000000 ____D C:\Users\Claudi\AppData\Local\CyberLink 2015-12-14 19:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-12-14 19:10 - 2015-09-30 18:34 - 00000000 ____D C:\Users\Claudi\AppData\Local\Skype 2015-12-14 19:10 - 2015-09-30 18:33 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-14 19:10 - 2015-09-30 18:33 - 00000000 ____D C:\ProgramData\Skype 2015-12-13 19:59 - 2015-07-25 21:14 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-12-13 19:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-10 12:32 - 2015-02-21 18:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 12:19 - 2015-02-21 17:16 - 00003098 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3361543711-125785448-4142314985-1001 2015-12-09 19:22 - 2015-02-21 19:00 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 19:22 - 2015-02-21 19:00 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 07:14 - 2015-03-09 08:08 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-05 16:22 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-04 18:47 - 2014-10-31 02:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-04 18:19 - 2015-02-21 16:31 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1450632268375 2015-12-04 18:19 - 2015-02-21 16:31 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1450632268375 2015-12-04 18:19 - 2015-02-21 16:31 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-01 18:19 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-23 20:00 - 2015-02-22 19:42 - 00000000 ____D C:\Users\Claudi\Documents\AeTZ1417 2015-11-22 21:30 - 2015-04-28 12:06 - 00000000 ____D C:\Users\Claudi\Documents\kevin 2015-11-22 13:59 - 2015-02-22 22:02 - 00184320 ___SH C:\Users\Claudi\Desktop\Thumbs.db ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-12 18:37 - 2015-08-12 18:37 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Planets 2015-12-04 18:46 - 2015-12-04 18:46 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Plants 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Plug-In Settings 2015-12-04 18:46 - 2015-12-04 18:46 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2015-12-04 18:45 - 2015-12-16 18:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-12-04 18:45 - 2015-12-04 19:03 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\ProgramData\Plugins 2015-12-04 18:46 - 2015-12-04 18:46 - 0000268 ___RH () C:\ProgramData\Podcasting 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\ProgramData\Pop Flute 2015-12-04 18:45 - 2015-12-04 18:45 - 0000012 ___RH () C:\ProgramData\Receipts 2015-12-04 18:46 - 2015-12-04 18:46 - 0000012 ___RH () C:\ProgramData\Resources 2015-12-04 18:45 - 2015-12-04 18:45 - 0000012 ___RH () C:\ProgramData\Robot Einige Dateien in TEMP: ==================== C:\Users\Claudi\AppData\Local\Temp\1q9fq0zd.dll C:\Users\Claudi\AppData\Local\Temp\2195.exe C:\Users\Claudi\AppData\Local\Temp\avast_secureline_setup.exe C:\Users\Claudi\AppData\Local\Temp\bitool.dll C:\Users\Claudi\AppData\Local\Temp\COMAP.EXE C:\Users\Claudi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Claudi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Claudi\AppData\Local\Temp\Extract.exe C:\Users\Claudi\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\Claudi\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Claudi\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Claudi\AppData\Local\Temp\OfficeSetup.exe C:\Users\Claudi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Claudi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Claudi\AppData\Local\Temp\SP68373.exe C:\Users\Claudi\AppData\Local\Temp\SP69404.exe C:\Users\Claudi\AppData\Local\Temp\SP69559.exe C:\Users\Claudi\AppData\Local\Temp\SP69718.exe C:\Users\Claudi\AppData\Local\Temp\SP70271.exe C:\Users\Claudi\AppData\Local\Temp\SP70439.exe C:\Users\Claudi\AppData\Local\Temp\SP71716.exe C:\Users\Claudi\AppData\Local\Temp\Uninstall.exe C:\Users\Claudi\AppData\Local\Temp\_is2C5.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 12:28 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015 durchgeführt von Claudi (2015-12-20 19:10:52) Gestartet von C:\Users\Claudi\Desktop\khb Windows 8.1 (X64) (2015-02-21 13:44:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3361543711-125785448-4142314985-500 - Administrator - Disabled) Gast (S-1-5-21-3361543711-125785448-4142314985-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3361543711-125785448-4142314985-1003 - Limited - Enabled) Claudi (S-1-5-21-3361543711-125785448-4142314985-1001 - Administrator - Enabled) => C:\Users\Claudi khb (S-1-5-21-3361543711-125785448-4142314985-1004 - Administrator - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Amazon Music (HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) avast! SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.139.2 - AVAST Software) Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation) BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.82 - Buffalo Inc.) Build-a-lot (x32 Version: 3.0.2.59 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.3.5715 - Ihr Firmenname) Hidden CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2.3324 - Ihr Firmenname) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.) Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - ) FRITZ!Powerline (HKLM-x32\...\{F9C9378B-78D5-4CC0-8683-B7915DFEA9C5}) (Version: 01.00.65 - AVM Berlin) Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{6AAEDF97-4B93-4169-8FCA-FCB0378CED52}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{1E7F409E-E35A-4DF8-BF5C-FE34B74B640E}) (Version: 7.6.31.30 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon) Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.24 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.2 - Nikon) Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.) Scansoft PDF Professional (x32 Version: - ) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ACHTUNG SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden UpgradeText (HKLM-x32\...\{1146AC44-2F03-4431-B4FD-889BC837521F}{144046c7}) (Version: - Software Publisher) Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.3 - Nikon) Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App für HP (x32 Version: 4.0.11.14 - WildTangent) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 23-11-2015 17:47:01 Geplanter Prüfpunkt 04-12-2015 18:44:18 Installiert "ViewNX 2" 09-12-2015 19:18:53 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {05D562B8-84AD-420E-A83F-E8A3A0085BDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.) Task: {208AB745-1D7C-454D-AA3F-E6221617CBC8} - System32\Tasks\{AC8F6FD5-4546-4D8F-9545-445326414489} => Firefox.exe hxxp://ui.skype.com/ui/0/7.11.0.102/de/abandoninstall?source=lightinstaller&page=tsInstall Task: {2FF8837C-4B56-4B00-91A5-79C60E2804FF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {318D1321-CC25-4847-8D89-0E3F3E51FD98} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software) Task: {42801711-C539-4D41-A30F-2CB64AFD175F} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard) Task: {5768876A-154B-4EA2-9191-E4F54D2F948A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3361543711-125785448-4142314985-1001 => C:\Users\Claudi\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-10] (Microsoft Corporation) Task: {63153D22-0346-49BB-955A-E1E5BF156E60} - System32\Tasks\HPCeeScheduleForClaudi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {64DDB6EE-3DF5-4FDA-AB45-79681E4058C7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.) Task: {9026E826-5543-4268-ADBB-D991E1D5D8A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-04] (AVAST Software) Task: {932CAD7E-AEDD-406C-ACD8-84FF944E98A6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {93B24F84-6CE3-4A72-98FE-85C115CFBABF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {98F2F77F-1F3A-49E7-B33D-8C376C8E4254} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.) Task: {AB747E4E-5D5B-44F8-BB2F-5AD75EEA22D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.) Task: {AC0C291E-6537-43E6-96D3-C7D82B4557FE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-09-15] () Task: {B18DD415-833E-41A1-9BF8-D3C45E60375B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation) Task: {C91FB7ED-110C-4326-B92B-E672E1334B9A} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2014-10-15] (AVAST Software) Task: {D55B8052-CE2B-43CF-BAD2-2E0D10059C2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company) Task: {DB1BC467-BF91-4FD9-9DB3-381C963C8013} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard) Task: {E912F5BB-0B11-4B53-8008-4940339761B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {EF99235D-0665-41E3-B83B-10987E181DF9} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard) Task: {F9DD2CC8-CADC-4BA8-B1BD-2FCFB4F09F9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForClaudi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/ ShortcutWithArgument: C:\Users\Claudi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/ ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-09-27 13:40 - 2014-09-27 13:40 - 02150400 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-09-27 13:39 - 2014-09-27 13:39 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-09-27 13:39 - 2014-09-27 13:39 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-09-27 13:39 - 2014-09-27 13:39 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-09-27 13:48 - 2014-09-27 13:48 - 00420432 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-09-27 13:48 - 2014-09-27 13:48 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2015-07-25 21:13 - 2015-11-04 19:03 - 00149024 _____ () C:\Windows\system32\DnsBlockUpdateSvc.exe 2014-10-31 04:30 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-10-31 04:10 - 2014-10-15 15:02 - 00435064 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 2011-11-22 09:59 - 2011-11-22 09:59 - 00018432 _____ () C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe 2014-10-31 03:49 - 2014-09-27 04:19 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-27 13:42 - 2014-09-27 13:42 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2015-06-13 16:14 - 2015-09-15 06:07 - 05887808 _____ () C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe 2015-12-20 18:25 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-04 18:19 - 2015-12-04 18:19 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-12-15 17:41 - 2015-12-15 17:41 - 02803712 _____ () C:\Program Files\AVAST Software\Avast\defs\15121500\algo.dll 2015-12-04 18:19 - 2015-12-04 18:19 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-12-20 18:03 - 2015-12-20 18:03 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122000\algo.dll 2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-10-31 04:10 - 2014-10-15 15:02 - 38561576 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll 2015-12-04 18:19 - 2015-12-04 18:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows\system32\DnsBlockUpdateSvc.exe:IID ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.11.254 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{575A09D0-EE3B-4EFE-A3E4-F4EBA319C64D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EB21DE04-C4C7-4267-9F18-74921C1A1F98}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B73EC55B-AFAB-45A5-946C-C5CC43019E27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{F9257F93-A7D2-4EFB-A88D-1144D58D05B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{17E1D799-A89C-4EB6-97B3-19C565E07E71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7B6E04F0-2866-413B-B740-004361BCA36B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C5E2CF70-8621-4107-9CF5-49B7FE15A0D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9868981E-48F1-4C46-AE1B-414F2188227B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{994BA670-945D-444C-9E49-8605DE58A059}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9AC8CB4F-F594-4F70-8E8B-0FF0872005BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4934645F-DB36-4B72-AB75-67D3B4F5FAA2}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{C85CCDF3-312D-42CD-8CF1-8BE41BBAE14D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{2848477A-7592-4D94-BF5B-DAFC34A80075}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{84B99008-2874-4C2A-A35D-543E8129AE7C}] => (Allow) C:\Users\Claudi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{09B7F46E-F153-4CAB-8790-4AC49B7252DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BA45C7C1-E542-4D3A-8D68-77DAFD9B4527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{39451594-6898-4021-8FA6-8DCAD4EBF700}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{CF98E35F-ECC2-44AC-94D5-D4E99FA23E27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{B9A289C4-39FC-46AD-9D0E-F6342B40F0F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{DE223FA4-98F7-4947-9600-EB19172F77AC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{F87C1DB0-1E52-4C24-89FC-440F10616F81}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{5A53BAE0-4EB8-4589-8568-6DED8B5A21B8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{1BC62E38-2C45-46F6-B203-7205B8760F08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe FirewallRules: [TCP Query User{B8FC367A-D4CD-47AD-95E2-0B09DF19300E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{13265336-A5A0-4006-99E4-83BC1AE31286}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{CEBBBE56-3F97-4B69-A4E1-34FD6F2FB19C}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe FirewallRules: [{A0929CDD-9C53-4A0C-9C84-34B54AF92DC0}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe FirewallRules: [{677BCEA3-F764-4DF0-919A-BE65EF2C3B04}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe FirewallRules: [TCP Query User{1F638EDE-2F47-48D8-8F0A-9EFC515018D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{B2B97514-CD1A-44C1-9DE9-4B48F03D5030}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{87D28865-81D6-4A2C-835F-EA3A9FE5DD3D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{455543D7-04EB-4244-B596-8C484899BA01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{08E27F0C-7770-4A12-9896-212D66BF67D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B404F397-F4AF-481A-AD80-2C6FC37C6C4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E5A5841C-5CEB-41E3-9BCD-35BAAF5E5273}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/20/2015 06:47:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:47:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:47:09 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:25:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:25:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:25:15 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:25:15 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6750 Error: (12/20/2015 06:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6750 Error: (12/20/2015 06:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Systemfehler: ============= Error: (12/20/2015 06:26:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/20/2015 06:26:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Claudi\AppData\Local\Temp\ehdrv.sys Error: (12/20/2015 06:26:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/20/2015 06:26:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Claudi\AppData\Local\Temp\ehdrv.sys Error: (12/20/2015 06:26:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/20/2015 06:26:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Claudi\AppData\Local\Temp\ehdrv.sys Error: (12/20/2015 05:59:22 PM) (Source: DCOM) (EventID: 10016) (User: ClaudiS-HP) Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Claudis-HPClaudiS-1-5-21-3361543711-125785448-4142314985-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/20/2015 05:59:22 PM) (Source: DCOM) (EventID: 10016) (User: ClaudiS-HP) Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Claudis-HPClaudiS-1-5-21-3361543711-125785448-4142314985-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/20/2015 05:59:22 PM) (Source: DCOM) (EventID: 10016) (User: ClaudiS-HP) Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Claudis-HPClaudiS-1-5-21-3361543711-125785448-4142314985-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/20/2015 05:58:49 PM) (Source: DCOM) (EventID: 10016) (User: ClaudiS-HP) Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Claudis-HPClaudiS-1-5-21-3361543711-125785448-4142314985-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar CodeIntegrity: =================================== Date: 2015-07-27 22:28:10.316 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:09:08.821 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:06:14.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:06:13.887 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:06:06.836 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:05:26.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 17:45:16.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-25 17:45:16.392 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz Prozentuale Nutzung des RAM: 33% Installierter physikalischer RAM: 8114.27 MB Verfügbarer physikalischer RAM: 5427 MB Summe virtueller Speicher: 9394.27 MB Verfügbarer virtueller Speicher: 6624.54 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:906.46 GB) (Free:825.17 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:24.04 GB) (Free:2.67 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:113.85 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: DC13FC01) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: E948385F) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ bitte die Logs Löschen, mittlerweile hat mein Bekannter ESET und andere Bereinigungstools laufen lassen....ohne meine "Kontrolle". Ich werde also die Logs neu machen und nochmal posten. Sorry! |
20.12.2015, 23:21 | #2 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runterMein Name ist Dennis und ich werde dir bei der Bereinigung helfen. Bitte beachte, dass es ein paar Regeln gibt:
Sollte ich nicht innerhalb von 48h antworten, schreibe mir eine PM! Poste mal bitte alle anderen Logs die du auch noch hast.
__________________ |
21.12.2015, 20:34 | #3 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hier die aktuellen Logs von FRST
__________________FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Claudi (Administrator) auf ClaudiS-HP (21-12-2015 20:17:44) Gestartet von C:\Users\Claudi\Desktop\Jackko Geladene Profile: Claudi (Verfügbare Profile: Claudi) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\System32\DnsBlockUpdateSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe () C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe () C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe (Buffalo Inc.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsScan_6.3.9654.17133_x64__8wekyb3d8bbwe\scanapp.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [gmsd_de_005010043] => [X] HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [Amazon Music] => C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-09-15] () HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-04] (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2014-10-31] ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2015-08-04] ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2015-08-04] ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) Startup: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-27] ShortcutTarget: SmartWeb.lnk -> C:\Users\Claudi\AppData\Local\SmartWeb\SmartWebHelper.exe (Keine Datei) GroupPolicy: Beschränkung - Chrome <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings) Tcpip\Parameters: [DhcpNameServer] 192.168.11.254 192.168.0.1 Tcpip\..\Interfaces\{9D3A08C7-B385-4B62-A999-566051641C5E}: [DhcpNameServer] 192.168.11.254 Tcpip\..\Interfaces\{C8727673-5237-4FFF-A9A5-C08379F70019}: [DhcpNameServer] 192.168.11.254 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {D7D1189B-32FC-4BB1-8E12-D6FCF05F0437} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M8BAAAD7C-8818-4689-A938-D73D3AAEB233&SearchSource=58&CUI=&UM=8&UP=SPF5D2393B-E80E-47A9-ABAC-5B1D1907F2F1&D=072715&q={searchTerms}&SSPV=SP30367TA_sp_ie SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {D7D1189B-32FC-4BB1-8E12-D6FCF05F0437} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-20] (Oracle Corporation) BHO-x32: Kein Name -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> Keine Datei BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: StumbleUpon -> {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} -> C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll [2011-11-22] (StumbleUpon Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-20] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google FF SelectedSearchEngine: google FF Homepage: hxxp://www.google.de?hl=de&gl=de FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF user.js: detected! => C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\user.js [2015-12-21] FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\google-avast.xml [2015-08-23] FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\istartsurf.xml [2015-08-04] FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\trovi.xml [2015-07-28] FF Extension: Download Protect - C:\Windows\Installer\{52158539-41A3-459C-8A78-55078316FAD9}\{C2DC084E-A476-4CF1-95C5-4CE9119DBF5A}.xpi [2015-12-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\extensions\defsearchp@gmail.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10] FF HKLM-x32\...\Firefox\Extensions: [{C2DC084E-A476-4CF1-95C5-4CE9119DBF5A}] - C:\Windows\Installer\{52158539-41A3-459C-8A78-55078316FAD9}\{C2DC084E-A476-4CF1-95C5-4CE9119DBF5A}.xpi Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-04] CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Claudi\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software) R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [Datei ist nicht signiert] S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.) S4 comyninu; C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\hnscA6FD.tmp [161792 2015-08-04] () [Datei ist nicht signiert] R2 DnsBlockUpdateSvc; C:\Windows\system32\DnsBlockUpdateSvc.exe [149024 2015-11-04] () R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [435064 2014-10-15] () R2 StumbleUponUpdater; C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () [Datei ist nicht signiert] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S4 wezoryro; C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\knsz97BC.tmpfs [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-04] (AVAST Software) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-10-31] (Broadcom Corporation) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-21] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R2 WinDivert64; C:\Windows\system32\drivers\WinDivert64.sys [35376 2013-12-02] (Basil Projects) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-21 17:23 - 2015-12-21 17:23 - 00004096 _____ C:\Users\Public\Documents\0000C632.LCS 2015-12-21 17:23 - 2015-12-21 17:23 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\ProtectDISC 2015-12-21 00:38 - 2015-12-21 00:38 - 00000000 ____D C:\Program Files\{0778E627-5941-4803-AC27-16240AC314C9} 2015-12-21 00:38 - 2015-12-21 00:38 - 00000000 ____D C:\Program Files (x86)\{ADB02D46-9BC0-4670-B856-1B5E920141EA} 2015-12-20 19:33 - 2015-12-20 22:13 - 00000524 _____ C:\Users\Claudi\Desktop\Neues Textdokument.txt 2015-12-20 19:16 - 2015-12-20 19:16 - 00000000 ____D C:\Program Files\{BCA1BFBA-4A99-414B-B033-58D4164ECEDD} 2015-12-20 19:16 - 2015-12-20 19:16 - 00000000 ____D C:\Program Files (x86)\{107711E4-7E9B-447F-8347-5667F3939469} 2015-12-20 19:09 - 2015-12-21 20:17 - 00000000 ____D C:\FRST 2015-12-20 19:06 - 2015-12-21 20:17 - 00000000 ____D C:\Users\Claudi\Desktop\Jackko 2015-12-20 18:36 - 2015-12-21 18:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-20 18:36 - 2015-12-20 18:36 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-20 18:36 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-20 18:36 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-20 18:36 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-20 18:34 - 2015-12-20 18:35 - 22908888 _____ (Malwarebytes ) C:\Users\Claudi\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-20 18:32 - 2015-12-20 18:32 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Sun 2015-12-20 18:32 - 2015-12-20 18:32 - 00000000 ____D C:\Users\Claudi\.oracle_jre_usage 2015-12-20 18:30 - 2015-12-20 18:30 - 00000000 ____D C:\Users\Claudi\AppData\LocalLow\Oracle 2015-12-20 18:26 - 2015-12-21 00:37 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForClaudi.job 2015-12-20 18:26 - 2015-12-20 18:26 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForClaudi 2015-12-20 18:25 - 2015-12-20 18:25 - 02870984 _____ (ESET) C:\Users\Claudi\Downloads\esetsmartinstaller_deu.exe 2015-12-20 18:25 - 2015-12-20 18:25 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-14 19:10 - 2015-12-14 19:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 19:10 - 2015-12-14 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-10 12:46 - 2015-12-10 12:46 - 00000000 ____D C:\ProgramData\Nikon 2015-12-09 19:23 - 2015-12-10 21:30 - 00000000 ____D C:\Windows\system32\MpEngineStore 2015-12-09 19:22 - 2015-12-09 19:22 - 00000000 ____D C:\730793f83abf9adb9e788ebe 2015-12-09 18:39 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 18:39 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 18:39 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 18:38 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 18:38 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 18:38 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-09 18:38 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 18:38 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 18:38 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 18:38 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 18:38 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 18:38 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 18:38 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 18:38 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-09 18:38 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 18:38 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 18:38 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 18:38 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 18:38 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-09 18:38 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 18:38 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 18:38 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 18:38 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 18:38 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 18:38 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 18:38 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 18:38 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 18:38 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 18:38 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-09 18:38 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-09 18:38 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 18:38 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 18:38 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 18:38 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 18:38 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 18:38 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 18:38 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-09 18:38 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 18:38 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 18:38 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 18:37 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-12-09 18:37 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2015-12-09 18:37 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-12-09 18:37 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2015-12-09 18:37 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 18:37 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls 2015-12-09 18:36 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-09 18:36 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-09 18:36 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-09 18:36 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-09 18:36 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-09 18:36 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-09 18:36 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-09 18:36 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-09 18:36 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-09 18:36 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 18:36 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 18:36 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 18:36 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 18:36 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 18:36 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 18:36 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 18:36 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 18:36 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-09 18:36 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 18:36 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 18:36 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-09 18:36 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2015-12-09 18:36 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-12-09 18:36 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-12-09 18:33 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 18:33 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 18:33 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 18:33 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 18:33 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 18:33 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-12-09 18:33 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 18:33 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 18:33 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 18:33 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 18:33 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 18:33 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 18:33 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 18:33 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-09 18:33 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-09 18:33 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-12-09 18:33 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2015-12-09 18:33 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2015-12-09 18:33 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2015-12-09 18:33 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys 2015-12-09 18:33 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2015-12-09 18:33 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2015-12-09 18:32 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe 2015-12-09 18:32 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-12-04 18:55 - 2015-12-04 18:55 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-12-04 18:53 - 2015-12-04 19:03 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Nikon 2015-12-04 18:53 - 2015-12-04 18:53 - 00000000 ____D C:\Users\Claudi\AppData\Local\Nikon 2015-12-04 18:47 - 2015-12-04 18:47 - 00002106 _____ C:\Users\Public\Desktop\Picture Control Utility 2.lnk 2015-12-04 18:47 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Control Utility 2 2015-12-04 18:47 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2 2015-12-04 18:46 - 2015-12-04 18:46 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Plants 2015-12-04 18:46 - 2015-12-04 18:46 - 00000268 ___RH C:\ProgramData\Podcasting 2015-12-04 18:46 - 2015-12-04 18:46 - 00000020 ____H C:\ProgramData\PKP_DLes.DAT 2015-12-04 18:46 - 2015-12-04 18:46 - 00000012 ___RH C:\ProgramData\Resources 2015-12-04 18:46 - 2015-12-04 18:46 - 00000000 ____D C:\Windows\Downloaded Installations 2015-12-04 18:45 - 2015-12-16 18:30 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2015-12-04 18:45 - 2015-12-04 19:03 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Users\Claudi\AppData\Local\Downloaded Installations 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files\Nikon 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files\Common Files\Nikon 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files (x86)\Nikon 2015-12-04 18:45 - 2015-12-04 18:46 - 00000000 ____D C:\ProgramData\Ultima_T15 2015-12-04 18:45 - 2015-12-04 18:46 - 00000000 ____D C:\ProgramData\EnterNHelp 2015-12-04 18:45 - 2015-12-04 18:45 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL 2015-12-04 18:45 - 2015-12-04 18:45 - 00002076 _____ C:\Users\Public\Desktop\ViewNX 2.lnk 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Plug-In Settings 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Planets 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\ProgramData\Pop Flute 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\ProgramData\Plugins 2015-12-04 18:45 - 2015-12-04 18:45 - 00000012 ___RH C:\ProgramData\Robot 2015-12-04 18:45 - 2015-12-04 18:45 - 00000012 ___RH C:\ProgramData\Receipts 2015-12-04 18:45 - 2015-12-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2 2015-12-04 18:44 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 2015-12-04 18:43 - 2015-12-04 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon 2015-12-04 18:31 - 2015-12-04 18:41 - 112637472 _____ C:\Users\Claudi\Downloads\S-VNX2__-021003WF-EURDE-64BIT_.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-04 18:07 - 2015-12-04 18:07 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-04 18:07 - 2015-12-04 18:07 - 00000000 ____D C:\Program Files\Common Files\AV ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-21 20:14 - 2015-03-09 08:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-21 20:08 - 2015-02-21 18:44 - 00000000 ____D C:\Users\Claudi\Documents\Outlook-Dateien 2015-12-21 18:47 - 2015-09-30 18:34 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Skype 2015-12-21 18:36 - 2015-02-22 14:53 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\ClassicShell 2015-12-21 17:50 - 2015-04-09 21:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-21 17:50 - 2015-04-09 21:09 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-21 17:50 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-21 17:48 - 2015-02-21 14:50 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3361543711-125785448-4142314985-1001 2015-12-21 17:40 - 2014-10-31 09:37 - 00801992 _____ C:\Windows\system32\perfh007.dat 2015-12-21 17:40 - 2014-10-31 09:37 - 00174994 _____ C:\Windows\system32\perfc007.dat 2015-12-21 17:40 - 2014-03-18 10:53 - 01924576 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-21 17:40 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-21 17:21 - 2015-02-21 14:47 - 00000000 ____D C:\Users\Claudi\Documents\Youcam 2015-12-21 17:20 - 2015-03-18 21:13 - 00000000 ____D C:\Users\Claudi\OneDrive 2015-12-21 00:38 - 2015-07-25 21:14 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-12-21 00:37 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-20 22:14 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-20 21:01 - 2015-02-21 18:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-12-20 20:53 - 2015-02-21 15:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D2A4AD3-EC4A-4CB2-BE52-001D24320CCA} 2015-12-20 20:32 - 2015-07-27 20:53 - 00000000 ____D C:\Users\Claudi\AppData\Local\SmartWeb 2015-12-20 20:31 - 2015-07-25 21:46 - 00000000 ____D C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735 2015-12-20 19:22 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-20 18:33 - 2015-04-05 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-20 18:33 - 2015-04-05 17:14 - 00000000 ____D C:\ProgramData\Oracle 2015-12-20 18:33 - 2015-04-05 17:14 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-20 18:32 - 2015-04-05 17:15 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-12-20 18:32 - 2015-02-21 14:44 - 00000000 ____D C:\Users\Claudi 2015-12-20 18:24 - 2015-02-21 16:31 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-12-20 18:24 - 2015-02-21 16:31 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-12-20 18:01 - 2013-08-22 15:44 - 00498472 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-16 18:25 - 2015-02-21 14:47 - 00000000 ____D C:\Users\Claudi\AppData\Local\CyberLink 2015-12-14 19:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-12-14 19:10 - 2015-09-30 18:34 - 00000000 ____D C:\Users\Claudi\AppData\Local\Skype 2015-12-14 19:10 - 2015-09-30 18:33 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-14 19:10 - 2015-09-30 18:33 - 00000000 ____D C:\ProgramData\Skype 2015-12-13 19:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-10 12:32 - 2015-02-21 18:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 12:19 - 2015-02-21 17:16 - 00003098 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3361543711-125785448-4142314985-1001 2015-12-09 19:22 - 2015-02-21 19:00 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 19:22 - 2015-02-21 19:00 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 07:14 - 2015-03-09 08:08 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-05 16:22 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-04 18:47 - 2014-10-31 02:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-04 18:19 - 2015-02-21 16:31 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-01 18:19 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-23 20:00 - 2015-02-22 19:42 - 00000000 ____D C:\Users\Claudi\Documents\AeTZ1417 2015-11-22 21:30 - 2015-04-28 12:06 - 00000000 ____D C:\Users\Claudi\Documents\kevin 2015-11-22 13:59 - 2015-02-22 22:02 - 00184320 ___SH C:\Users\Claudi\Desktop\Thumbs.db ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-12 18:37 - 2015-08-12 18:37 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Planets 2015-12-04 18:46 - 2015-12-04 18:46 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Plants 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Plug-In Settings 2015-12-04 18:46 - 2015-12-04 18:46 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2015-12-04 18:45 - 2015-12-16 18:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-12-04 18:45 - 2015-12-04 19:03 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\ProgramData\Plugins 2015-12-04 18:46 - 2015-12-04 18:46 - 0000268 ___RH () C:\ProgramData\Podcasting 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\ProgramData\Pop Flute 2015-12-04 18:45 - 2015-12-04 18:45 - 0000012 ___RH () C:\ProgramData\Receipts 2015-12-04 18:46 - 2015-12-04 18:46 - 0000012 ___RH () C:\ProgramData\Resources 2015-12-04 18:45 - 2015-12-04 18:45 - 0000012 ___RH () C:\ProgramData\Robot Einige Dateien in TEMP: ==================== C:\Users\Claudi\AppData\Local\Temp\1q9fq0zd.dll C:\Users\Claudi\AppData\Local\Temp\avast_secureline_setup.exe C:\Users\Claudi\AppData\Local\Temp\COMAP.EXE C:\Users\Claudi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Claudi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Claudi\AppData\Local\Temp\Extract.exe C:\Users\Claudi\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\Claudi\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Claudi\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Claudi\AppData\Local\Temp\OfficeSetup.exe C:\Users\Claudi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Claudi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Claudi\AppData\Local\Temp\SP68373.exe C:\Users\Claudi\AppData\Local\Temp\SP69404.exe C:\Users\Claudi\AppData\Local\Temp\SP69559.exe C:\Users\Claudi\AppData\Local\Temp\SP69718.exe C:\Users\Claudi\AppData\Local\Temp\SP70271.exe C:\Users\Claudi\AppData\Local\Temp\SP70439.exe C:\Users\Claudi\AppData\Local\Temp\SP71716.exe C:\Users\Claudi\AppData\Local\Temp\Uninstall.exe C:\Users\Claudi\AppData\Local\Temp\_is2C5.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 12:28 ==================== Ende von FRST.txt ============================ FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-12-2015 durchgeführt von Claudi (2015-12-21 20:18:39) Gestartet von C:\Users\Claudi\Desktop\Jackko Windows 8.1 (X64) (2015-02-21 13:44:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3361543711-125785448-4142314985-500 - Administrator - Disabled) Gast (S-1-5-21-3361543711-125785448-4142314985-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3361543711-125785448-4142314985-1003 - Limited - Enabled) Claudi (S-1-5-21-3361543711-125785448-4142314985-1001 - Administrator - Enabled) => C:\Users\Claudi Jackko (S-1-5-21-3361543711-125785448-4142314985-1004 - Administrator - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Amazon Music (HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) avast! SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.139.2 - AVAST Software) Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation) BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.82 - Buffalo Inc.) Build-a-lot (x32 Version: 3.0.2.59 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.3.5715 - Ihr Firmenname) Hidden CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2.3324 - Ihr Firmenname) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.) Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - ) FRITZ!Powerline (HKLM-x32\...\{F9C9378B-78D5-4CC0-8683-B7915DFEA9C5}) (Version: 01.00.65 - AVM Berlin) Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{6AAEDF97-4B93-4169-8FCA-FCB0378CED52}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{1E7F409E-E35A-4DF8-BF5C-FE34B74B640E}) (Version: 7.6.31.30 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon) Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.24 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.2 - Nikon) Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.) Scansoft PDF Professional (x32 Version: - ) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ACHTUNG SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden UpgradeText (HKLM-x32\...\{1146AC44-2F03-4431-B4FD-889BC837521F}{144046c7}) (Version: - Software Publisher) Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.3 - Nikon) Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App für HP (x32 Version: 4.0.11.14 - WildTangent) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 04-12-2015 18:44:18 Installiert "ViewNX 2" 09-12-2015 19:18:53 Windows Update 21-12-2015 17:48:57 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {05D562B8-84AD-420E-A83F-E8A3A0085BDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.) Task: {208AB745-1D7C-454D-AA3F-E6221617CBC8} - System32\Tasks\{AC8F6FD5-4546-4D8F-9545-445326414489} => Firefox.exe hxxp://ui.skype.com/ui/0/7.11.0.102/de/abandoninstall?source=lightinstaller&page=tsInstall Task: {2FF8837C-4B56-4B00-91A5-79C60E2804FF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {318D1321-CC25-4847-8D89-0E3F3E51FD98} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software) Task: {42801711-C539-4D41-A30F-2CB64AFD175F} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard) Task: {5768876A-154B-4EA2-9191-E4F54D2F948A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3361543711-125785448-4142314985-1001 => C:\Users\Claudi\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-10] (Microsoft Corporation) Task: {63153D22-0346-49BB-955A-E1E5BF156E60} - System32\Tasks\HPCeeScheduleForClaudi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {64DDB6EE-3DF5-4FDA-AB45-79681E4058C7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.) Task: {83B6F729-E4D3-4447-B0D7-A5D66B70FD3F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation) Task: {9026E826-5543-4268-ADBB-D991E1D5D8A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-04] (AVAST Software) Task: {932CAD7E-AEDD-406C-ACD8-84FF944E98A6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {93B24F84-6CE3-4A72-98FE-85C115CFBABF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {98F2F77F-1F3A-49E7-B33D-8C376C8E4254} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.) Task: {AB747E4E-5D5B-44F8-BB2F-5AD75EEA22D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.) Task: {AC0C291E-6537-43E6-96D3-C7D82B4557FE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-09-15] () Task: {C91FB7ED-110C-4326-B92B-E672E1334B9A} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2014-10-15] (AVAST Software) Task: {D55B8052-CE2B-43CF-BAD2-2E0D10059C2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company) Task: {DB1BC467-BF91-4FD9-9DB3-381C963C8013} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard) Task: {E912F5BB-0B11-4B53-8008-4940339761B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-11-30] (Hewlett-Packard) Task: {EF99235D-0665-41E3-B83B-10987E181DF9} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard) Task: {F9DD2CC8-CADC-4BA8-B1BD-2FCFB4F09F9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForClaudi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/ ShortcutWithArgument: C:\Users\Claudi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/ ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-09-27 13:40 - 2014-09-27 13:40 - 02150400 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-09-27 13:39 - 2014-09-27 13:39 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-09-27 13:39 - 2014-09-27 13:39 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-09-27 13:39 - 2014-09-27 13:39 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-09-27 13:48 - 2014-09-27 13:48 - 00420432 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-09-27 13:48 - 2014-09-27 13:48 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2015-07-25 21:13 - 2015-11-04 19:03 - 00149024 ____N () C:\Windows\system32\DnsBlockUpdateSvc.exe 2014-10-31 04:30 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-10-31 04:10 - 2014-10-15 15:02 - 00435064 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 2011-11-22 09:59 - 2011-11-22 09:59 - 00018432 _____ () C:\Users\Claudi\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe 2014-10-31 03:49 - 2014-09-27 04:19 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-27 13:42 - 2014-09-27 13:42 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2015-06-13 16:14 - 2015-09-15 06:07 - 05887808 _____ () C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-04 18:19 - 2015-12-04 18:19 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-12-20 18:03 - 2015-12-20 18:03 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122000\algo.dll 2015-12-04 18:19 - 2015-12-04 18:19 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-12-21 00:38 - 2015-12-21 00:38 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122001\algo.dll 2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-10-31 04:10 - 2014-10-15 15:02 - 38561576 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll 2015-12-04 18:19 - 2015-12-04 18:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows\system32\DnsBlockUpdateSvc.exe:IID ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.11.254 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{575A09D0-EE3B-4EFE-A3E4-F4EBA319C64D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EB21DE04-C4C7-4267-9F18-74921C1A1F98}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B73EC55B-AFAB-45A5-946C-C5CC43019E27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{F9257F93-A7D2-4EFB-A88D-1144D58D05B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{17E1D799-A89C-4EB6-97B3-19C565E07E71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7B6E04F0-2866-413B-B740-004361BCA36B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C5E2CF70-8621-4107-9CF5-49B7FE15A0D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9868981E-48F1-4C46-AE1B-414F2188227B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{994BA670-945D-444C-9E49-8605DE58A059}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9AC8CB4F-F594-4F70-8E8B-0FF0872005BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4934645F-DB36-4B72-AB75-67D3B4F5FAA2}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{C85CCDF3-312D-42CD-8CF1-8BE41BBAE14D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{2848477A-7592-4D94-BF5B-DAFC34A80075}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{84B99008-2874-4C2A-A35D-543E8129AE7C}] => (Allow) C:\Users\Claudi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{09B7F46E-F153-4CAB-8790-4AC49B7252DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BA45C7C1-E542-4D3A-8D68-77DAFD9B4527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{39451594-6898-4021-8FA6-8DCAD4EBF700}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{CF98E35F-ECC2-44AC-94D5-D4E99FA23E27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{B9A289C4-39FC-46AD-9D0E-F6342B40F0F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{DE223FA4-98F7-4947-9600-EB19172F77AC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{F87C1DB0-1E52-4C24-89FC-440F10616F81}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{5A53BAE0-4EB8-4589-8568-6DED8B5A21B8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{1BC62E38-2C45-46F6-B203-7205B8760F08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe FirewallRules: [TCP Query User{B8FC367A-D4CD-47AD-95E2-0B09DF19300E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{13265336-A5A0-4006-99E4-83BC1AE31286}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{CEBBBE56-3F97-4B69-A4E1-34FD6F2FB19C}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe FirewallRules: [{A0929CDD-9C53-4A0C-9C84-34B54AF92DC0}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe FirewallRules: [{677BCEA3-F764-4DF0-919A-BE65EF2C3B04}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe FirewallRules: [TCP Query User{1F638EDE-2F47-48D8-8F0A-9EFC515018D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{B2B97514-CD1A-44C1-9DE9-4B48F03D5030}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{87D28865-81D6-4A2C-835F-EA3A9FE5DD3D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{455543D7-04EB-4244-B596-8C484899BA01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{08E27F0C-7770-4A12-9896-212D66BF67D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B404F397-F4AF-481A-AD80-2C6FC37C6C4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E5A5841C-5CEB-41E3-9BCD-35BAAF5E5273}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/21/2015 05:50:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/21/2015 06:40:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14734 Error: (12/21/2015 06:40:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 14734 Error: (12/21/2015 06:40:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/21/2015 06:36:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21372328 Error: (12/21/2015 06:36:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 21372328 Error: (12/21/2015 06:36:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/20/2015 06:47:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:47:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/20/2015 06:47:09 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Systemfehler: ============= Error: (12/21/2015 07:45:39 PM) (Source: DCOM) (EventID: 10010) (User: ClaudiS-HP) Description: {84F66100-FF7C-4FB4-B0C0-02CD7FB668FE} Error: (12/20/2015 10:14:10 PM) (Source: DCOM) (EventID: 10010) (User: ClaudiS-HP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (12/20/2015 10:14:10 PM) (Source: DCOM) (EventID: 10010) (User: ClaudiS-HP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (12/20/2015 10:14:09 PM) (Source: DCOM) (EventID: 10010) (User: ClaudiS-HP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (12/20/2015 10:14:09 PM) (Source: DCOM) (EventID: 10010) (User: ClaudiS-HP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (12/20/2015 10:14:09 PM) (Source: DCOM) (EventID: 10010) (User: ClaudiS-HP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (12/20/2015 06:26:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/20/2015 06:26:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Claudi\AppData\Local\Temp\ehdrv.sys Error: (12/20/2015 06:26:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/20/2015 06:26:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Claudi\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2015-07-27 22:28:10.316 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:09:08.821 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:06:14.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:06:13.887 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:06:06.836 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 22:05:26.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 17:45:16.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-25 17:45:16.392 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz Prozentuale Nutzung des RAM: 33% Installierter physikalischer RAM: 8114.27 MB Verfügbarer physikalischer RAM: 5394.87 MB Summe virtueller Speicher: 9394.27 MB Verfügbarer virtueller Speicher: 6407.44 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:906.46 GB) (Free:825.69 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:24.04 GB) (Free:2.67 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: DC13FC01) Partition: GPT. ==================== Ende von Addition.txt ============================ Hier noch das AVAST Log aswBOOT.txt Code:
ATTFilter 08/04/2015 18:12 Prüfung aller lokalen Laufwerke Datei C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\wordsurfer-setup-1.10.0.19[1].exe ist infiziert von Win32:Adware-gen [Adw], In Container verschoben Datei C:\Windows\Temp\6EDE.tmp.exe ist infiziert von Win32:Adware-gen [Adw], In Container verschoben Anzahl durchsuchter Ordner: 47880 Anzahl der geprüften Dateien: 255016 Anzahl infizierter Dateien: 2 ---------------------------------------- 12/20/2015 22:14 Prüfung aller lokalen Laufwerke Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-02-23 181301\Backup files 32.zip|>C\Users\Claudi\Downloads\iTunes64Setup.exe|>AppleApplicationSupport.msi Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-02-23 181301\Backup files 13.zip|>C\Users\Claudi\Downloads\BandooV7.exe ist infiziert von Win32:Adware-gen [Adw], In Container verschoben Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-02-23 181301\Backup files 13.zip|>C\Users\Claudi\Downloads\geburtstagszeitung setup.exe|>[UPX] ist infiziert von Win32:PUP-gen [PUP], In Container verschoben Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-02-23 181301\Backup files 16.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_|>shdocvw.dll Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-02-23 181301\Backup files 16.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_ Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-02-23 181301\Backup files 7.zip|>C\Users\Claudi\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe|>.\.\.\Setup.exe Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-03-09 214804\Backup files 4.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_|>shdocvw.dll Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-03-09 214804\Backup files 4.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_ Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-05-11 191125\Backup files 9.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_|>shdocvw.dll Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-05-11 191125\Backup files 9.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_ Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-08-03 181649\Backup files 8.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_|>shdocvw.dll Fehler 42127 {CAB-Archiv ist beschädigt.} Datei F:\Claudi-HP\Backup Set 2014-02-23 181301\Backup Files 2014-08-03 181649\Backup files 8.zip|>C\Users\Claudi\Documents\Claudi alter PC\Eigene Dateien\Jackko\WindowsXP-KB936929-SP3-x86-DEU.exe|>i386\shdocvw.dl_ Fehler 42127 {CAB-Archiv ist beschädigt.} Datei C:\Program Files\AVAST Software\Avast\{BD1E1CCF-9E11-46D2-9467-143CFB90F3AB}\update.cab|>libcef.dll.diff Fehler 42127 {CAB-Archiv ist beschädigt.} Datei C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\1[1].zip|>uninstallDlg2.xml ist infiziert von XML:Adware-B [Adw], In Container verschoben Datei C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\1[1].zip|>UninstallManager.exe ist infiziert von Win32:Adware-DAD [Adw], In Container verschoben Datei C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\1[1].zip|>cleanup.dll ist infiziert von Win32:Adware-DAP [Adw], In Container verschoben Datei C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\firefox.zip[1].001|>chrome.packed.7z Fehler 42125 {ZIP-Archiv ist beschädigt.} Datei C:\Users\Claudi\AppData\Roaming\DropboxOEM\download\f4teog13.42p\DropboxFull_3.2.6.exe|>$0\plugins\accessible\$0\Qt5Webkit.dll Fehler 42145 {Installationsarchiv ist beschädigt.} Datei C:\Users\Claudi\Downloads\MAGIX_Foto_Designer_7_DE [1].exe ist infiziert von Win32:Adware-gen [Adw], In Container verschoben Datei C:\Users\Claudi\Downloads\phoxo_8.3.0.zip|>phoxo.exe|>$_OUTDIR\material\001\030.png Fehler 42145 {Installationsarchiv ist beschädigt.} Datei C:\Users\Claudi\Downloads\phoxo_8.3.0.zip|>phoxo.exe Fehler 42125 {ZIP-Archiv ist beschädigt.} Anzahl durchsuchter Ordner: 50294 Anzahl der geprüften Dateien: 1619218 Anzahl infizierter Dateien: 6 |
21.12.2015, 20:53 | #4 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Und hier noch der Malwarebyte Scan Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 21.12.2015 Suchlaufzeit: 20:22 Protokolldatei: mbam-02.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.21.05 Rootkit-Datenbank: v2015.12.18.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Claudi Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346586 Abgelaufene Zeit: 21 Min., 29 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.DNSBlock.BrwsrFlsh, C:\Windows\System32\DnsBlockUpdateSvc.exe, 1360, , [8c2d3176bad153e34155b0d6ef14d927] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 72 PUP.Optional.BrowseFox.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu, , [c2f78126e4a7cf67cae3926e11ef926e], PUP.Optional.BrowseFox.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wezoryro, , [eacf6b3ced9e0f27525b0bf520e014ec], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect.1, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect.1, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [b8014067ee9d10269dabd18919e92dd3], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.SupTab, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, , [efca1d8a2764df5724f7a4bc2bd7b14f], PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [fdbc089f0c7f1b1b3c218daaa2609e62], PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [fdbc089f0c7f1b1b3c218daaa2609e62], PUP.Optional.TaskRNDM, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, , [c6f300a7c1cacb6b66a6075bd42e7a86], PUP.Optional.DNSBlock.BrwsrFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DnsBlockUpdateSvc, , [8c2d3176bad153e34155b0d6ef14d927], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL, , [c4f5337499f287af347fe5263aca02fe], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DPBHO.DLL, , [cbeed3d4e6a5a78f07ac0dfed62ec838], PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\InstallationStatsUploder_RASAPI32, , [3e7be6c1117abd7905dbb65651b37b85], PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\InstallationStatsUploder_RASMANCS, , [81384166107b7abc17c988849d6746ba], PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\SECURITYUTILITY, , [d5e4dbcc6b20a78f1022ae5743c1fb05], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\Crossbrowse, , [3188edba5b308da9f875aaea1fe40ff1], PUP.Optional.FFPluginHp, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, , [befbcaddbecde650398f9309e02312ee], PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [6c4d2285226975c12d645b48f40f718f], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [bbfe8d1ab5d681b5c5d255a11ee52ed2], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supTab, , [b10836710b809e9808f9a1694abaa858], PUP.Optional.WPM, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [c5f463446c1f7bbb6d838d3b2bd8d12f], PUP.Optional.WordSurfer, HKLM\SOFTWARE\WOW6432NODE\WordSurfer_1.10.0.19, , [0dacc6e144478fa7b62beeda4ab99070], PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [e5d4c7e05239cf67aeffe2dd60a3d32d], PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, , [ffbaabfc92f94fe7505e0db204ffb64a], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DPBHO.DLL, , [5069b3f4cac1f93d9a1926e50ff555ab], PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordSurferAutoUpdateClient_RASAPI32, , [308997104b4044f26b0fbb3bf80be917], PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordSurferAutoUpdateClient_RASMANCS, , [cfeaeeb9503b3105c3b7d422df24ce32], PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [72476f381873d0669b2ac6ff867d1fe1], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{144046c7}, , [a217e1c6bad18aac785cb0fd41c213ed], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, , [0aaf1a8df794cf6772624d603ac918e8], PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, , [79407b2c365564d25f7811f0e61e05fb], PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY, , [4d6cd4d37714b5815fd3e124cb39748c], PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP, , [06b3c7e08308da5c79721894fc0760a0], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [a118ced9e6a560d6b7f68a3923e08d73], PUP.Optional.WordSurfer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsafd_1_10_0_19, , [eccd3c6bbbd03303ae340ebaee15d52b], PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [5366f2b5ef9cb6803719ae1ac63d6e92], PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [e1d82d7a830802348425f8c79d6614ec], PUP.Optional.CrossBrowse, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\Crossbrowse, , [40799c0b1576b97d0d5b2371b053857b], PUP.Optional.CrossBrowse, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\CrossBrowser, , [cbeec3e40289043286e2385cb74c837d], PUP.Optional.InstallCore, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\ICSW1.11, , [1b9e4f5895f6e94db7f61a8a3ec5b44c], PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [15a43e693952d85ec6e3497617ec1ce4], PUP.Optional.SmartWeb, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\APPDATALOW\SOFTWARE\SmartWeb, , [8633b6f11b70c472287ce228669e21df], PUP.Optional.GamesDesktop, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\GAMESDESKTOP, , [f0c92e79fe8d999de1f5a0fed92ab64a], PUP.Optional.Trovi, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [3584e9be7e0d61d5b19306bd3bc85fa1], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [4277bbeca8e34beba686c2bc26ddd42c], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, , [a217fdaa731884b2f03c433bfa09c63a], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [ceeb386ffb9039fdfa32720ceb18cf31], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D7D1189B-32FC-4BB1-8E12-D6FCF05F0437}, , [4b6e3473e3a851e5e04cb2cc996abe42], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, , [dedb4067e6a56cca41eb5826cb3839c7], PUP.Optional.ProductSetup, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\PRODUCTSETUP, , [29909314424958de8224318338cb6b95], PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\SUPER OPTIMIZER, , [e2d7b3f41a71c274595347780cf72cd4], Registrierungswerte: 26 PUP.Optional.3DBubbleSound, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3D BubbleSound, "C:\Program Files\BubbleSound\3D BubbleSound.exe", , [a1188a1d93f83402fd210d7b05fe2ad6] PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\SECURITYUTILITY|Install_Dir, C:\ProgramData\SecurityUtility, , [d5e4dbcc6b20a78f1022ae5743c1fb05] PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_005010043, , [04b52681fb9083b317c3702e4cb79e62], PUP.Optional.DefaultSearchProtected, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|defsearchp@gmail.com, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\extensions\defsearchp@gmail.com, , [45742384a9e214228bef4a4ea0635ba5] PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C2DC084E-A476-4CF1-95C5-4CE9119DBF5A}, C:\Windows\Installer\{52158539-41A3-459C-8A78-55078316FAD9}\{C2DC084E-A476-4CF1-95C5-4CE9119DBF5A}.xpi, , [40791790e5a6a492697b5e3b44bf3dc3] PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY|Install_Dir, C:\ProgramData\SecurityUtility, , [4d6cd4d37714b5815fd3e124cb39748c] PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\MiuiTab, , [06b3c7e08308da5c79721894fc0760a0] PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, , [8c2de0c7068567cfd90005bae2218b75] PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 27DC23C4-1E7C-45FA-91EA-995545CAD638, , [a118ced9e6a560d6b7f68a3923e08d73] PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu|ImagePath, C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\hnscA6FD.tmp, , [dcdd1097e1aac472f4e56d4057ac5fa1] PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wezoryro|ImagePath, C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\knsz97BC.tmpfs, , [dfda8c1b0c7ff2447d5c1598b74ce818] PUP.Optional.GamesDesktop, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\GAMESDESKTOP|mj, 15.07.27.0, , [f0c92e79fe8d999de1f5a0fed92ab64a] PUP.Optional.WebBar, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe, 11000, , [912834738cff74c20ead41ca26de8878] PUP.Optional.Trovi, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M8BAAAD7C-8818-4689-A938-D73D3AAEB233&SearchSource=58&CUI=&UM=8&UP=SPF5D2393B-E80E-47A9-ABAC-5B1D1907F2F1&D=072715&q={searchTerms}&SSPV=SP30367TA_sp_ie, , [8a2faafdb9d276c0a1a25b68b84b867a] PUP.Optional.Conduit, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, , [09b01592d5b6ae887b47227051b2dc24] PUP.Optional.Trovi, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, , [b801dec90e7d2a0cb78cb0138d767987] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms}, , [4277bbeca8e34beba686c2bc26ddd42c] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms}, , [a217fdaa731884b2f03c433bfa09c63a] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.istartsurf.com//favicon.ico, , [05b4baed3d4e69cdf53794eaf80b47b9] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, , [ceeb386ffb9039fdfa32720ceb18cf31] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms}, , [efca0a9d791245f139f3a8d6768dac54] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D7D1189B-32FC-4BB1-8E12-D6FCF05F0437}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms}, , [4b6e3473e3a851e5e04cb2cc996abe42] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&ts=1437852459&type=default&q={searchTerms}, , [dedb4067e6a56cca41eb5826cb3839c7] PUP.Optional.ProductSetup, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\PRODUCTSETUP|tb, 0N1L2O1N1M0A1I, , [29909314424958de8224318338cb6b95] PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\Claudi\AppData\Local\Temp\is628679143\4FC80193_stp\SuperOptimizer.exe, , [e2d7b3f41a71c274595347780cf72cd4] PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3361543711-125785448-4142314985-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, hxxp://supc4.superpctools.revenuewire.net/spu/register?221001849_40B9B6EE-AC2A-4A49-B7B1-4A5D0278DC30, , [f8c1c7e047447bbbbbf0a31cc83bd22e] Registrierungsdaten: 4 PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms}),,[3d7c089fe0ab6ec82b99b1d1e51f8080] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX),,[2c8dd1d6dfac3ef8edd7b8caaf5560a0] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1437852445&z=f6aeab63f0e9cef73e2e890g7z4c1mab3w3o8z1g5z&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX),,[8f2a1b8cdab1ac8a5a6a206262a256aa] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437852352&z=dd0dcfb9070be0578bc22c4gezcc4m3b8w6o3c8o9g&from=cor&uid=HGSTXHTS541010A9E680_JD1008DMG3ZTVWG3ZTVWX&q={searchTerms}),,[5b5eeeb97a112d092a9ad5ad2cd8ac54] Ordner: 11 PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.DownloadProtect, C:\Windows\Installer\{4B5BAC7E-829C-4EEA-8425-49CC2B22C677}, , [9d1c3f688803ff37d2fec4d5b35006fa], PUP.Optional.DownloadProtect, C:\Windows\Installer\{9575CBCD-6B68-450F-8559-34215DC69826}, , [6b4e6344454640f6e9e79bfe35ceab55], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\Local\SmartWeb, , [a019ced95437e452a4c52399fa094eb2], PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, , [3485089f91fa6bcbb2dc04c29271b14f], PUP.Optional.DNSBlock.BrwsrFlsh, C:\Users\Claudi\AppData\Local\DnsBlock, , [66530c9b5734a1953e76c3bc0cf6d828], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{107711E4-7E9B-447F-8347-5667F3939469}, , [5069bdea7a119e98919c595ed232a25e], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{ADB02D46-9BC0-4670-B856-1B5E920141EA}, , [4f6a6641b5d678be73ba793e12f2d52b], PUP.Optional.DownloadProtect, C:\Program Files\{0778E627-5941-4803-AC27-16240AC314C9}, , [e1d803a4c6c5cc6a9697b106fc08c937], PUP.Optional.DownloadProtect, C:\Program Files\{BCA1BFBA-4A99-414B-B033-58D4164ECEDD}, , [af0a0a9db5d69b9b5cd153644db7ad53], Dateien: 62 PUP.Optional.BrowseFox.Generic, C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\hnscA6FD.tmp, , [c2f78126e4a7cf67cae3926e11ef926e], PUP.Optional.BrowseFox.Generic, C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\knsz97BC.tmpfs, , [eacf6b3ced9e0f27525b0bf520e014ec], PUP.Optional.CheckOffer, C:\Users\Claudi\AppData\Local\Temp\nscE571.tmp\nsCBHTML5.dll, , [e2d7fea9bbd057df1e2354b441c0be42], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\istartsurf.xml, , [9c1d8d1a1873d95d8298f9bb49b9d52b], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\wlu.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\1.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\16881.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\2229.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\2260.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\2501.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\25615.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\41.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\a.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\b.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\c.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\d.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\e.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\f.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\g.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\h.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\i.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\j.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\k.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\l.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\m.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\n.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\o.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\p.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\q.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\r.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\s.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\t.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\u.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\v.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\w.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\x.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\y.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\LocalLow\SmartWeb\Data\z.txt, , [33866344bbd054e2d7ac344f44bfe11f], PUP.Optional.DNSBlock.BrwsrFlsh, C:\Windows\System32\DnsBlockUpdateSvc.exe, , [8c2d3176bad153e34155b0d6ef14d927], PUP.Optional.DNSBlocker.BrwsrFlsh, C:\Windows\System32\dns.block, , [dbde297e5f2ca5919efcceb8669dab55], PUP.Optional.DNSBlocker.BrwsrFlsh, C:\Windows\SysWOW64\dns.block, , [b702b9ee29621d19ddbdc9bd20e3ad53], PUP.Optional.DownloadProtect, C:\Windows\Installer\{4B5BAC7E-829C-4EEA-8425-49CC2B22C677}\ccgknalmffncgopfhbgjbfnakbimfkbomrx, , [9d1c3f688803ff37d2fec4d5b35006fa], PUP.Optional.DownloadProtect, C:\Windows\Installer\{4B5BAC7E-829C-4EEA-8425-49CC2B22C677}\xcgknalmffncgopfhbgjbfnakbimfkbomml, , [9d1c3f688803ff37d2fec4d5b35006fa], PUP.Optional.DownloadProtect, C:\Windows\Installer\{9575CBCD-6B68-450F-8559-34215DC69826}\ccdcegkhogmillleicjdeecmplnilkamcrx, , [6b4e6344454640f6e9e79bfe35ceab55], PUP.Optional.DownloadProtect, C:\Windows\Installer\{9575CBCD-6B68-450F-8559-34215DC69826}\xcdcegkhogmillleicjdeecmplnilkamcml, , [6b4e6344454640f6e9e79bfe35ceab55], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\Local\SmartWeb\uninst.lnk, , [a019ced95437e452a4c52399fa094eb2], PUP.Optional.SmartWeb, C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk, , [d5e48225434843f3b6b4c8f4a261b749], PUP.Optional.Trovi, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\trovi.xml, , [08b18324583387afa39ba32006fd2dd3], PUP.Optional.Vitruvian, C:\Users\Claudi\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, , [ad0cd0d71477b086b1eea124c73c59a7], PUP.Optional.Vitruvian, C:\Users\Claudi\AppData\Local\Temp\vitruvian-installer-install-v0003, , [0dac5d4a3259ca6c4c53c00519eaf50b], PUP.Optional.Vitruvian, C:\Users\Claudi\AppData\Local\Temp\vitruvian-installer-processes-v0002, , [4772624592f9a2948b14e6df22e11be5], PUP.Optional.Vitruvian, C:\Users\Claudi\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, , [6356bceb06854ee89a05ecd98d76af51], PUP.Optional.Vitruvian, C:\Users\Claudi\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, , [a811d0d7cbc068ce8e11af162fd48e72], PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, , [3485089f91fa6bcbb2dc04c29271b14f], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{107711E4-7E9B-447F-8347-5667F3939469}\config.json, , [5069bdea7a119e98919c595ed232a25e], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{107711E4-7E9B-447F-8347-5667F3939469}\def.bin, , [5069bdea7a119e98919c595ed232a25e], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{ADB02D46-9BC0-4670-B856-1B5E920141EA}\config.json, , [4f6a6641b5d678be73ba793e12f2d52b], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{ADB02D46-9BC0-4670-B856-1B5E920141EA}\def.bin, , [4f6a6641b5d678be73ba793e12f2d52b], PUP.Optional.DownloadProtect, C:\Program Files\{0778E627-5941-4803-AC27-16240AC314C9}\config.json, , [e1d803a4c6c5cc6a9697b106fc08c937], PUP.Optional.DownloadProtect, C:\Program Files\{0778E627-5941-4803-AC27-16240AC314C9}\def.bin, , [e1d803a4c6c5cc6a9697b106fc08c937], PUP.Optional.DownloadProtect, C:\Program Files\{BCA1BFBA-4A99-414B-B033-58D4164ECEDD}\config.json, , [af0a0a9db5d69b9b5cd153644db7ad53], PUP.Optional.DownloadProtect, C:\Program Files\{BCA1BFBA-4A99-414B-B033-58D4164ECEDD}\def.bin, , [af0a0a9db5d69b9b5cd153644db7ad53], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) und Hallo Dennis, bevor ich das vergesse, schon mal Danke fürs Drüberschauen !! Gruss Karl-Heinz |
21.12.2015, 21:11 | #5 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hi, Schritt # 1: AttentionUninstaller Deaktiviere deinen Virenscanner, damit AttentionUninstaller sauber durchläuft! Bitte lade dir die passende Version von AttentionUninstaller auf deinen Desktop: AttentionUninstaller 32-Bit | AttentionUninstaller 64-Bit
Schritt # 2: AdwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt # 3: FRST Bitte noch ein frisches FRST-Log. Schritt # 4: Bitte Posten
|
21.12.2015, 21:33 | #6 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter OK, AVAST ist deaktiviert Attention Uninstaller Log Code:
ATTFilter 21.12.2015 21:29:30: Deinstallation gestartet... 21.12.2015 21:29:30: Es wurde keine Deinstallationsliste gefunden. 21.12.2015 21:29:30: Beliebige Taste zum Beenden drücken... |
21.12.2015, 21:34 | #7 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hi, leg die Additions.txt auf den Desktop und führ AttentionUninstaller nochmal aus. |
21.12.2015, 22:03 | #8 | |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hier das AdwCleaner Log Code:
ATTFilter # AdwCleaner v5.026 - Bericht erstellt am 21/12/2015 um 21:40:32 # Aktualisiert am 21/12/2015 von Xplode # Datenbank : 2015-12-21.3 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Claudi - ClaudiS-HP # Gestartet von : C:\Users\Claudi\Desktop\Jackko\adwcleaner_5.026.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** [-] Dienst Gelöscht : StumbleUponUpdater [-] Dienst Gelöscht : WinDivert64 [-] Dienst Gelöscht : DnsBlockUpdateSvc [-] Dienst Gelöscht : comyninu [-] Dienst Gelöscht : wezoryro [-] Dienst Gelöscht : wsafd_1_10_0_19 ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\Program Files\{A1AB7C1C-7EFE-4EB7-99FE-124B68D13B65} [-] Ordner Gelöscht : C:\Program Files\{BCA1BFBA-4A99-414B-B033-58D4164ECEDD} [-] Ordner Gelöscht : C:\Program Files (x86)\predm [-] Ordner Gelöscht : C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735 [-] Ordner Gelöscht : C:\Program Files (x86)\{107711E4-7E9B-447F-8347-5667F3939469} [-] Ordner Gelöscht : C:\Program Files (x86)\{A1A8AD89-4612-4991-9FFD-D929D8B45BA3} [-] Ordner Gelöscht : C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8 [-] Ordner Gelöscht : C:\ProgramData\e1c6951800003e05 [-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedMon [-] Ordner Gelöscht : C:\Users\Claudi\AppData\Local\SmartWeb [-] Ordner Gelöscht : C:\Users\Claudi\AppData\Local\DnsBlock [-] Ordner Gelöscht : C:\Users\Claudi\AppData\LocalLow\StumbleUpon [-] Ordner Gelöscht : C:\Users\Claudi\AppData\LocalLow\SmartWeb [-] Ordner Gelöscht : C:\Windows\Installer\{7F410AB3-28EC-47FF-B885-5C6CDDC16F0C} [-] Ordner Gelöscht : C:\Windows\Installer\{9575CBCD-6B68-450F-8559-34215DC69826} [-] Ordner Gelöscht : C:\Windows\Installer\{FFCC605F-2626-4517-9F6A-B8C14FD37118} ***** [ Dateien ] ***** [-] Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [-] Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\istartsurf.xml [-] Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\trovi.xml [-] Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\user.js [-] Datei Gelöscht : C:\Windows\SysNative\DnsBlockUpdateSvc.exe [-] Datei Gelöscht : C:\Windows\SysNative\dns.block [-] Datei Gelöscht : C:\Windows\SysNative\GroupPolicy\Machine\Registry.pol [-] Datei Gelöscht : C:\Windows\SysNative\GroupPolicy\GPT.ini [-] Datei Gelöscht : C:\Windows\SysNative\drivers\WinDivert64.sys [-] Datei Gelöscht : C:\Windows\SysWOW64\dns.block ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** [-] Verknüpfung Desinfiziert : C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk [-] Verknüpfung Desinfiziert : C:\Users\Claudi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL [-] Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect [-] Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1 [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1 [-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [-] Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL [-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_de_005010043] [-] Schlüssel Gelöscht : HKLM\SOFTWARE\dc313add-a48d-a4dd-57c5-0362eb21eddb [-] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com] [-] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{2BF23CC9-ADAB-4F08-AABB-73DDEA83481B}] [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{14E81E45-9C4E-4C43-8C97-BCD59266556E} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E7BF74EE-9106-4113-B216-2F980BA29141} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6F4BCE24-003F-40F1-BBD7-D46663BF95FC} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1F91A9A1-01BA-4C81-863D-3BA0751E1419} [-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}] [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{14E81E45-9C4E-4C43-8C97-BCD59266556E} [-] Schlüssel Gelöscht : HKCU\Software\OCS [-] Schlüssel Gelöscht : HKCU\Software\StumbleUpon [-] Schlüssel Gelöscht : HKCU\Software\GAMESDESKTOP [-] Schlüssel Gelöscht : HKCU\Software\Super Optimizer [-] Schlüssel Gelöscht : HKCU\Software\CrossBrowser [-] Schlüssel Gelöscht : HKCU\Software\PRODUCTSETUP [-] Schlüssel Gelöscht : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} [-] Schlüssel Gelöscht : HKCU\Software\DownloadProtect [-] Schlüssel Gelöscht : HKCU\Software\SpeedMon [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Tinstalls [-] Schlüssel Gelöscht : HKCU\Software\Crossbrowse [-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} [-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon [-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb [-] Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware [-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp [-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab [-] Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials [-] Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect [-] Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp [-] Schlüssel Gelöscht : HKLM\SOFTWARE\SecurityUtility [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SecurityUtility [-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} [-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] [-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] [-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] [-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D7D1189B-32FC-4BB1-8E12-D6FCF05F0437} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} ***** [ Internetbrowser ] ***** [-] [C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.hiddenOneOffs", "istartsurf"); [-] [C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false); [-] [C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10112 Bytes] ########## Zitat:
Code:
ATTFilter 21.12.2015 22:01:30: Deinstallation gestartet... 21.12.2015 22:01:30: Setup ist nicht installiert. 21.12.2015 22:01:30: Beliebige Taste zum Beenden drücken... |
21.12.2015, 22:08 | #9 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Nein, passt schon. Der AttentionUninstaller sucht aber nur auf dem Desktop nach den Logs. Der AdwCleaner hat aber eh schon das Zeugs entfernt das weg gehört. Einfach weitermachen |
21.12.2015, 22:08 | #10 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter FRST Log neu Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015 durchgeführt von Claudi (Administrator) auf ClaudiS-HP (21-12-2015 22:06:14) Gestartet von C:\Users\Claudi\Desktop Geladene Profile: Claudi (Verfügbare Profile: Claudi) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVM GmbH) C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe () C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Buffalo Inc.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [Amazon Music] => C:\Users\Claudi\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-09-15] () HKU\S-1-5-21-3361543711-125785448-4142314985-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-04] (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2014-10-31] ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2015-08-04] ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2015-08-04] ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.11.254 192.168.0.1 Tcpip\..\Interfaces\{9D3A08C7-B385-4B62-A999-566051641C5E}: [DhcpNameServer] 192.168.11.254 Tcpip\..\Interfaces\{C8727673-5237-4FFF-A9A5-C08379F70019}: [DhcpNameServer] 192.168.11.254 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3361543711-125785448-4142314985-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {D7D1189B-32FC-4BB1-8E12-D6FCF05F0437} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-3361543711-125785448-4142314985-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-20] (Oracle Corporation) BHO-x32: Kein Name -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> Keine Datei BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-20] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google FF SelectedSearchEngine: google FF Homepage: hxxp://www.google.de?hl=de&gl=de FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF SearchPlugin: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\khsuv2fr.default\searchplugins\google-avast.xml [2015-08-23] FF Extension: Kein Name - C:\Windows\Installer\{FFCC605F-2626-4517-9F6A-B8C14FD37118}\{2BF23CC9-ADAB-4F08-AABB-73DDEA83481B}.xpi [nicht gefunden] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-04] CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Claudi\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx <nicht gefunden> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software) R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [Datei ist nicht signiert] S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor) S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [435064 2014-10-15] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-20] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-04] (AVAST Software) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-10-31] (Broadcom Corporation) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-21] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-21 22:06 - 2015-12-21 22:06 - 00026477 _____ C:\Users\Claudi\Desktop\FRST.txt 2015-12-21 21:56 - 2015-12-21 22:01 - 00000163 _____ C:\Users\Claudi\Desktop\AttentionUninstallerLog.txt 2015-12-21 21:52 - 2015-12-21 21:23 - 03443652 _____ (Igor Pavlov) C:\Users\Claudi\Desktop\AttentionUninstaller64.exe 2015-12-21 21:36 - 2015-12-21 21:40 - 00000000 ____D C:\AdwCleaner 2015-12-21 21:27 - 2015-12-21 21:27 - 00003162 _____ C:\Windows\System32\Tasks\{B8E60B76-2EF8-463D-81AA-6B029321F791} 2015-12-21 20:30 - 2015-12-21 20:30 - 00000000 ____D C:\x 2015-12-21 20:18 - 2015-12-21 20:19 - 00039542 _____ C:\Users\Claudi\Desktop\Addition.txt 2015-12-21 17:23 - 2015-12-21 17:23 - 00004096 _____ C:\Users\Public\Documents\0000C632.LCS 2015-12-21 17:23 - 2015-12-21 17:23 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\ProtectDISC 2015-12-20 19:33 - 2015-12-20 22:13 - 00000524 _____ C:\Users\Claudi\Desktop\Neues Textdokument.txt 2015-12-20 19:09 - 2015-12-21 22:06 - 00000000 ____D C:\FRST 2015-12-20 19:06 - 2015-12-21 22:06 - 00000000 ____D C:\Users\Claudi\Desktop\Jackko 2015-12-20 19:05 - 2015-12-20 19:06 - 02370560 _____ (Farbar) C:\Users\Claudi\Desktop\FRST64.exe 2015-12-20 18:36 - 2015-12-21 21:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-20 18:36 - 2015-12-20 18:36 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-20 18:36 - 2015-12-20 18:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-20 18:36 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-20 18:36 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-20 18:36 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-20 18:34 - 2015-12-20 18:35 - 22908888 _____ (Malwarebytes ) C:\Users\Claudi\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-20 18:32 - 2015-12-20 18:32 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Sun 2015-12-20 18:32 - 2015-12-20 18:32 - 00000000 ____D C:\Users\Claudi\.oracle_jre_usage 2015-12-20 18:30 - 2015-12-20 18:30 - 00000000 ____D C:\Users\Claudi\AppData\LocalLow\Oracle 2015-12-20 18:26 - 2015-12-21 00:37 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForClaudi.job 2015-12-20 18:26 - 2015-12-20 18:26 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForClaudi 2015-12-20 18:25 - 2015-12-20 18:25 - 02870984 _____ (ESET) C:\Users\Claudi\Downloads\esetsmartinstaller_deu.exe 2015-12-20 18:25 - 2015-12-20 18:25 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-14 19:10 - 2015-12-14 19:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-14 19:10 - 2015-12-14 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-10 12:46 - 2015-12-10 12:46 - 00000000 ____D C:\ProgramData\Nikon 2015-12-09 19:23 - 2015-12-10 21:30 - 00000000 ____D C:\Windows\system32\MpEngineStore 2015-12-09 19:22 - 2015-12-09 19:22 - 00000000 ____D C:\730793f83abf9adb9e788ebe 2015-12-09 18:39 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 18:39 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 18:39 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 18:38 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 18:38 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 18:38 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-12-09 18:38 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 18:38 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 18:38 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 18:38 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 18:38 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 18:38 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 18:38 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 18:38 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-12-09 18:38 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 18:38 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 18:38 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 18:38 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 18:38 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-12-09 18:38 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 18:38 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 18:38 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 18:38 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 18:38 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 18:38 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 18:38 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 18:38 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 18:38 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 18:38 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-12-09 18:38 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-12-09 18:38 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 18:38 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 18:38 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 18:38 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 18:38 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 18:38 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 18:38 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-12-09 18:38 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 18:38 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 18:38 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 18:37 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 18:37 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 18:37 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-12-09 18:37 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2015-12-09 18:37 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-12-09 18:37 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2015-12-09 18:37 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 18:37 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls 2015-12-09 18:36 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-12-09 18:36 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-12-09 18:36 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-12-09 18:36 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-12-09 18:36 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-12-09 18:36 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-12-09 18:36 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-12-09 18:36 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-12-09 18:36 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-12-09 18:36 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 18:36 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 18:36 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 18:36 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 18:36 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 18:36 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 18:36 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 18:36 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 18:36 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-12-09 18:36 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 18:36 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 18:36 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-12-09 18:36 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2015-12-09 18:36 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-12-09 18:36 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-12-09 18:33 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 18:33 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 18:33 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 18:33 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 18:33 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 18:33 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-12-09 18:33 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 18:33 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 18:33 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 18:33 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 18:33 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 18:33 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 18:33 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 18:33 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-12-09 18:33 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-12-09 18:33 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-12-09 18:33 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2015-12-09 18:33 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2015-12-09 18:33 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2015-12-09 18:33 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2015-12-09 18:33 - 2015-10-10 19:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys 2015-12-09 18:33 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2015-12-09 18:33 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2015-12-09 18:32 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe 2015-12-09 18:32 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-12-04 18:55 - 2015-12-04 18:55 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-12-04 18:53 - 2015-12-04 19:03 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Nikon 2015-12-04 18:53 - 2015-12-04 18:53 - 00000000 ____D C:\Users\Claudi\AppData\Local\Nikon 2015-12-04 18:47 - 2015-12-04 18:47 - 00002106 _____ C:\Users\Public\Desktop\Picture Control Utility 2.lnk 2015-12-04 18:47 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Control Utility 2 2015-12-04 18:47 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2 2015-12-04 18:46 - 2015-12-04 18:46 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Plants 2015-12-04 18:46 - 2015-12-04 18:46 - 00000268 ___RH C:\ProgramData\Podcasting 2015-12-04 18:46 - 2015-12-04 18:46 - 00000020 ____H C:\ProgramData\PKP_DLes.DAT 2015-12-04 18:46 - 2015-12-04 18:46 - 00000012 ___RH C:\ProgramData\Resources 2015-12-04 18:46 - 2015-12-04 18:46 - 00000000 ____D C:\Windows\Downloaded Installations 2015-12-04 18:45 - 2015-12-16 18:30 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2015-12-04 18:45 - 2015-12-04 19:03 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Users\Claudi\AppData\Local\Downloaded Installations 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files\Nikon 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files\Common Files\Nikon 2015-12-04 18:45 - 2015-12-04 18:47 - 00000000 ____D C:\Program Files (x86)\Nikon 2015-12-04 18:45 - 2015-12-04 18:46 - 00000000 ____D C:\ProgramData\Ultima_T15 2015-12-04 18:45 - 2015-12-04 18:46 - 00000000 ____D C:\ProgramData\EnterNHelp 2015-12-04 18:45 - 2015-12-04 18:45 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL 2015-12-04 18:45 - 2015-12-04 18:45 - 00002076 _____ C:\Users\Public\Desktop\ViewNX 2.lnk 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Plug-In Settings 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\Users\Claudi\AppData\Roaming\Planets 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\ProgramData\Pop Flute 2015-12-04 18:45 - 2015-12-04 18:45 - 00000268 ___RH C:\ProgramData\Plugins 2015-12-04 18:45 - 2015-12-04 18:45 - 00000012 ___RH C:\ProgramData\Robot 2015-12-04 18:45 - 2015-12-04 18:45 - 00000012 ___RH C:\ProgramData\Receipts 2015-12-04 18:45 - 2015-12-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2 2015-12-04 18:44 - 2015-12-04 18:47 - 00000000 ____D C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 2015-12-04 18:43 - 2015-12-04 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon 2015-12-04 18:31 - 2015-12-04 18:41 - 112637472 _____ C:\Users\Claudi\Downloads\S-VNX2__-021003WF-EURDE-64BIT_.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-04 18:19 - 2015-12-04 18:19 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-04 18:07 - 2015-12-04 18:07 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-04 18:07 - 2015-12-04 18:07 - 00000000 ____D C:\Program Files\Common Files\AV ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-21 22:01 - 2015-09-30 18:34 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\Skype 2015-12-21 21:58 - 2015-02-22 14:53 - 00000000 ____D C:\Users\Claudi\AppData\Roaming\ClassicShell 2015-12-21 21:51 - 2014-10-31 09:37 - 00801992 _____ C:\Windows\system32\perfh007.dat 2015-12-21 21:51 - 2014-10-31 09:37 - 00174994 _____ C:\Windows\system32\perfc007.dat 2015-12-21 21:51 - 2014-03-18 10:53 - 01924576 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-21 21:51 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-21 21:50 - 2015-02-21 14:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3361543711-125785448-4142314985-1001 2015-12-21 21:50 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-21 21:47 - 2015-02-21 14:47 - 00000000 ____D C:\Users\Claudi\Documents\Youcam 2015-12-21 21:45 - 2015-03-18 21:13 - 00000000 ____D C:\Users\Claudi\OneDrive 2015-12-21 21:43 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-21 21:42 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-21 21:40 - 2015-07-25 21:14 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-12-21 21:40 - 2015-07-25 20:26 - 00001100 _____ C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk 2015-12-21 21:14 - 2015-03-09 08:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-21 20:51 - 2015-02-21 18:44 - 00000000 ____D C:\Users\Claudi\Documents\Outlook-Dateien 2015-12-21 17:50 - 2015-04-09 21:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-21 17:50 - 2015-04-09 21:09 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-21 17:50 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-12-20 21:01 - 2015-02-21 18:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-12-20 20:53 - 2015-02-21 15:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D2A4AD3-EC4A-4CB2-BE52-001D24320CCA} 2015-12-20 18:33 - 2015-04-05 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-20 18:33 - 2015-04-05 17:14 - 00000000 ____D C:\ProgramData\Oracle 2015-12-20 18:33 - 2015-04-05 17:14 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-20 18:32 - 2015-04-05 17:15 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-12-20 18:32 - 2015-02-21 14:44 - 00000000 ____D C:\Users\Claudi 2015-12-20 18:24 - 2015-02-21 16:31 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-12-20 18:24 - 2015-02-21 16:31 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-12-20 18:01 - 2013-08-22 15:44 - 00498472 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-16 18:25 - 2015-02-21 14:47 - 00000000 ____D C:\Users\Claudi\AppData\Local\CyberLink 2015-12-14 19:46 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-12-14 19:10 - 2015-09-30 18:34 - 00000000 ____D C:\Users\Claudi\AppData\Local\Skype 2015-12-14 19:10 - 2015-09-30 18:33 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-14 19:10 - 2015-09-30 18:33 - 00000000 ____D C:\ProgramData\Skype 2015-12-13 19:12 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-10 12:32 - 2015-02-21 18:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 12:19 - 2015-02-21 17:16 - 00003098 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3361543711-125785448-4142314985-1001 2015-12-09 19:22 - 2015-02-21 19:00 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 19:22 - 2015-02-21 19:00 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 07:14 - 2015-03-09 08:08 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-05 16:22 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-04 18:47 - 2014-10-31 02:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-04 18:19 - 2015-02-21 16:31 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-04 18:19 - 2015-02-21 16:31 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-01 18:19 - 2013-08-22 16:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 18:19 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-23 20:00 - 2015-02-22 19:42 - 00000000 ____D C:\Users\Claudi\Documents\AeTZ1417 2015-11-22 21:30 - 2015-04-28 12:06 - 00000000 ____D C:\Users\Claudi\Documents\kevin 2015-11-22 13:59 - 2015-02-22 22:02 - 00184320 ___SH C:\Users\Claudi\Desktop\Thumbs.db ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-12 18:37 - 2015-08-12 18:37 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Planets 2015-12-04 18:46 - 2015-12-04 18:46 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Plants 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\Users\Claudi\AppData\Roaming\Plug-In Settings 2015-12-04 18:46 - 2015-12-04 18:46 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2015-12-04 18:45 - 2015-12-16 18:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-12-04 18:45 - 2015-12-04 19:03 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\ProgramData\Plugins 2015-12-04 18:46 - 2015-12-04 18:46 - 0000268 ___RH () C:\ProgramData\Podcasting 2015-12-04 18:45 - 2015-12-04 18:45 - 0000268 ___RH () C:\ProgramData\Pop Flute 2015-12-04 18:45 - 2015-12-04 18:45 - 0000012 ___RH () C:\ProgramData\Receipts 2015-12-04 18:46 - 2015-12-04 18:46 - 0000012 ___RH () C:\ProgramData\Resources 2015-12-04 18:45 - 2015-12-04 18:45 - 0000012 ___RH () C:\ProgramData\Robot Einige Dateien in TEMP: ==================== C:\Users\Claudi\AppData\Local\Temp\1q9fq0zd.dll C:\Users\Claudi\AppData\Local\Temp\AttUninst64.exe C:\Users\Claudi\AppData\Local\Temp\avast_secureline_setup.exe C:\Users\Claudi\AppData\Local\Temp\COMAP.EXE C:\Users\Claudi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Claudi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Claudi\AppData\Local\Temp\Extract.exe C:\Users\Claudi\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\Claudi\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Claudi\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Claudi\AppData\Local\Temp\OfficeSetup.exe C:\Users\Claudi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Claudi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Claudi\AppData\Local\Temp\SP68373.exe C:\Users\Claudi\AppData\Local\Temp\SP69404.exe C:\Users\Claudi\AppData\Local\Temp\SP69559.exe C:\Users\Claudi\AppData\Local\Temp\SP69718.exe C:\Users\Claudi\AppData\Local\Temp\SP70271.exe C:\Users\Claudi\AppData\Local\Temp\SP70439.exe C:\Users\Claudi\AppData\Local\Temp\SP71716.exe C:\Users\Claudi\AppData\Local\Temp\Uninstall.exe C:\Users\Claudi\AppData\Local\Temp\_is2C5.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 12:28 ==================== Ende von FRST.txt ============================ |
21.12.2015, 22:13 | #11 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hi, Schritt # 1: ESET ESET Online Scanner
Schritt # 2: Bitte Posten
|
22.12.2015, 19:58 | #12 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hier das ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # end=init # utc_time=2015-12-20 05:25:54 # local_time=2015-12-20 06:25:54 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=41221 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # end=init # utc_time=2015-12-20 05:48:28 # local_time=2015-12-20 06:48:28 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download Update Init Update Download Update Finalize Updated modules version: 27284 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # end=updated # utc_time=2015-12-20 06:00:06 # local_time=2015-12-20 07:00:06 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # engine=27284 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-20 07:34:27 # local_time=2015-12-20 08:34:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 91 11367 26111001 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 11142910 22511358 0 0 # scanned=301043 # found=47 # cleaned=47 # scan_time=5660 sh=2BDFAA775C0D660EEC05CF56A0AFC00DF541A075 ft=1 fh=4bc66d39831de296 vn="Variante von Win32/Adware.ConvertAd.UY Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\rnstADA8.exe" sh=E269C001BDA6470386A36CB0EAEA4DD6B44C4E85 ft=1 fh=987e7eb89e8352b4 vn="Win32/Adware.ConvertAd.YY Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\34444335-1437857197-4E35-5833-3863BBAED735\Uninstall.exe" sh=A5BE0C1A6877CFECACE44C10F7A77AE1925F9292 ft=1 fh=5b8d6bde69b054c1 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\KoramGame\6ECFBB2B_stp\TaskScheduler.dll" sh=2BDFAA775C0D660EEC05CF56A0AFC00DF541A075 ft=1 fh=4bc66d39831de296 vn="Variante von Win32/Adware.ConvertAd.UY Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\073VBHTX\runasu[1].exe" sh=34EEB83EB0F34271DC41137510A06F6A50E436AC ft=1 fh=9410acb30ecffd0c vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\073VBHTX\setup[1].exe" sh=E3C7AF9CECFAFF1F58E89DD8B8276DC84F926E2E ft=1 fh=b683e2891175f63f vn="Variante von Win32/Toolbar.CrossRider.CW evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\073VBHTX\setup[2].exe" sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\073VBHTX\Stub[1].exe" sh=CFFD591A24AE42F5E5BB56DB013534A60EB7FBE0 ft=1 fh=f1d921af7a72089a vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\073VBHTX\wb-setup[1].exe" sh=7E31B18767BD00E85631B87880001F6459D9AB2F ft=1 fh=4f92ce7b3306ec54 vn="Variante von Win32/Somoto.K evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\5CODXWZO\BiTool[1].dll" sh=CC49FBBEBC955F1AAD1DA145D79447478DFFCE50 ft=1 fh=f9e3e2f1cab5b5dd vn="Variante von Win32/Adware.EoRezo.AZ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\5CODXWZO\setup_gmsd_de[1].exe" sh=54725DFF8DD27710EE197B248068A3862D2D42B6 ft=1 fh=4dea77ac36ebb461 vn="Variante von Win32/Adware.ConvertAd.XA.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\SearchUpdater[1].exe" sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\SmartWebInstaller[1].exe" sh=F3E7773CEDFB22E184C2AD039761AFE794E86C75 ft=1 fh=139c797f11d27383 vn="Win32/Adware.ConvertAd.AEO Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\cmmdWriter[1].exe" sh=553C5A88909D012D98510D3AFFBCCC5582545607 ft=1 fh=715fcbc05166284d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\Setup[1].exe" sh=A1889BF8FE6D8CA7CDE02AC512931E1FF9D98932 ft=1 fh=9ac083f18deba41f vn="Win32/WebDevAZ.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\smt[1].exe" sh=1DA52CA79ECC284829D10AF28DA10440A4F729EC ft=1 fh=c1aba39cd1bae2f6 vn="Variante von Win32/Adware.ConvertAd.ADS.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\tiwr[1].exe" sh=24CABE82DACE50A4A6AEA4276B8147E6EF5A1629 ft=1 fh=0f933e6b9ea790c3 vn="Win32/InstallMonetizer.BJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\YWWQ44B5\VuuPC_VO2_8907[1].exe" sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\SmartWeb\SmartWebHelper.exe" sh=080016256C564232771ED8D6EFFC94ECAECAD316 ft=1 fh=bfc1d533ef10baf8 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\SmartWeb\swhk.dll" sh=CFFD591A24AE42F5E5BB56DB013534A60EB7FBE0 ft=1 fh=f1d921af7a72089a vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\2195.exe" sh=7E31B18767BD00E85631B87880001F6459D9AB2F ft=1 fh=4f92ce7b3306ec54 vn="Variante von Win32/Somoto.K evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\bitool.dll" sh=DA71DA97912951EE9CDD91485606420690D418D6 ft=1 fh=d7e12df9eb9d4c91 vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nsb90E7.tmp" sh=AF39A701769B5424C7BBC095C2D70F334B1FE4C0 ft=1 fh=f0bb2e66bb580065 vn="Variante von Win32/Adware.ConvertAd.XC.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nsi7AAF.tmp" sh=34EEB83EB0F34271DC41137510A06F6A50E436AC ft=1 fh=9410acb30ecffd0c vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nsj4396.tmp" sh=A825A73D9DE224AB8154A1406F539B4F83CEF539 ft=1 fh=35433d38f2bb904b vn="Variante von Win32/Adware.ConvertAd.XA.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nslBD26.tmp" sh=E1D6428AA01A45B3916C4BA3C480738C123CD917 ft=1 fh=26a71032c18f1c12 vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nsp13E5.tmp" sh=46A8209CF4A732387B433060383438A1922DDE37 ft=1 fh=74290b2da5cce1a1 vn="Variante von Win32/Adware.ConvertAd.XA.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nsr2A42.tmp" sh=755C3C969488367C02BCF54C852483E35C1C4072 ft=1 fh=fb0b43d4c4f2a732 vn="Variante von Win32/Adware.ConvertAd.XC.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nssCFF.tmp" sh=24CABE82DACE50A4A6AEA4276B8147E6EF5A1629 ft=1 fh=0f933e6b9ea790c3 vn="Win32/InstallMonetizer.BJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\nsx8DCF.tmp" sh=31FCDF272F2DB1C28CF04046CAE3F89B69A29514 ft=1 fh=c71c001162210816 vn="Variante von Win32/Adware.MultiPlug.NV.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\4f7a041\a.dll" sh=FF6FD97BCC603890C9BDFFEBE992A8B95D4F2686 ft=1 fh=6c2a9be43d49c952 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\DMR\dmr_72.exe" sh=87BAC9D18750AF6FDAF013CE5325914979C5A72A ft=1 fh=4d6154421bc357fe vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\in71125248\3326B7A8_stp\CreateShortcut.dll" sh=A5BE0C1A6877CFECACE44C10F7A77AE1925F9292 ft=1 fh=5b8d6bde69b054c1 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\in71125248\70233158_stp\TaskScheduler.dll" sh=B66044B493D4153840AEBCDE3730C3686DC432BA ft=1 fh=a2aee0d0148278a5 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\is-91V7Q.tmp\gentlemjmp_ieu.exe" sh=8965E57CA549683810C8B475331419566A868CBB ft=1 fh=d6bb883093d0da8a vn="Variante von Win32/TrojanDropper.Addrop.J Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\is-FISEF.tmp\uninstall_solimba.exe" sh=72A40C8E8C68B5B11C24921658D823E3A96F37E1 ft=1 fh=48455528582cdc67 vn="Variante von Win32/Adware.EoRezo.AY Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\is-OI0JQ.tmp\package_BubbleSound_installer_multilang.exe" sh=D75DDA5F1688B4BB131468B807D854E45936B6D7 ft=1 fh=484555289863ec6c vn="Variante von Win32/Adware.EoRezo.AY Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\is-OI0JQ.tmp\package_secureprotect_installer_multilang.exe" sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Local\Temp\isdkUsW6ZIdj\ISightSDK.dll" sh=A5BE0C1A6877CFECACE44C10F7A77AE1925F9292 ft=1 fh=5b8d6bde69b054c1 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\AppData\Roaming\WarThunder\TaskScheduler.dll" sh=8C52030DAB9990DFABFEE69ED05FB77438E13067 ft=1 fh=ab0070e7c7a50878 vn="Win32/Adware.AdInstaller.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\Downloads\acdsee-foto-manager-18.2-setup.exe" sh=941BD1DE073B69CC8A2477C3164E436E9276AD64 ft=1 fh=c9c21279df4e6b64 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\Downloads\FreeMind - CHIP-Installer.exe" sh=C4EADDEC00BF0D2E6539AC3BBA7FF52ED3D6352E ft=1 fh=caf5ffb87d6f207d vn="Variante von Win32/InstallCore.ACZ evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\Downloads\MAGIX_Foto_Designer_7_DE.exe" sh=2366DC6305581C4BE98CE616A02DA7652DC420BB ft=1 fh=0dc9acfb372a3cd2 vn="Win32/Adware.AdInstaller.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\Downloads\PhotoScape_V3.7_CB-DL-Manager.exe" sh=59DDE960A07206E0B03947F6274EF2C585A43622 ft=1 fh=2d71e6c364c9d701 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Claudi\Downloads\PhoXo - CHIP-Installer.exe" sh=9E02965424E47069FEB4F41D86AC7F573DDED718 ft=1 fh=4860d449271506f3 vn="Variante von Win32/Adware.ConvertAd.UW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\B31C.tmp.exe" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\isdkem4luFWp\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\isdkKSdoQ0g1\ISightSDK.dll" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # end=init # utc_time=2015-12-21 09:16:44 # local_time=2015-12-21 10:16:44 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 27303 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # end=updated # utc_time=2015-12-21 09:18:37 # local_time=2015-12-21 10:18:37 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=469dc2fed6b0f445b665c373bf5be3ea # engine=27303 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-22 05:52:49 # local_time=2015-12-22 06:52:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777214 71 91 121084 26234503 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 11266412 22634860 0 0 # scanned=149619 # found=1 # cleaned=0 # scan_time=30851 sh=BCF818EC30647A296512F422592F700081829347 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\1[1].zip" |
22.12.2015, 21:02 | #13 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hi, Schritt # 1: FRST Fix Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" C:\Program Files\BubbleSound HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG C:\730793f83abf9adb9e788ebe C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\1[1].zip EmptyTemp:
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Schritt # 2: FRST Und noch ein frisches FRST-Log bitte. Schritt # 3: Frage Tritt das Problem noch auf? Schritt # 4: Bitte Posten
|
22.12.2015, 21:27 | #14 |
| Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hallo Dennis, jetzt hast Du mich etwas abgehängt... "Speichere diese bitte als Fixlist.txt auf deinem USB Stick. Starte deinen Rechner erneut in die Reparaturoptionen Starte nun die FRST.exe erneut und klicke den Entfernen Button." Einen USB Stick kann ich organisieren, auch wenn ich nicht vor Ort bin, arbeite per teamviewer auf dem PC, das krieg ich hin. Aber was meinst Du mit "erneut in die Reparaturoptionen starten" ? Gruss Karl-Heinz |
22.12.2015, 21:29 | #15 |
/// Malwareteam | Win 8.1 Passwort ist immer wieder ungültig, PC fährt manchmal einfach runter Hi, Ich bin wohl zu müde, das ist mein letzter Post für heute... Soll so heissen: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" C:\Program Files\BubbleSound HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG C:\730793f83abf9adb9e788ebe C:\Users\Claudi\AppData\Local\Microsoft\Windows\INetCache\IE\HJZFMAEH\1[1].zip EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|