| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Umleitung auf Werbeseiten und Pop up WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.12.2015, 18:19
| #1 |
| |  Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Hallo, seit einiger Zeit poppen Werbefenster auf fast jeder Seite auf und ich werde auch automatisch auf andere Webseiten umgeleitet. Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015 durchgeführt von sabine n (Administrator) auf (30-12-2015 16:10:45) Gestartet von C:\Users\Downloads Geladene Profile: sabine & PAULA (Verfügbare Profile: Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (LULU Software) C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Microsoft Corporation) C:\Windows\Temp\241F4023-69CF-4624-8958-7C9E751BA103\DismHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVK.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe [9574112 2015-12-09] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-27] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-04] (Geek Software GmbH) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-02] (SUPERAntiSpyware) HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6201.1019" HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\MountPoints2: {e03317ad-cd39-11e4-b9af-ec9a7452a7ef} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\Run: [Facebook Update] => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-16] (Facebook Inc.) HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\MountPoints2: {4a18dc27-660e-11e1-a70d-806e6f6e6963} - F:\.\Helper\ServiceDVD.bin -app .\ServiceDVD\browser7\application.ini HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\MountPoints2: {e03317ad-cd39-11e4-b9af-ec9a7452a7ef} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-21] (Google Inc.) HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG BootExecute: autocheck autochk * bddel.exe GroupPolicy: Beschränkung - Chrome <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited) Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited) Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{2BB24A61-A8CC-4C78-BA6A-20744CCA982C}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM-x32 - DrawPlus Starter Edition DE Toolbar - {88d776b4-c426-402a-961c-db0e25e2317b} - C:\Program Files (x86)\DrawPlus_Starter_Edition_DE\prxtbDraw.dll Keine Datei URLSearchHook: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 - DrawPlus Starter Edition DE Toolbar - {88d776b4-c426-402a-961c-db0e25e2317b} - C:\Program Files (x86)\DrawPlus_Starter_Edition_DE\prxtbDraw.dll Keine Datei SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {6C91B17E-AC61-4699-B3F2-76696F767409} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> DefaultScope {86790347-970B-4E30-A3D4-D0AA6950B5A0} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {86790347-970B-4E30-A3D4-D0AA6950B5A0} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {6C91B17E-AC61-4699-B3F2-76696F767409} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {A7B9955E-C39A-461E-AFA5-75CDF299C768} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_NL&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^NL&apn_uid=A2E9E033-FF62-445D-92C9-DB14FA4715B5&apn_sauid=E82348BB-6302-4C44-BA85-92043C8526F0 SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-18] (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-30] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-04] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-04] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-30] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2014-01-23] (pdfforge GmbH) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-30] (Google Inc.) Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-30] (Google Inc.) Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> Kein Name - {88D776B4-C426-402A-961C-DB0E25E2317B} - Keine Datei Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei DPF: HKLM-x32 {85C86CCC-2158-4123-9C7D-785190CED875} hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-16] (AVG Secure Search) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHABGIQ0LUAtEDFQRc10VVVpIFBgaeQ4BTFtCEQYbcQ0KBVwQQBNBNARaB0tXUUEeGGlxR1dMR1RQNElUAEAUUw== FF DefaultSearchEngine: Default FF SelectedSearchEngine: Bing® FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJVgMUghDFBhCcgpcTA0SGAAOeQAPWBQTEgUQeAgMU10UQFQFIk0FA18DB0VXfWFoKB8fHFNCM01IDVgIREc= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-18] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-18] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Keine Datei] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [Keine Datei] FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-03-11] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3060926553-3636460231-1984617601-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\PAULA.sabinen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\bing-lavasoft.xml [2015-09-12] FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\default.xml [2015-12-27] FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\youtube.xml [2015-11-15] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-27] FF Extension: dp Launcher Plugin - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\extensions\dplauncher@digitalpublishing.de [2014-07-05] [ist nicht signiert] FF Extension: Avira Browser Safety - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\abs@avira.com [2015-12-18] FF Extension: Cliqz - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\cliqz@cliqz.com.xpi [2015-12-27] FF Extension: Avira SafeSearch - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\safesearch@avira.com.xpi [2015-12-27] FF Extension: Video AdBlock for Firefox - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-12-27] [ist nicht signiert] FF Extension: fast-player - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{be29e1b5-4d6d-48fd-bded-512193d1c653}.xpi [2015-07-31] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-27] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [FFSodaPDFConverter2012@sodapdf.com] - C:\Program Files (x86)\Soda PDF 2012\FFSodaExt2012 FF Extension: Soda PDF 2012 Converter For Firefox - C:\Program Files (x86)\Soda PDF 2012\FFSodaExt2012 [2012-05-02] [ist nicht signiert] FF HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\extensions\cliqz@cliqz.com => nicht gefunden FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-06-13] <==== ACHTUNG Chrome: ======= CHR HomePage: Default -> hxxp://home.sweetim.com/?barid={5E63C3E1-D31F-11E2-82F1-EC9A7452A7EF}&src=10&&st=23&ptr=100 CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-re__alt__ddc_dsssyc_bd_com" CHR StartupUrls: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-re__alt__ddc_dsssyc_bd_com" CHR DefaultSearchURL: Default -> hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bcr-re__alt__ddc_dss_bd_com&p={searchTerms} CHR DefaultSearchKeyword: Default -> de.search.yahoo.com CHR DefaultNewTabURL: Default -> hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bcr-re__alt__ddc_dsssyctab_bd_com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll => Keine Datei CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\pdf.dll => Keine Datei CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll => Keine Datei CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Keine Datei CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => Keine Datei CHR Profile: C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24] CHR Extension: (Google Drive) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21] CHR Extension: (YouTube) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21] CHR Extension: (Google Search) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21] CHR Extension: (Google Wallet) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21] CHR Extension: (Gmail) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21] CHR Extension: (Kein Name) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocfmicencadhghjmdpabobnbdijgdcd [2015-09-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [712432 2015-12-09] () S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH) S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [705880 2012-04-20] (LULU Software) R2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [723288 2012-04-20] (LULU Software) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [X] S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-16] (AVG Technologies) R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-08-29] (G Data Software AG) R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-08-29] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-08-29] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-08-29] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-08-29] (G Data Software AG) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-08-29] (G Data Software AG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-27] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.) S3 cpuz134; \??\C:\Users\SABINE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-30 16:29 - 2015-12-30 16:30 - 00000000 ____D C:\216fd2e97e3f32b6dd51 2015-12-30 16:10 - 2015-12-30 16:37 - 00045136 _____ C:\Users\sabine n\Downloads\FRST.txt 2015-12-30 16:08 - 2015-12-30 16:10 - 00000000 ____D C:\FRST 2015-12-30 16:06 - 2015-12-30 16:08 - 02370560 _____ (Farbar) C:\Users\sabine n\Downloads\FRST64.exe 2015-12-28 02:15 - 2015-12-28 02:15 - 00000802 _____ C:\Windows\system32\bddel.dat 2015-12-28 00:14 - 2015-12-30 16:14 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a21549e0-7913-40ea-9d3a-8943b6c9e4de.job 2015-12-28 00:14 - 2015-12-30 15:48 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 06a82960-11ae-4184-8382-bb8da37765e3.job 2015-12-28 00:14 - 2015-12-28 00:14 - 00003634 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 06a82960-11ae-4184-8382-bb8da37765e3 2015-12-28 00:14 - 2015-12-28 00:14 - 00003560 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a21549e0-7913-40ea-9d3a-8943b6c9e4de 2015-12-28 00:14 - 2015-12-28 00:14 - 00000000 ____D C:\Users\sabine n\AppData\Roaming\SUPERAntiSpyware.com 2015-12-28 00:13 - 2015-12-28 00:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-12-28 00:13 - 2015-12-28 00:13 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2015-12-28 00:13 - 2015-12-28 00:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2015-12-28 00:13 - 2015-12-28 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-12-28 00:11 - 2015-12-28 00:12 - 24236480 _____ (SUPERAntiSpyware) C:\Users\sabine n\Downloads\SUPERAntiSpyware.exe 2015-12-28 00:03 - 2015-12-28 00:03 - 00001912 _____ C:\Windows\epplauncher.mif 2015-12-28 00:02 - 2015-12-28 00:02 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-12-28 00:01 - 2015-12-28 00:02 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-12-28 00:01 - 2015-12-28 00:01 - 00000000 ____D C:\ProgramData\BitDefender 2015-12-28 00:01 - 2015-12-28 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2015-12-28 00:00 - 2015-12-28 00:00 - 14262464 _____ (Microsoft Corporation) C:\Users\sabine n\Downloads\mseinstall.exe 2015-12-27 23:47 - 2015-12-28 07:59 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-12-27 23:47 - 2015-12-27 23:47 - 00000000 ____D C:\Users\sabine n\AppData\Roaming\LavasoftStatistics 2015-12-27 23:47 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00156936 _____ C:\Windows\system32\bdfwcore.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll 2015-12-27 23:47 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll 2015-12-27 23:46 - 2015-12-27 23:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-12-27 23:45 - 2015-12-27 23:45 - 00000000 ____D C:\Program Files\Lavasoft 2015-12-27 23:43 - 2015-12-27 23:43 - 00000000 ____D C:\Program Files\Common Files\Lavasoft 2015-12-27 23:42 - 2015-12-27 23:42 - 02012464 _____ C:\Users\sabine n\Downloads\Adaware_Installer.exe 2015-12-27 23:39 - 2015-12-27 23:39 - 00008430 _____ C:\Users\sabine n\Desktop\JRT.txt 2015-12-27 23:37 - 2015-12-27 23:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-27 23:36 - 2015-12-27 23:36 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-27 23:36 - 2015-12-27 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-27 23:36 - 2015-12-27 23:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-27 23:36 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-27 23:36 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-27 23:36 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-27 23:34 - 2015-12-27 23:35 - 22908888 _____ (Malwarebytes ) C:\Users\sabine n\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-27 23:27 - 2015-12-27 23:27 - 00003232 _____ C:\Windows\System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390} 2015-12-27 23:23 - 2015-12-27 23:24 - 01599336 _____ (Malwarebytes) C:\Users\sabine n\Downloads\JRT.exe 2015-12-27 23:19 - 2015-12-27 23:19 - 00000000 ____D C:\AdwCleaner 2015-12-27 23:18 - 2015-12-27 23:18 - 01743360 _____ C:\Users\sabine n\Downloads\adwcleaner_5.026.exe 2015-12-27 23:15 - 2015-12-27 23:15 - 00000000 ____D C:\Users\sabine n\AppData\LocalLow\Oracle 2015-12-27 23:14 - 2015-12-27 23:14 - 00584288 _____ (Oracle Corporation) C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe 2015-12-27 23:09 - 2015-12-27 23:09 - 00248872 _____ C:\Users\sabine n\Downloads\Firefox Setup Stub 43.0.2.exe 2015-12-27 23:09 - 2015-12-27 23:09 - 00248872 _____ C:\Users\sabine n\Downloads\Firefox Setup Stub 43.0.2(1).exe 2015-12-27 22:36 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-27 22:36 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-18 19:58 - 2015-12-18 20:00 - 120963072 _____ (G Data Software AG) C:\Users\sabine n\Downloads\INT_R_BASE_IS.exe.part 2015-12-18 19:20 - 2015-12-18 19:20 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-12-18 19:10 - 2015-12-18 19:10 - 00000000 ___HD C:\OneDriveTemp 2015-12-09 11:04 - 2015-12-09 11:04 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys 2015-12-01 22:12 - 2015-12-01 22:12 - 00000000 ____D C:\Users\sabine n\AppData\Local\OfficeBSCache-MyComputer ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-30 16:30 - 2014-04-10 11:00 - 00000000 ____D C:\Windows\system32\MRT 2015-12-30 16:30 - 2014-04-10 10:58 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-30 16:26 - 2013-12-21 22:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-30 16:20 - 2013-12-21 22:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-30 16:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-30 16:06 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-30 16:06 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-30 15:58 - 2013-12-21 22:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-30 15:48 - 2013-10-16 11:20 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job 2015-12-30 15:48 - 2013-10-16 11:20 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job 2015-12-28 07:56 - 2011-10-23 00:15 - 02010118 _____ C:\Windows\system32\perfh007.dat 2015-12-28 07:56 - 2011-10-23 00:15 - 00571938 _____ C:\Windows\system32\perfc007.dat 2015-12-28 07:56 - 2009-07-14 06:13 - 00006548 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-28 07:48 - 2012-05-27 21:05 - 00000000 ___RD C:\Users\sabine n\SkyDrive 2015-12-28 07:47 - 2013-06-04 09:14 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2015-12-28 07:46 - 2015-11-23 20:43 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForsabine n.job 2015-12-28 07:46 - 2015-10-07 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-28 07:46 - 2014-06-06 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-28 07:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-28 07:43 - 2013-06-04 20:07 - 00000000 ____D C:\Users\PAULA.sabinen\AppData\LocalLow\DrawPlus_Starter_Edition_DE 2015-12-28 07:43 - 2012-12-23 09:01 - 00000000 ____D C:\Users\sabine n\AppData\LocalLow\DrawPlus_Starter_Edition_DE 2015-12-28 03:21 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-28 03:19 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther 2015-12-27 23:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-27 23:46 - 2015-09-12 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-12-27 23:42 - 2015-09-12 20:59 - 00000000 ____D C:\ProgramData\Lavasoft 2015-12-27 23:28 - 2015-09-12 21:01 - 00000000 ____D C:\Users\sabine n\AppData\Roaming\Lavasoft 2015-12-27 23:28 - 2015-09-12 21:00 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2015-12-27 23:17 - 2013-12-21 22:45 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-27 23:11 - 2014-06-06 09:38 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-27 23:11 - 2014-06-06 09:38 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-12-27 22:21 - 2012-03-19 21:27 - 00000000 ____D C:\Users\sabine n\AppData\Local\CrashDumps 2015-12-27 22:14 - 2015-11-24 08:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-18 19:51 - 2011-10-22 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-18 19:21 - 2013-12-21 22:44 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-18 19:21 - 2013-12-21 22:44 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-18 19:20 - 2015-01-14 18:50 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-18 19:20 - 2015-01-14 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-18 19:20 - 2013-12-21 22:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-18 19:09 - 2014-02-20 07:00 - 00002212 _____ C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-12-08 20:30 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-12-01 22:28 - 2015-11-23 20:43 - 00003240 _____ C:\Windows\System32\Tasks\HPCeeScheduleForsabine n 2015-12-01 22:28 - 2012-03-04 16:30 - 00000000 ____D C:\Users\sabine n\AppData\Local\Hewlett-Packard 2015-12-01 22:03 - 2014-03-04 22:16 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSABINEn$ 2015-12-01 22:03 - 2014-03-04 22:12 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-27 07:19 - 2014-06-27 07:19 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2015-08-29 19:02 - 2015-08-29 19:02 - 0000000 _____ () C:\Users\sabine n\AppData\Roaming\gdfw.log 2015-08-29 19:01 - 2015-08-29 19:02 - 0000779 _____ () C:\Users\sabine n\AppData\Roaming\gdscan.log 2014-12-10 08:18 - 2014-12-10 08:18 - 0000000 _____ () C:\Users\sabine n\AppData\Local\{004E8E92-21F9-4A38-B05E-A4F4A2F6FE6B} Einige Dateien in TEMP: ==================== C:\Users\PAULA.sabinen\AppData\Local\Temp\avgnt.exe C:\Users\PAULA.sabinen\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\PAULA.sabinen\AppData\Local\Temp\mybestofferstoday.exe C:\Users\PAULA.sabinen\AppData\Local\Temp\optimizerpro.exe C:\Users\sabine n\AppData\Local\Temp\cct.dll C:\Users\sabine n\AppData\Local\Temp\JavaIC.dll C:\Users\sabine n\AppData\Local\Temp\msscct32.dll C:\Users\sabine n\AppData\Local\Temp\sqlite3.dll C:\Users\sabine n\AppData\Local\Temp\YSearchUtil.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-07-12 22:04 ==================== Ende von FRST.txt ============================ =Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-12-2015 durchgeführt von sabine n (2015-12-30 16:46:04) Gestartet von C:\Users\sabine n\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-03-04 15:29:00) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3060926553-3636460231-1984617601-500 - Administrator - Disabled) Gast (S-1-5-21-3060926553-3636460231-1984617601-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3060926553-3636460231-1984617601-1003 - Limited - Enabled) PAULA (S-1-5-21-3060926553-3636460231-1984617601-1005 - Limited - Enabled) => C:\Users\PAULA.sabinen sabine n (S-1-5-21-3060926553-3636460231-1984617601-1001 - Administrator - Enabled) => C:\Users\sabine n ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden Ad-Aware Antivirus (HKLM\...\{9A711B34-77B5-4DDA-A97E-2FD6663729E1}_AdAwareUpdater) (Version: 11.9.696.8769 - Lavasoft) AdAwareInstaller (Version: 11.9.696.8769 - Lavasoft) Hidden AdAwareUpdater (Version: 11.9.696.8769 - Lavasoft) Hidden Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.) AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.) AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.4205.0 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar Updater (HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ACHTUNG Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG) AvcEngine (Version: 3.11.11387.0 - Lavasoft) Hidden AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - ) Benutzerhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - ) Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.22 - CLIQZ.com) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation) Epson Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG) Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.2 - G DATA Software AG) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{483539DB-FA71-4C45-8438-55D3DCFDECC8}) (Version: 4.5.10.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - ) Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6366.2036 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: 1.2.97.14551 - pdfforge GmbH) PDF24 Creator 5.5.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.11.333 - Engelmann Media GmbH) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.) Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd) Soda PDF 2012 (HKLM-x32\...\{7315581A-6BCA-421B-9B42-469327C77CE6}) (Version: 2.1.18.4206 - LULU Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com) SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0A70D84B-7C91-46B7-9011-7354235F3B3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {0AD8B87D-3008-4F4D-BB1C-F99EBF821A57} - System32\Tasks\SUPERAntiSpyware Scheduled Task 06a82960-11ae-4184-8382-bb8da37765e3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {10CCEADC-4833-4E0A-8475-CC1B4126B0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {137AAED0-50D3-4BDA-AF25-2FEBE0027C30} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.) Task: {2459C408-0410-4B50-ABDD-9EED22BA9A93} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {24BA01D1-EFBC-4278-BBD7-AA9E5B922BEA} - System32\Tasks\HPCeeScheduleForSABINEn$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {2812B293-0B56-48C9-8F87-F982B19EDECB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation) Task: {2E08AF43-C6BF-46CF-9D66-B179A01AB981} - System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390} => pcalua.exe -a "C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe" -d "C:\Users\sabine n\Downloads" Task: {38CC9D51-3FC3-4CCE-B4C9-F62F06AD97A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] () Task: {52F47DCD-FC60-4504-AE4C-51209A8402CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {53C08BE3-6AAD-4F0F-9E1C-DCCC780A1273} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {544610B2-8221-4733-ACD4-E17EC0B7DDD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {62AF791F-F62F-4A0B-9AFF-3C66549955D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {666CC9A0-9210-4088-8FD5-C064AC725B9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {726649F7-5D0D-49DF-ADC8-17D84A96A62B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0679DE3A-5E7E-4314-9D23-7AAEF14A0164}.exe Task: {98927031-A17A-40D6-B13B-18BF94A6BC0F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {B98D0172-DA59-423D-854D-ADAD10379252} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {B9F8EC90-3D8F-4E38-956C-B8F23AC82019} - System32\Tasks\{D7C6B649-5705-4FB4-9DF8-F6307DB73FCA} => pcalua.exe -a "C:\Users\sabine n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09BBVCS6\Soda_PDF_2012_Installer.exe" -d "C:\Users\sabine n\Desktop" Task: {BC134C5D-BEB7-489A-AFCD-43ACD0389CD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C08EF655-011D-46F3-A3FC-F75FB82697F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-18] (Adobe Systems Incorporated) Task: {C84AF088-82BE-4159-B621-9942702D7873} - System32\Tasks\SUPERAntiSpyware Scheduled Task a21549e0-7913-40ea-9d3a-8943b6c9e4de => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {C8BE108D-22AF-42AA-9836-149CCF3FFA7B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.) Task: {CA0F44C1-74BD-4E61-9857-8A2D414D1673} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink) Task: {DA913778-66CD-428D-9421-C465FBFFB862} - System32\Tasks\HPCeeScheduleForsabine n => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {EE99FB23-E7E4-46F3-A144-080E097CDEA5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0679DE3A-5E7E-4314-9D23-7AAEF14A0164}.exe <==== ACHTUNG Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForsabine n.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 06a82960-11ae-4184-8382-bb8da37765e3.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a21549e0-7913-40ea-9d3a-8943b6c9e4de.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2011-09-28 06:19 - 2011-09-28 06:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-11-23 21:10 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-12-09 17:55 - 2015-12-09 17:55 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe 2015-12-09 17:58 - 2015-12-09 17:58 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_system-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_date_time-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_filesystem-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 11671800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareServiceKernel.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\RCF.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_regex-vc120-mt-1_57.dll 2015-12-09 17:59 - 2015-12-09 17:59 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_thread-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_chrono-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareActivation.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00476928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareApplicationUpdater.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareGamingMode.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareReset.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTime.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDefinitionsUpdater.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDefinitionsUpdaterScheduler.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareIgnoreList.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareQuarantine.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01571584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiMalwareEngine.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiRootkitEngine.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScannerHistory.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScanner.dll 2015-12-09 17:59 - 2015-12-09 17:59 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_timer-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScannerScheduler.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareRealTimeProtection.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 02489592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareIncompatibles.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01468136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiSpam.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01416944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiPhishing.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareParentalControl.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 02995960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareWebProtection.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareEmailProtection.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_iostreams-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01856768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareNetworkProtection.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwarePromo.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareFeedback.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareThreatWorkAlliance.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwarePinCode.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareNotice.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01542896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAvcEngine.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareRealTimeProtectionHistory.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00475888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareStatistics.dll 2015-12-27 23:47 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 09574112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe 2015-12-09 17:58 - 2015-12-09 17:58 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_locale-vc120-mt-1_57.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\HtmlFramework.dll 2015-12-09 17:58 - 2015-12-09 17:58 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTrayDefaultSkin.dll 2011-09-30 09:40 - 2011-09-30 09:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2012-05-02 07:52 - 2014-08-27 12:09 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe 2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-08-30 08:27 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\PAULA.sabinen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall ist deaktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{9CD5F71D-45A2-4800-BE86-322384C2DCF5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{856E22D3-DBD8-4406-9934-EBACE1DBF8A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{7370EF24-0297-4640-A007-9B51669A01B5}] => (Allow) LPort=2869 FirewallRules: [{764AA891-4B4E-40EF-BF6B-7FB0A5D5FBF4}] => (Allow) LPort=1900 FirewallRules: [{8F4ABF00-CDAC-4BFC-BD9B-C6AC800FA875}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{9731869D-5C05-4DF8-9DC8-F265FB22AF58}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{2E00A141-DCA8-4A3A-AC1C-677223D454E2}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{6A36A863-D696-41DA-BC3B-87FE52B86EED}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [{28A1F085-2E02-4326-BD4F-B6E5DEFC7571}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FEA52E36-1AA8-4C7B-B028-84F4C7A9ADB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F2589DF0-0CE9-47AE-A36A-85289E09EA29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DDD9A54A-B0FC-47FE-9E3D-858DF0A0467C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B43A3538-4F32-4226-884A-ADE6F5AB1974}] => (Allow) C:\Program Files (x86)\RapidSolution\Audials 9\Audials.exe FirewallRules: [{67F5E1DD-4547-48E4-AEED-39D1739FEECC}] => (Allow) LPort=12972 FirewallRules: [{626EE433-D16D-42D7-BDC1-3C148060BA11}] => (Allow) LPort=14714 FirewallRules: [{AB251149-3880-403F-8217-C16A15ED89B3}] => (Allow) LPort=31931 FirewallRules: [{DDCD7A40-DE5B-4EFD-B14F-DFBE1609A0E3}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{F001B60A-179F-4FE5-B3FB-10EBB6755C92}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{922C273D-E1F5-4BDE-B4DB-E43947948F1E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe FirewallRules: [UDP Query User{B6C10970-3981-446E-98D9-113252BB4200}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe FirewallRules: [TCP Query User{0A067DDA-C18F-4B82-BFB1-7C7FA2B5699C}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe FirewallRules: [UDP Query User{984A03D0-A5AC-4567-AD6C-12D2F0EB045E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe FirewallRules: [{B8B7E079-52EC-47BD-8ADE-112398DF2A7C}] => (Allow) F:\fsetup.exe FirewallRules: [{8A1381B6-80C4-43EA-A61D-FA3E0FB487EC}] => (Allow) F:\fsetup.exe FirewallRules: [{B95E615F-9005-4B3D-AE17-44FF91D21238}] => (Allow) C:\Windows\System32\dmwu.exe FirewallRules: [{73B691AF-0F6F-4124-8B72-728094C6E190}] => (Allow) C:\Windows\System32\dmwu.exe FirewallRules: [{ABC18073-3D3E-4EB8-95A0-923A34BD0B9B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe FirewallRules: [{8D3EEED9-145D-4B3A-84BC-DB63DC0BDE5F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe FirewallRules: [{7E91DCF3-53C4-44A2-B49D-5F4FD091054A}] => (Allow) C:\Windows\System32\dmwu.exe FirewallRules: [{90CCC579-F1BC-4F86-93AA-55B3E0A2CEB3}] => (Allow) C:\Windows\System32\dmwu.exe FirewallRules: [{AA45568B-AF5A-4750-A0CC-6DAB45E7B1B1}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe FirewallRules: [{FFF26E28-24E6-4521-8F3B-B3063C32B8AC}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe FirewallRules: [TCP Query User{3206AD66-DBD1-48ED-93BE-C5B8473CAB24}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe FirewallRules: [UDP Query User{813DCD76-7347-43B0-A154-8099AAE0F4DD}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe FirewallRules: [{FD9C73B0-4F52-4463-90B4-1E4E89D74E85}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{7EA84E85-286B-45E8-A55A-AE433B9E81AE}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [TCP Query User{A0EBCB60-03A0-4D85-9651-829ADA921D6B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{982F7A01-43B3-438E-81C9-0BA9AA3F77D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{E97C0064-6006-43F4-A426-3E7704A083E0}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{4982E99C-C324-46A9-BF97-583A1B7C448B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [TCP Query User{459F7B94-9CA0-4993-BE20-32D83169C60C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{2532D82D-329A-41EB-A28D-7CE984068AD3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E56922C4-3CE7-4406-8927-6C5CADA5D4E8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{4EACAB4E-D47E-4BD9-BA34-BA5D60141FA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F549EBD9-B367-4704-BFB0-491FADA5B9E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6BEF4C79-EE29-46B4-95AA-35E8882490E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{E647419E-57BE-45E6-B4C8-4D41CA78928C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{5AD4C8F8-0DC4-48E9-97F8-5533CBBB0FFE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{6253961E-8272-4C0E-90A0-7F3678B7F235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2634BB9B-6C4E-4418-BE3C-4A5986EB80C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7DF4477E-AC18-4B9B-8429-A4EF8D42CF25}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{D5238425-2DA5-4E15-A102-1216C62EB3C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= 27-12-2015 23:24:42 JRT Pre-Junkware Removal 27-12-2015 23:42:48 AA11 30-12-2015 15:59:25 Windows Modules Installer 30-12-2015 16:09:49 Windows Modules Installer ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/30/2015 04:00:09 PM) (Source: HP Active Health) (EventID: 81) (User: ) Description: -- SECURITY WARNING -- Unable to serialize super secret file hashes at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.File.InternalWriteAllBytes(String path, Byte[] bytes, Boolean checkHost) at HP.ActiveHealth.Commons.Security.HashStore.Save() Error: (12/30/2015 03:59:13 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101). Error: (12/30/2015 03:46:50 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt. Error: (12/28/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 89935 Error: (12/28/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 89935 Malwarebytes Anti-Malware www.malwarebytes.org Error, 28.12.2015 07:47, SYSTEM, SABINE, Protection, IsLicensed, 13, Protection, 28.12.2015 07:47, SYSTEM, SABINe, Protection, Malware Protection, Stopping, Protection, 28.12.2015 07:47, SYSTEM, SABINE, Protection, Malware Protection, Stopped, (end) Was kann ich tun? Danke schon mal für eure Hilfe, Sabine Error: (12/28/2015 08:26:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/28/2015 08:26:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 73196 Error: (12/28/2015 08:26:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 73196 Error: (12/28/2015 08:26:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/28/2015 08:26:01 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 56317 Systemfehler: ============= Error: (12/30/2015 05:07:25 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046} Error: (12/30/2015 05:07:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/30/2015 05:07:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht. Error: (12/30/2015 03:46:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (12/30/2015 03:46:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (12/28/2015 07:58:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (12/28/2015 07:58:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Sicherheitscenter" wurde nicht richtig gestartet. Error: (12/28/2015 07:57:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (12/28/2015 07:57:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (12/28/2015 07:55:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 ==================== Speicherinformationen =========================== Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 68% Installierter physikalischer RAM: 5609.41 MB Verfügbarer physikalischer RAM: 1780.3 MB Summe virtueller Speicher: 11217.02 MB Verfügbarer virtueller Speicher: 6990.48 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:441.08 GB) (Free:315.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Recovery) (Fixed) (Total:20.52 GB) (Free:2.16 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 43BE8158) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=441.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== Ende von Addition.txt ======================================== |
|
30.12.2015, 18:36
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Von den 3 Virenscannern bitte 2 deinstallieren sowie Ask Toolbar Updater, anschließend frische Logs: Schritt 1   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
03.01.2016, 12:48
| #3 |
| | Windows 7: Umleitung auf Werbeseiten und Pop up WerbungCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
durchgeführt von sabine n (Administrator) auf SABINEn (03-01-2016 12:38:39)
Gestartet von C:\Users\sabine n\Downloads
Geladene Profile: sabine n & PAULA (Verfügbare Profile: sabine n & PAULA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-27] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\MountPoints2: {e03317ad-cd39-11e4-b9af-ec9a7452a7ef} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\Run: [Facebook Update] => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-16] (Facebook Inc.)
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\MountPoints2: {4a18dc27-660e-11e1-a70d-806e6f6e6963} - F:\.\Helper\ServiceDVD.bin -app .\ServiceDVD\browser7\application.ini
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\MountPoints2: {e03317ad-cd39-11e4-b9af-ec9a7452a7ef} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-21] (Google Inc.)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
BootExecute: autocheck autochk * bddel.exe
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2BB24A61-A8CC-4C78-BA6A-20744CCA982C}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - DrawPlus Starter Edition DE Toolbar - {88d776b4-c426-402a-961c-db0e25e2317b} - C:\Program Files (x86)\DrawPlus_Starter_Edition_DE\prxtbDraw.dll Keine Datei
URLSearchHook: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 - DrawPlus Starter Edition DE Toolbar - {88d776b4-c426-402a-961c-db0e25e2317b} - C:\Program Files (x86)\DrawPlus_Starter_Edition_DE\prxtbDraw.dll Keine Datei
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {6C91B17E-AC61-4699-B3F2-76696F767409} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> DefaultScope {86790347-970B-4E30-A3D4-D0AA6950B5A0} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {86790347-970B-4E30-A3D4-D0AA6950B5A0} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {6C91B17E-AC61-4699-B3F2-76696F767409} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {A7B9955E-C39A-461E-AFA5-75CDF299C768} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_NL&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^NL&apn_uid=A2E9E033-FF62-445D-92C9-DB14FA4715B5&apn_sauid=E82348BB-6302-4C44-BA85-92043C8526F0
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2014-01-23] (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> Kein Name - {88D776B4-C426-402A-961C-DB0E25E2317B} - Keine Datei
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1005 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei
DPF: HKLM-x32 {85C86CCC-2158-4123-9C7D-785190CED875} hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-16] (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
FireFox:
========
FF ProfilePath: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHABGIQ0LUAtEDFQRc10VVVpIFBgaeQ4BTFtCEQYbcQ0KBVwQQBNBNARaB0tXUUEeGGlxR1dMR1RQNElUAEAUUw==
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJVgMUghDFBhCcgpcTA0SGAAOeQAPWBQTEgUQeAgMU10UQFQFIk0FA18DB0VXfWFoKB8fHFNCM01IDVgIREc=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [Keine Datei]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-03-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3060926553-3636460231-1984617601-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\PAULA.sabinen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\bing-lavasoft.xml [2015-09-12]
FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\default.xml [2015-12-27]
FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\youtube.xml [2015-11-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-27]
FF Extension: dp Launcher Plugin - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\extensions\dplauncher@digitalpublishing.de [2014-07-05] [ist nicht signiert]
FF Extension: Avira Browser Safety - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\abs@avira.com [2015-12-30]
FF Extension: Cliqz - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\cliqz@cliqz.com.xpi [2015-12-27]
FF Extension: Avira SafeSearch - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\safesearch@avira.com.xpi [2015-12-27]
FF Extension: Video AdBlock for Firefox - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-12-27] [ist nicht signiert]
FF Extension: fast-player - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{be29e1b5-4d6d-48fd-bded-512193d1c653}.xpi [2015-07-31] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-27] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFSodaPDFConverter2012@sodapdf.com] - C:\Program Files (x86)\Soda PDF 2012\FFSodaExt2012
FF Extension: Soda PDF 2012 Converter For Firefox - C:\Program Files (x86)\Soda PDF 2012\FFSodaExt2012 [2012-05-02] [ist nicht signiert]
FF HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\extensions\cliqz@cliqz.com => nicht gefunden
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-06-13] <==== ACHTUNG
Chrome:
=======
CHR HomePage: Default -> hxxp://home.sweetim.com/?barid={5E63C3E1-D31F-11E2-82F1-EC9A7452A7EF}&src=10&&st=23&ptr=100
CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-re__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-re__alt__ddc_dsssyc_bd_com"
CHR DefaultSearchURL: Default -> hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bcr-re__alt__ddc_dss_bd_com&p={searchTerms}
CHR DefaultSearchKeyword: Default -> de.search.yahoo.com
CHR DefaultNewTabURL: Default -> hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bcr-re__alt__ddc_dsssyctab_bd_com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\pdf.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll => Keine Datei
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google Search) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21]
CHR Extension: (Gmail) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
CHR Extension: (Kein Name) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocfmicencadhghjmdpabobnbdijgdcd [2015-09-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [705880 2012-04-20] (LULU Software)
R2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [723288 2012-04-20] (LULU Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [X]
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-16] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-08-29] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-08-29] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-08-29] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-08-29] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-08-29] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-08-29] (G Data Software AG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\SABINE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-03 12:23 - 2016-01-03 12:23 - 09479872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-02 10:11 - 2016-01-02 10:11 - 00000000 ___HD C:\OneDriveTemp
2015-12-30 17:58 - 2015-12-30 17:58 - 00001841 _____ C:\Users\sabine n\Desktop\G DATA Protokoll ID 422.html
2015-12-30 17:45 - 2015-12-30 17:45 - 00000331 _____ C:\Users\sabine n\Downloads\Malwarebytes Anti Malware.txt
2015-12-30 16:46 - 2015-12-30 19:32 - 00048885 _____ C:\Users\sabine n\Downloads\Addition.txt
2015-12-30 16:10 - 2016-01-03 12:38 - 00042451 _____ C:\Users\sabine n\Downloads\FRST.txt
2015-12-30 16:08 - 2016-01-03 12:38 - 00000000 ____D C:\FRST
2015-12-30 16:06 - 2015-12-30 16:08 - 02370560 _____ (Farbar) C:\Users\sabine n\Downloads\FRST64.exe
2015-12-28 02:15 - 2015-12-28 02:15 - 00000802 _____ C:\Windows\system32\bddel.dat
2015-12-28 00:14 - 2015-12-28 00:14 - 00000000 ____D C:\Users\sabine n\AppData\Roaming\SUPERAntiSpyware.com
2015-12-28 00:13 - 2015-12-30 19:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-28 00:13 - 2015-12-28 00:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-12-28 00:11 - 2015-12-28 00:12 - 24236480 _____ (SUPERAntiSpyware) C:\Users\sabine n\Downloads\SUPERAntiSpyware.exe
2015-12-28 00:03 - 2015-12-28 00:03 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-28 00:02 - 2015-12-28 00:02 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-12-28 00:01 - 2015-12-28 00:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-12-28 00:01 - 2015-12-28 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-12-28 00:00 - 2015-12-28 00:00 - 14262464 _____ (Microsoft Corporation) C:\Users\sabine n\Downloads\mseinstall.exe
2015-12-27 23:46 - 2015-12-27 23:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-12-27 23:42 - 2015-12-27 23:42 - 02012464 _____ C:\Users\sabine n\Downloads\Adaware_Installer.exe
2015-12-27 23:39 - 2015-12-27 23:39 - 00008430 _____ C:\Users\sabine n\Desktop\JRT.txt
2015-12-27 23:34 - 2015-12-27 23:35 - 22908888 _____ (Malwarebytes ) C:\Users\sabine n\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-27 23:27 - 2015-12-27 23:27 - 00003232 _____ C:\Windows\System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390}
2015-12-27 23:23 - 2015-12-27 23:24 - 01599336 _____ (Malwarebytes) C:\Users\sabine n\Downloads\JRT.exe
2015-12-27 23:19 - 2015-12-27 23:19 - 00000000 ____D C:\AdwCleaner
2015-12-27 23:18 - 2015-12-27 23:18 - 01743360 _____ C:\Users\sabine n\Downloads\adwcleaner_5.026.exe
2015-12-27 23:15 - 2015-12-27 23:15 - 00000000 ____D C:\Users\sabine n\AppData\LocalLow\Oracle
2015-12-27 23:14 - 2015-12-27 23:14 - 00584288 _____ (Oracle Corporation) C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe
2015-12-27 23:09 - 2015-12-27 23:09 - 00248872 _____ C:\Users\sabine n\Downloads\Firefox Setup Stub 43.0.2.exe
2015-12-27 23:09 - 2015-12-27 23:09 - 00248872 _____ C:\Users\sabine n\Downloads\Firefox Setup Stub 43.0.2(1).exe
2015-12-27 22:39 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-27 22:39 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-27 22:39 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-27 22:39 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-27 22:39 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-27 22:39 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-27 22:39 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-27 22:39 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-27 22:39 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-27 22:39 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-27 22:39 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-27 22:39 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-27 22:38 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-27 22:38 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-27 22:38 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-27 22:38 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-27 22:38 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-27 22:38 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-27 22:38 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-27 22:38 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-27 22:38 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-27 22:37 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-27 22:37 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-27 22:37 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-27 22:37 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-27 22:37 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-27 22:37 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-27 22:37 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-27 22:37 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-27 22:37 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-27 22:37 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-27 22:37 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-27 22:37 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-27 22:37 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-27 22:37 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-27 22:37 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-27 22:37 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-27 22:37 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-27 22:37 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-27 22:37 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-27 22:37 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-27 22:37 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-27 22:37 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-27 22:37 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-27 22:37 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-27 22:37 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-27 22:37 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-27 22:37 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-27 22:37 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-27 22:37 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-27 22:37 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-27 22:37 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-27 22:37 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-27 22:37 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-27 22:37 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-27 22:37 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-27 22:37 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-27 22:37 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-27 22:37 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-27 22:37 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-27 22:37 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-27 22:37 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-27 22:37 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-27 22:37 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-27 22:37 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-27 22:37 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-27 22:37 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-27 22:37 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-27 22:37 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-27 22:37 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-27 22:37 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-27 22:37 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-27 22:37 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-27 22:37 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-27 22:37 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-27 22:37 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-27 22:37 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-27 22:37 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-27 22:37 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-27 22:37 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-27 22:37 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-27 22:37 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-27 22:37 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-27 22:37 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-27 22:37 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-27 22:36 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-27 22:36 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-18 19:58 - 2015-12-18 20:00 - 120963072 _____ (G Data Software AG) C:\Users\sabine n\Downloads\INT_R_BASE_IS.exe.part
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-03 12:28 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 12:28 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 12:26 - 2013-12-21 22:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-03 12:25 - 2013-10-16 11:20 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job
2016-01-03 12:25 - 2013-10-16 11:20 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job
2016-01-03 12:23 - 2015-01-14 18:50 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 12:23 - 2015-01-14 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-03 12:23 - 2014-03-04 22:12 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job
2016-01-03 12:23 - 2013-12-21 22:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-03 12:23 - 2013-12-21 22:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 12:22 - 2015-11-23 20:43 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForsabine n.job
2016-01-03 12:22 - 2014-03-04 22:16 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSABINEn$
2016-01-03 12:22 - 2013-12-21 22:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-02 10:11 - 2012-05-27 21:05 - 00000000 ___RD C:\Users\sabine n\SkyDrive
2016-01-02 10:10 - 2013-06-04 09:14 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-01-02 10:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-30 21:03 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-30 20:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-30 19:54 - 2014-03-15 10:28 - 00000000 ____D C:\Windows\SysWOW64\cache
2015-12-30 19:45 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-30 19:44 - 2009-07-14 05:45 - 00472984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-30 19:42 - 2013-03-14 21:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-30 19:42 - 2011-10-22 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-30 19:41 - 2015-04-06 10:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-30 19:41 - 2015-04-06 10:32 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-30 19:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-30 17:49 - 2013-03-15 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-30 17:40 - 2014-04-10 11:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-30 17:21 - 2015-09-12 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-12-30 16:30 - 2014-04-10 10:58 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-28 07:56 - 2011-10-23 00:15 - 02010118 _____ C:\Windows\system32\perfh007.dat
2015-12-28 07:56 - 2011-10-23 00:15 - 00571938 _____ C:\Windows\system32\perfc007.dat
2015-12-28 07:56 - 2009-07-14 06:13 - 00006548 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-28 07:46 - 2015-10-07 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 07:46 - 2014-06-06 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-28 07:43 - 2013-06-04 20:07 - 00000000 ____D C:\Users\PAULA.sabinen\AppData\LocalLow\DrawPlus_Starter_Edition_DE
2015-12-28 07:43 - 2012-12-23 09:01 - 00000000 ____D C:\Users\sabine n\AppData\LocalLow\DrawPlus_Starter_Edition_DE
2015-12-28 03:21 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-28 03:19 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther
2015-12-27 23:28 - 2015-09-12 21:00 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-27 23:17 - 2013-12-21 22:45 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-27 23:11 - 2014-06-06 09:38 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-27 23:11 - 2014-06-06 09:38 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-27 22:21 - 2012-03-19 21:27 - 00000000 ____D C:\Users\sabine n\AppData\Local\CrashDumps
2015-12-27 22:14 - 2015-11-24 08:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 19:51 - 2011-10-22 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-18 19:21 - 2013-12-21 22:44 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-18 19:21 - 2013-12-21 22:44 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-18 19:09 - 2014-02-20 07:00 - 00002212 _____ C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-06-27 07:19 - 2014-06-27 07:19 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-08-29 19:02 - 2015-08-29 19:02 - 0000000 _____ () C:\Users\sabine n\AppData\Roaming\gdfw.log
2015-08-29 19:01 - 2015-08-29 19:02 - 0000779 _____ () C:\Users\sabine n\AppData\Roaming\gdscan.log
2014-12-10 08:18 - 2014-12-10 08:18 - 0000000 _____ () C:\Users\sabine n\AppData\Local\{004E8E92-21F9-4A38-B05E-A4F4A2F6FE6B}
Einige Dateien in TEMP:
====================
C:\Users\PAULA.sabinen\AppData\Local\Temp\avgnt.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\mybestofferstoday.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\optimizerpro.exe
C:\Users\sabine n\AppData\Local\Temp\cct.dll
C:\Users\sabine n\AppData\Local\Temp\JavaIC.dll
C:\Users\sabine n\AppData\Local\Temp\msscct32.dll
C:\Users\sabine n\AppData\Local\Temp\sqlite3.dll
C:\Users\sabine n\AppData\Local\Temp\YSearchUtil.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-12 22:04
==================== Ende von FRST.txt ============================
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-12-2015
durchgeführt von sabine n (2016-01-03 12:43:51)
Gestartet von C:\Users\sabine n\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-04 15:29:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3060926553-3636460231-1984617601-500 - Administrator - Disabled)
Gast (S-1-5-21-3060926553-3636460231-1984617601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3060926553-3636460231-1984617601-1003 - Limited - Enabled)
PAULA (S-1-5-21-3060926553-3636460231-1984617601-1005 - Limited - Enabled) => C:\Users\PAULA.sabinen
sabine n (S-1-5-21-3060926553-3636460231-1984617601-1001 - Administrator - Enabled) => C:\Users\sabine n
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ACHTUNG
Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - )
Benutzerhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - )
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.22 - CLIQZ.com)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.2 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{483539DB-FA71-4C45-8438-55D3DCFDECC8}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: 1.2.97.14551 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.11.333 - Engelmann Media GmbH)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Soda PDF 2012 (HKLM-x32\...\{7315581A-6BCA-421B-9B42-469327C77CE6}) (Version: 2.1.18.4206 - LULU Software)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0A70D84B-7C91-46B7-9011-7354235F3B3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {10CCEADC-4833-4E0A-8475-CC1B4126B0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {137AAED0-50D3-4BDA-AF25-2FEBE0027C30} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.)
Task: {2459C408-0410-4B50-ABDD-9EED22BA9A93} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {24BA01D1-EFBC-4278-BBD7-AA9E5B922BEA} - System32\Tasks\HPCeeScheduleForSABINEn$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2812B293-0B56-48C9-8F87-F982B19EDECB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {2E08AF43-C6BF-46CF-9D66-B179A01AB981} - System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390} => pcalua.exe -a "C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe" -d "C:\Users\sabine n\Downloads"
Task: {38CC9D51-3FC3-4CCE-B4C9-F62F06AD97A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {52F47DCD-FC60-4504-AE4C-51209A8402CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {53C08BE3-6AAD-4F0F-9E1C-DCCC780A1273} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {544610B2-8221-4733-ACD4-E17EC0B7DDD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {62AF791F-F62F-4A0B-9AFF-3C66549955D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {666CC9A0-9210-4088-8FD5-C064AC725B9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {726649F7-5D0D-49DF-ADC8-17D84A96A62B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0679DE3A-5E7E-4314-9D23-7AAEF14A0164}.exe
Task: {76576465-A3CA-4954-B984-E4BE6D8D8E23} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {98927031-A17A-40D6-B13B-18BF94A6BC0F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {B98D0172-DA59-423D-854D-ADAD10379252} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B9F8EC90-3D8F-4E38-956C-B8F23AC82019} - System32\Tasks\{D7C6B649-5705-4FB4-9DF8-F6307DB73FCA} => pcalua.exe -a "C:\Users\sabine n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09BBVCS6\Soda_PDF_2012_Installer.exe" -d "C:\Users\sabine n\Desktop"
Task: {BC134C5D-BEB7-489A-AFCD-43ACD0389CD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C08EF655-011D-46F3-A3FC-F75FB82697F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {C8BE108D-22AF-42AA-9836-149CCF3FFA7B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.)
Task: {CA0F44C1-74BD-4E61-9857-8A2D414D1673} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {DA913778-66CD-428D-9421-C465FBFFB862} - System32\Tasks\HPCeeScheduleForsabine n => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E3FC7F01-869F-4938-805C-090795B0CAD1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EE99FB23-E7E4-46F3-A144-080E097CDEA5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0679DE3A-5E7E-4314-9D23-7AAEF14A0164}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsabine n.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-09-28 06:19 - 2011-09-28 06:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-09-30 09:40 - 2011-09-30 09:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2012-05-02 07:52 - 2014-08-27 12:09 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-09-28 06:19 - 2011-09-28 06:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 06:06 - 2011-09-28 06:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-11-23 21:10 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-08-30 08:27 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\PAULA.sabinen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9CD5F71D-45A2-4800-BE86-322384C2DCF5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{856E22D3-DBD8-4406-9934-EBACE1DBF8A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7370EF24-0297-4640-A007-9B51669A01B5}] => (Allow) LPort=2869
FirewallRules: [{764AA891-4B4E-40EF-BF6B-7FB0A5D5FBF4}] => (Allow) LPort=1900
FirewallRules: [{8F4ABF00-CDAC-4BFC-BD9B-C6AC800FA875}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9731869D-5C05-4DF8-9DC8-F265FB22AF58}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2E00A141-DCA8-4A3A-AC1C-677223D454E2}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{6A36A863-D696-41DA-BC3B-87FE52B86EED}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{28A1F085-2E02-4326-BD4F-B6E5DEFC7571}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEA52E36-1AA8-4C7B-B028-84F4C7A9ADB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2589DF0-0CE9-47AE-A36A-85289E09EA29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDD9A54A-B0FC-47FE-9E3D-858DF0A0467C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B43A3538-4F32-4226-884A-ADE6F5AB1974}] => (Allow) C:\Program Files (x86)\RapidSolution\Audials 9\Audials.exe
FirewallRules: [{67F5E1DD-4547-48E4-AEED-39D1739FEECC}] => (Allow) LPort=12972
FirewallRules: [{626EE433-D16D-42D7-BDC1-3C148060BA11}] => (Allow) LPort=14714
FirewallRules: [{AB251149-3880-403F-8217-C16A15ED89B3}] => (Allow) LPort=31931
FirewallRules: [{DDCD7A40-DE5B-4EFD-B14F-DFBE1609A0E3}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F001B60A-179F-4FE5-B3FB-10EBB6755C92}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{922C273D-E1F5-4BDE-B4DB-E43947948F1E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [UDP Query User{B6C10970-3981-446E-98D9-113252BB4200}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [TCP Query User{0A067DDA-C18F-4B82-BFB1-7C7FA2B5699C}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [UDP Query User{984A03D0-A5AC-4567-AD6C-12D2F0EB045E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [{B8B7E079-52EC-47BD-8ADE-112398DF2A7C}] => (Allow) F:\fsetup.exe
FirewallRules: [{8A1381B6-80C4-43EA-A61D-FA3E0FB487EC}] => (Allow) F:\fsetup.exe
FirewallRules: [{B95E615F-9005-4B3D-AE17-44FF91D21238}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{73B691AF-0F6F-4124-8B72-728094C6E190}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{ABC18073-3D3E-4EB8-95A0-923A34BD0B9B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{8D3EEED9-145D-4B3A-84BC-DB63DC0BDE5F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{7E91DCF3-53C4-44A2-B49D-5F4FD091054A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{90CCC579-F1BC-4F86-93AA-55B3E0A2CEB3}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{AA45568B-AF5A-4750-A0CC-6DAB45E7B1B1}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FFF26E28-24E6-4521-8F3B-B3063C32B8AC}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{3206AD66-DBD1-48ED-93BE-C5B8473CAB24}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{813DCD76-7347-43B0-A154-8099AAE0F4DD}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{FD9C73B0-4F52-4463-90B4-1E4E89D74E85}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{7EA84E85-286B-45E8-A55A-AE433B9E81AE}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{A0EBCB60-03A0-4D85-9651-829ADA921D6B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{982F7A01-43B3-438E-81C9-0BA9AA3F77D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{E97C0064-6006-43F4-A426-3E7704A083E0}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{4982E99C-C324-46A9-BF97-583A1B7C448B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{459F7B94-9CA0-4993-BE20-32D83169C60C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2532D82D-329A-41EB-A28D-7CE984068AD3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E56922C4-3CE7-4406-8927-6C5CADA5D4E8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4EACAB4E-D47E-4BD9-BA34-BA5D60141FA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F549EBD9-B367-4704-BFB0-491FADA5B9E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6BEF4C79-EE29-46B4-95AA-35E8882490E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E647419E-57BE-45E6-B4C8-4D41CA78928C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5AD4C8F8-0DC4-48E9-97F8-5533CBBB0FFE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6253961E-8272-4C0E-90A0-7F3678B7F235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2634BB9B-6C4E-4418-BE3C-4A5986EB80C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DF4477E-AC18-4B9B-8429-A4EF8D42CF25}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5238425-2DA5-4E15-A102-1216C62EB3C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
27-12-2015 23:24:42 JRT Pre-Junkware Removal
27-12-2015 23:42:48 AA11
30-12-2015 15:59:25 Windows Modules Installer
30-12-2015 16:09:49 Windows Modules Installer
30-12-2015 17:08:35 AA11
30-12-2015 20:20:04 Windows Update
03-01-2016 12:32:58 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/02/2016 11:08:37 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/02/2016 10:56:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2246
Error: (01/02/2016 10:56:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2246
Error: (01/02/2016 10:56:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/02/2016 10:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029
Error: (01/02/2016 10:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029
Error: (01/02/2016 10:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/02/2016 10:32:27 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/02/2016 10:22:41 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (01/02/2016 10:12:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (01/02/2016 10:21:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (01/02/2016 10:18:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.
Error: (01/02/2016 10:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/02/2016 10:17:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Solutions Framework Service erreicht.
Error: (01/02/2016 10:13:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (01/02/2016 10:12:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (01/02/2016 10:11:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/02/2016 10:11:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/02/2016 10:11:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/02/2016 10:11:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Klick-und-Los-Dienst erreicht.
==================== Speicherinformationen ===========================
Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 5609.41 MB
Verfügbarer physikalischer RAM: 2809.54 MB
Summe virtueller Speicher: 11217.02 MB
Verfügbarer virtueller Speicher: 7780.19 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:441.08 GB) (Free:313.09 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery) (Fixed) (Total:20.52 GB) (Free:2.16 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 43BE8158)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
 |
|
03.01.2016, 12:49
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG
Das bitte auch noch deinstallieren: Microsoft Security Essentials Ask Toolbar Updater SweetIM for Messenger 3.7 Internet Explorer Toolbar 4.8 by SweetPacks Wenn es nicht geht, versuche Revo: Lade Dir bitte Revo Uninstaller  hier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Neu runterladen und nach Anweisung ausführen: Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer Geändert von deeprybka (03.01.2016 um 12:56 Uhr) |
|
03.01.2016, 12:52
| #5 |
| | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Hier der Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-12-2015
durchgeführt von sabine n (2016-01-03 12:43:51)
Gestartet von C:\Users\sabine n\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-04 15:29:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3060926553-3636460231-1984617601-500 - Administrator - Disabled)
Gast (S-1-5-21-3060926553-3636460231-1984617601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3060926553-3636460231-1984617601-1003 - Limited - Enabled)
PAULA (S-1-5-21-3060926553-3636460231-1984617601-1005 - Limited - Enabled) => C:\Users\PAULA.sabinen
sabine n (S-1-5-21-3060926553-3636460231-1984617601-1001 - Administrator - Enabled) => C:\Users\sabine n
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ACHTUNG
Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - )
Benutzerhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - )
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.22 - CLIQZ.com)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.2 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{483539DB-FA71-4C45-8438-55D3DCFDECC8}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: 1.2.97.14551 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.11.333 - Engelmann Media GmbH)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Soda PDF 2012 (HKLM-x32\...\{7315581A-6BCA-421B-9B42-469327C77CE6}) (Version: 2.1.18.4206 - LULU Software)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ACHTUNG
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0A70D84B-7C91-46B7-9011-7354235F3B3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {10CCEADC-4833-4E0A-8475-CC1B4126B0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {137AAED0-50D3-4BDA-AF25-2FEBE0027C30} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.)
Task: {2459C408-0410-4B50-ABDD-9EED22BA9A93} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {24BA01D1-EFBC-4278-BBD7-AA9E5B922BEA} - System32\Tasks\HPCeeScheduleForSABINEn$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2812B293-0B56-48C9-8F87-F982B19EDECB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {2E08AF43-C6BF-46CF-9D66-B179A01AB981} - System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390} => pcalua.exe -a "C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe" -d "C:\Users\sabine n\Downloads"
Task: {38CC9D51-3FC3-4CCE-B4C9-F62F06AD97A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {52F47DCD-FC60-4504-AE4C-51209A8402CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {53C08BE3-6AAD-4F0F-9E1C-DCCC780A1273} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {544610B2-8221-4733-ACD4-E17EC0B7DDD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {62AF791F-F62F-4A0B-9AFF-3C66549955D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {666CC9A0-9210-4088-8FD5-C064AC725B9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {726649F7-5D0D-49DF-ADC8-17D84A96A62B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0679DE3A-5E7E-4314-9D23-7AAEF14A0164}.exe
Task: {76576465-A3CA-4954-B984-E4BE6D8D8E23} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {98927031-A17A-40D6-B13B-18BF94A6BC0F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {B98D0172-DA59-423D-854D-ADAD10379252} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B9F8EC90-3D8F-4E38-956C-B8F23AC82019} - System32\Tasks\{D7C6B649-5705-4FB4-9DF8-F6307DB73FCA} => pcalua.exe -a "C:\Users\sabine n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09BBVCS6\Soda_PDF_2012_Installer.exe" -d "C:\Users\sabine n\Desktop"
Task: {BC134C5D-BEB7-489A-AFCD-43ACD0389CD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C08EF655-011D-46F3-A3FC-F75FB82697F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {C8BE108D-22AF-42AA-9836-149CCF3FFA7B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.)
Task: {CA0F44C1-74BD-4E61-9857-8A2D414D1673} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {DA913778-66CD-428D-9421-C465FBFFB862} - System32\Tasks\HPCeeScheduleForsabine n => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E3FC7F01-869F-4938-805C-090795B0CAD1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EE99FB23-E7E4-46F3-A144-080E097CDEA5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0679DE3A-5E7E-4314-9D23-7AAEF14A0164}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsabine n.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-09-28 06:19 - 2011-09-28 06:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-09-30 09:40 - 2011-09-30 09:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2012-05-02 07:52 - 2014-08-27 12:09 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-09-28 06:19 - 2011-09-28 06:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 06:06 - 2011-09-28 06:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-11-23 21:10 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-08-30 08:27 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3060926553-3636460231-1984617601-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\PAULA.sabinen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9CD5F71D-45A2-4800-BE86-322384C2DCF5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{856E22D3-DBD8-4406-9934-EBACE1DBF8A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7370EF24-0297-4640-A007-9B51669A01B5}] => (Allow) LPort=2869
FirewallRules: [{764AA891-4B4E-40EF-BF6B-7FB0A5D5FBF4}] => (Allow) LPort=1900
FirewallRules: [{8F4ABF00-CDAC-4BFC-BD9B-C6AC800FA875}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9731869D-5C05-4DF8-9DC8-F265FB22AF58}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2E00A141-DCA8-4A3A-AC1C-677223D454E2}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{6A36A863-D696-41DA-BC3B-87FE52B86EED}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{28A1F085-2E02-4326-BD4F-B6E5DEFC7571}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEA52E36-1AA8-4C7B-B028-84F4C7A9ADB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2589DF0-0CE9-47AE-A36A-85289E09EA29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDD9A54A-B0FC-47FE-9E3D-858DF0A0467C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B43A3538-4F32-4226-884A-ADE6F5AB1974}] => (Allow) C:\Program Files (x86)\RapidSolution\Audials 9\Audials.exe
FirewallRules: [{67F5E1DD-4547-48E4-AEED-39D1739FEECC}] => (Allow) LPort=12972
FirewallRules: [{626EE433-D16D-42D7-BDC1-3C148060BA11}] => (Allow) LPort=14714
FirewallRules: [{AB251149-3880-403F-8217-C16A15ED89B3}] => (Allow) LPort=31931
FirewallRules: [{DDCD7A40-DE5B-4EFD-B14F-DFBE1609A0E3}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F001B60A-179F-4FE5-B3FB-10EBB6755C92}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{922C273D-E1F5-4BDE-B4DB-E43947948F1E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [UDP Query User{B6C10970-3981-446E-98D9-113252BB4200}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [TCP Query User{0A067DDA-C18F-4B82-BFB1-7C7FA2B5699C}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [UDP Query User{984A03D0-A5AC-4567-AD6C-12D2F0EB045E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [{B8B7E079-52EC-47BD-8ADE-112398DF2A7C}] => (Allow) F:\fsetup.exe
FirewallRules: [{8A1381B6-80C4-43EA-A61D-FA3E0FB487EC}] => (Allow) F:\fsetup.exe
FirewallRules: [{B95E615F-9005-4B3D-AE17-44FF91D21238}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{73B691AF-0F6F-4124-8B72-728094C6E190}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{ABC18073-3D3E-4EB8-95A0-923A34BD0B9B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{8D3EEED9-145D-4B3A-84BC-DB63DC0BDE5F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{7E91DCF3-53C4-44A2-B49D-5F4FD091054A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{90CCC579-F1BC-4F86-93AA-55B3E0A2CEB3}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{AA45568B-AF5A-4750-A0CC-6DAB45E7B1B1}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FFF26E28-24E6-4521-8F3B-B3063C32B8AC}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{3206AD66-DBD1-48ED-93BE-C5B8473CAB24}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{813DCD76-7347-43B0-A154-8099AAE0F4DD}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{FD9C73B0-4F52-4463-90B4-1E4E89D74E85}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{7EA84E85-286B-45E8-A55A-AE433B9E81AE}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{A0EBCB60-03A0-4D85-9651-829ADA921D6B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{982F7A01-43B3-438E-81C9-0BA9AA3F77D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{E97C0064-6006-43F4-A426-3E7704A083E0}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{4982E99C-C324-46A9-BF97-583A1B7C448B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{459F7B94-9CA0-4993-BE20-32D83169C60C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2532D82D-329A-41EB-A28D-7CE984068AD3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E56922C4-3CE7-4406-8927-6C5CADA5D4E8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4EACAB4E-D47E-4BD9-BA34-BA5D60141FA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F549EBD9-B367-4704-BFB0-491FADA5B9E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6BEF4C79-EE29-46B4-95AA-35E8882490E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E647419E-57BE-45E6-B4C8-4D41CA78928C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5AD4C8F8-0DC4-48E9-97F8-5533CBBB0FFE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6253961E-8272-4C0E-90A0-7F3678B7F235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2634BB9B-6C4E-4418-BE3C-4A5986EB80C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DF4477E-AC18-4B9B-8429-A4EF8D42CF25}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5238425-2DA5-4E15-A102-1216C62EB3C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
27-12-2015 23:24:42 JRT Pre-Junkware Removal
27-12-2015 23:42:48 AA11
30-12-2015 15:59:25 Windows Modules Installer
30-12-2015 16:09:49 Windows Modules Installer
30-12-2015 17:08:35 AA11
30-12-2015 20:20:04 Windows Update
03-01-2016 12:32:58 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/02/2016 11:08:37 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/02/2016 10:56:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2246
Error: (01/02/2016 10:56:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2246
Error: (01/02/2016 10:56:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/02/2016 10:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029
Error: (01/02/2016 10:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029
Error: (01/02/2016 10:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/02/2016 10:32:27 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/02/2016 10:22:41 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (01/02/2016 10:12:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (01/02/2016 10:21:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (01/02/2016 10:18:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.
Error: (01/02/2016 10:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/02/2016 10:17:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Solutions Framework Service erreicht.
Error: (01/02/2016 10:13:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (01/02/2016 10:12:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (01/02/2016 10:11:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/02/2016 10:11:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/02/2016 10:11:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/02/2016 10:11:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Klick-und-Los-Dienst erreicht.
==================== Speicherinformationen ===========================
Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 5609.41 MB
Verfügbarer physikalischer RAM: 2809.54 MB
Summe virtueller Speicher: 11217.02 MB
Verfügbarer virtueller Speicher: 7780.19 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:441.08 GB) (Free:313.09 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery) (Fixed) (Total:20.52 GB) (Free:2.16 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 43BE8158)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
|
|
03.01.2016, 14:13
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Siehe Anweisungen oberhalb. 
__________________ --> Windows 7: Umleitung auf Werbeseiten und Pop up Werbung |
|
03.01.2016, 21:22
| #7 |
| | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Hallo Jürgen, sorry bin schon etwas älter, dauert immer etwas AdwCleaner Logfile:Code:
ATTFilter # AdwCleaner v5.027 - Bericht erstellt am 03/01/2016 um 21:09:18
# Aktualisiert am 30/12/2015 von Xplode
# Datenbank : 2015-12-30.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : sabine n - SABINEn
# Gestartet von : C:\Users\sabine n\Downloads\AdwCleaner_5.027.exe
# Option : Löschen
# Unterstützung : Forum - ToolsLib
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\avira-safesearch.xml
[-] Datei Gelöscht : C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\default.xml
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJVgMUghDFBhCcgpcTA0SGAAOeQAPWBQTEgUQeAgMU10UQFQFIk0FA18DB0VXfWFoKB8fHFNCM01IDVgIREc=");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.MP_DISTINCT_ID", "8c64cf87a48b8ba501e0b0b2f540a359267d9ca5");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.initialSettingsApplied", "true");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.install", "1451849579399");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.migration_1_2_1", true);
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.overrideNewTab", true);
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.prev_default_engine_name", "\"Google\"");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.sdk.baseURI", "resource://safesearch-at-avira-dot-com/");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.sdk.domain", "safesearch-at-avira-dot-com");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.sdk.load.reason", "startup");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.sdk.rootURI", "jar:file:///C:/Users/sabine%20n/AppData/Roaming/Mozilla/Firefox/Profiles/ir6jn664.default/extensions/safesearch@avira.com.xpi!/");
[-] [C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch@avira.com.sdk.version", "1.3.1.208");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [4107 Bytes] ##########
|
|
03.01.2016, 22:31
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
03.01.2016, 22:39
| #9 |
| | Windows 7: Umleitung auf Werbeseiten und Pop up WerbungCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
durchgeführt von sabine n (Administrator) auf SABINEn (03-01-2016 22:34:38)
Gestartet von C:\Users\sabine n\Desktop\RTS Dateien
Geladene Profile: sabine n (Verfügbare Profile: sabine n & PAULA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKKid\AVKCKS.exe,
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\RunOnce: [Uninstall C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\MountPoints2: {e03317ad-cd39-11e4-b9af-ec9a7452a7ef} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-21] (Google Inc.)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-10-23] (Microsoft Corporation) <==== ACHTUNG
BootExecute: autocheck autochk * bddel.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2BB24A61-A8CC-4C78-BA6A-20744CCA982C}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - DrawPlus Starter Edition DE Toolbar - {88d776b4-c426-402a-961c-db0e25e2317b} - C:\Program Files (x86)\DrawPlus_Starter_Edition_DE\prxtbDraw.dll Keine Datei
URLSearchHook: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 - DrawPlus Starter Edition DE Toolbar - {88d776b4-c426-402a-961c-db0e25e2317b} - C:\Program Files (x86)\DrawPlus_Starter_Edition_DE\prxtbDraw.dll Keine Datei
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {6C91B17E-AC61-4699-B3F2-76696F767409} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> DefaultScope {86790347-970B-4E30-A3D4-D0AA6950B5A0} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {86790347-970B-4E30-A3D4-D0AA6950B5A0} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Toolbar: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
DPF: HKLM-x32 {85C86CCC-2158-4123-9C7D-785190CED875} hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
FireFox:
========
FF ProfilePath: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJVgMUghDFBhCcgpcTA0SGAAOeQAPWBQTEgUQeAgMU10UQFQFIk0FA18DB0VXfWFoKB8fHFNCM01IDVgIREc=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-03-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\avira-safesearch.xml [2016-01-03]
FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\default.xml [2016-01-03]
FF SearchPlugin: C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\searchplugins\youtube.xml [2015-11-15]
FF Extension: dp Launcher Plugin - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\extensions\dplauncher@digitalpublishing.de [2014-07-05] [ist nicht signiert]
FF Extension: Avira Browser Safety - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\abs@avira.com [2015-12-30]
FF Extension: Cliqz - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\cliqz@cliqz.com.xpi [2015-12-27]
FF Extension: Avira SafeSearch - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\safesearch@avira.com.xpi [2015-12-27]
FF Extension: Video AdBlock for Firefox - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-12-27] [ist nicht signiert]
FF Extension: fast-player - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{be29e1b5-4d6d-48fd-bded-512193d1c653}.xpi [2015-07-31] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18]
FF HKLM-x32\...\Firefox\Extensions: [FFSodaPDFConverter2012@sodapdf.com] - C:\Program Files (x86)\Soda PDF 2012\FFSodaExt2012
FF Extension: Soda PDF 2012 Converter For Firefox - C:\Program Files (x86)\Soda PDF 2012\FFSodaExt2012 [2012-05-02] [ist nicht signiert]
FF HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\sabine n\AppData\Roaming\Mozilla\Firefox\Profiles\ir6jn664.default\extensions\cliqz@cliqz.com => nicht gefunden
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-06-13] <==== ACHTUNG
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-re__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-re__alt__ddc_dsssyc_bd_com"
CHR DefaultSearchURL: Default -> hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bcr-re__alt__ddc_dss_bd_com&p={searchTerms}
CHR DefaultSearchKeyword: Default -> de.search.yahoo.com
CHR DefaultNewTabURL: Default -> hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bcr-re__alt__ddc_dsssyctab_bd_com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\pdf.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll => Keine Datei
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google-Suche) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21]
CHR Extension: (Google Mail) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
CHR Extension: (DrawPlus Starter Edition DE) - C:\Users\sabine n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocfmicencadhghjmdpabobnbdijgdcd [2015-09-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
S3 Soda PDF 2012 Helper Service; C:\Program Files (x86)\Soda PDF 2012\HelperService.exe [705880 2012-04-20] (LULU Software)
R2 Soda PDF 2012 Service; C:\Program Files (x86)\Soda PDF 2012\ConversionService.exe [723288 2012-04-20] (LULU Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezSharedSvcHost.exe [X]
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-16] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-08-29] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-08-29] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-08-29] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-08-29] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-08-29] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-08-29] (G Data Software AG)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 cpuz134; \??\C:\Users\SABINE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-03 21:03 - 2016-01-03 21:14 - 00000000 ____D C:\Users\sabine n\Desktop\ADW Cleaner
2016-01-03 21:01 - 2016-01-03 21:01 - 01745920 _____ C:\Users\sabine n\Downloads\AdwCleaner_5.027.exe
2016-01-03 21:00 - 2016-01-03 21:00 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-03 20:45 - 2016-01-03 20:45 - 00001227 _____ C:\Users\sabine n\Desktop\Addition.txt
2016-01-03 20:45 - 2016-01-03 20:45 - 00000104 _____ C:\Users\sabine n\Desktop\FRST.txt
2016-01-03 20:43 - 2016-01-03 20:49 - 00000000 ____D C:\Users\sabine n\Desktop\RTS Dateien
2016-01-03 20:31 - 2016-01-03 20:31 - 00032538 _____ C:\Users\sabine n\Desktop\AdwCleaner[C2].txt
2016-01-03 19:04 - 2016-01-03 19:05 - 01745920 _____ C:\Users\sabine n\Desktop\AdwCleaner_5.027.exe
2016-01-03 12:23 - 2016-01-03 12:23 - 09479872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-02 10:11 - 2016-01-02 10:11 - 00000000 ___HD C:\OneDriveTemp
2015-12-30 17:58 - 2015-12-30 17:58 - 00001841 _____ C:\Users\sabine n\Desktop\G DATA Protokoll ID 422.html
2015-12-30 17:45 - 2015-12-30 17:45 - 00000331 _____ C:\Users\sabine n\Downloads\Malwarebytes Anti Malware.txt
2015-12-30 16:46 - 2016-01-03 19:10 - 00042937 _____ C:\Users\sabine n\Downloads\Addition.txt
2015-12-30 16:10 - 2016-01-03 19:10 - 00064334 _____ C:\Users\sabine n\Downloads\FRST.txt
2015-12-30 16:08 - 2016-01-03 22:34 - 00000000 ____D C:\FRST
2015-12-28 02:15 - 2015-12-28 02:15 - 00000802 _____ C:\Windows\system32\bddel.dat
2015-12-28 00:14 - 2015-12-28 00:14 - 00000000 ____D C:\Users\sabine n\AppData\Roaming\SUPERAntiSpyware.com
2015-12-28 00:13 - 2015-12-30 19:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-28 00:13 - 2015-12-28 00:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-12-28 00:11 - 2015-12-28 00:12 - 24236480 _____ (SUPERAntiSpyware) C:\Users\sabine n\Downloads\SUPERAntiSpyware.exe
2015-12-28 00:03 - 2016-01-03 20:53 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-28 00:00 - 2015-12-28 00:00 - 14262464 _____ (Microsoft Corporation) C:\Users\sabine n\Downloads\mseinstall.exe
2015-12-27 23:46 - 2015-12-27 23:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-12-27 23:42 - 2015-12-27 23:42 - 02012464 _____ C:\Users\sabine n\Downloads\Adaware_Installer.exe
2015-12-27 23:39 - 2015-12-27 23:39 - 00008430 _____ C:\Users\sabine n\Desktop\JRT.txt
2015-12-27 23:34 - 2015-12-27 23:35 - 22908888 _____ (Malwarebytes ) C:\Users\sabine n\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-27 23:27 - 2015-12-27 23:27 - 00003232 _____ C:\Windows\System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390}
2015-12-27 23:23 - 2015-12-27 23:24 - 01599336 _____ (Malwarebytes) C:\Users\sabine n\Downloads\JRT.exe
2015-12-27 23:19 - 2016-01-03 21:09 - 00000000 ____D C:\AdwCleaner
2015-12-27 23:18 - 2015-12-27 23:18 - 01743360 _____ C:\Users\sabine n\Downloads\adwcleaner_5.026.exe
2015-12-27 23:15 - 2015-12-27 23:15 - 00000000 ____D C:\Users\sabine n\AppData\LocalLow\Oracle
2015-12-27 23:14 - 2015-12-27 23:14 - 00584288 _____ (Oracle Corporation) C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe
2015-12-27 23:09 - 2015-12-27 23:09 - 00248872 _____ C:\Users\sabine n\Downloads\Firefox Setup Stub 43.0.2.exe
2015-12-27 23:09 - 2015-12-27 23:09 - 00248872 _____ C:\Users\sabine n\Downloads\Firefox Setup Stub 43.0.2(1).exe
2015-12-27 22:39 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-27 22:39 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-27 22:39 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-27 22:39 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-27 22:39 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-27 22:39 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-27 22:39 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-27 22:39 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-27 22:39 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-27 22:39 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-27 22:39 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-27 22:39 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-27 22:39 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-27 22:39 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-27 22:38 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-27 22:38 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-27 22:38 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-27 22:38 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-27 22:38 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-27 22:38 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-27 22:38 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-27 22:38 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-27 22:38 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-27 22:37 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-27 22:37 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-27 22:37 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-27 22:37 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-27 22:37 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-27 22:37 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-27 22:37 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-27 22:37 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-27 22:37 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-27 22:37 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-27 22:37 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-27 22:37 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-27 22:37 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-27 22:37 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-27 22:37 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-27 22:37 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-27 22:37 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-27 22:37 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-27 22:37 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-27 22:37 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-27 22:37 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-27 22:37 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-27 22:37 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-27 22:37 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-27 22:37 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-27 22:37 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-27 22:37 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-27 22:37 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-27 22:37 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-27 22:37 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-27 22:37 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-27 22:37 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-27 22:37 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-27 22:37 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-27 22:37 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-27 22:37 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-27 22:37 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-27 22:37 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-27 22:37 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-27 22:37 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-27 22:37 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-27 22:37 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-27 22:37 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-27 22:37 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-27 22:37 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-27 22:37 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-27 22:37 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-27 22:37 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-27 22:37 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-27 22:37 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-27 22:37 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-27 22:37 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-27 22:37 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-27 22:37 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-27 22:37 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-27 22:37 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-27 22:37 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-27 22:37 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-27 22:37 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-27 22:37 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-27 22:37 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-27 22:37 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-27 22:37 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-27 22:37 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-27 22:36 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-27 22:36 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-18 19:58 - 2015-12-18 20:00 - 120963072 _____ (G Data Software AG) C:\Users\sabine n\Downloads\INT_R_BASE_IS.exe.part
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-03 22:33 - 2015-11-23 20:43 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForsabine n.job
2016-01-03 22:26 - 2013-12-21 22:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-03 22:20 - 2013-12-21 22:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 21:25 - 2013-10-16 11:20 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job
2016-01-03 21:21 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 21:21 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 21:14 - 2012-05-27 21:05 - 00000000 ___RD C:\Users\sabine n\SkyDrive
2016-01-03 21:13 - 2013-12-21 22:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-03 21:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 20:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-03 20:26 - 2015-08-05 07:48 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-03 12:25 - 2013-10-16 11:20 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job
2016-01-03 12:23 - 2015-01-14 18:50 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 12:23 - 2015-01-14 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-03 12:23 - 2014-03-04 22:12 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job
2016-01-03 12:23 - 2013-12-21 22:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-03 12:22 - 2014-03-04 22:16 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSABINEn$
2015-12-30 21:03 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-30 19:54 - 2014-03-15 10:28 - 00000000 ____D C:\Windows\SysWOW64\cache
2015-12-30 19:45 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-30 19:44 - 2009-07-14 05:45 - 00472984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-30 19:42 - 2013-03-14 21:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-30 19:42 - 2011-10-22 15:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-30 19:41 - 2015-04-06 10:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-30 19:41 - 2015-04-06 10:32 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-30 19:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-30 17:49 - 2013-03-15 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-30 17:40 - 2014-04-10 11:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-30 17:21 - 2015-09-12 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-12-30 16:30 - 2014-04-10 10:58 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-28 07:56 - 2011-10-23 00:15 - 02010118 _____ C:\Windows\system32\perfh007.dat
2015-12-28 07:56 - 2011-10-23 00:15 - 00571938 _____ C:\Windows\system32\perfc007.dat
2015-12-28 07:56 - 2009-07-14 06:13 - 00006548 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-28 07:46 - 2015-10-07 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 07:46 - 2014-06-06 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-28 07:43 - 2013-06-04 20:07 - 00000000 ____D C:\Users\PAULA.sabinen\AppData\LocalLow\DrawPlus_Starter_Edition_DE
2015-12-28 07:43 - 2012-12-23 09:01 - 00000000 ____D C:\Users\sabine n\AppData\LocalLow\DrawPlus_Starter_Edition_DE
2015-12-28 03:21 - 2015-10-30 20:27 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-28 03:19 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther
2015-12-27 23:28 - 2015-09-12 21:00 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-27 23:17 - 2013-12-21 22:45 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-27 23:11 - 2014-06-06 09:38 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-27 23:11 - 2014-06-06 09:38 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-27 22:21 - 2012-03-19 21:27 - 00000000 ____D C:\Users\sabine n\AppData\Local\CrashDumps
2015-12-27 22:14 - 2015-11-24 08:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 19:51 - 2011-10-22 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-18 19:21 - 2013-12-21 22:44 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-18 19:21 - 2013-12-21 22:44 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-18 19:09 - 2014-02-20 07:00 - 00002212 _____ C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-06-27 07:19 - 2014-06-27 07:19 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-08-29 19:02 - 2015-08-29 19:02 - 0000000 _____ () C:\Users\sabine n\AppData\Roaming\gdfw.log
2015-08-29 19:01 - 2015-08-29 19:02 - 0000779 _____ () C:\Users\sabine n\AppData\Roaming\gdscan.log
2014-12-10 08:18 - 2014-12-10 08:18 - 0000000 _____ () C:\Users\sabine n\AppData\Local\{004E8E92-21F9-4A38-B05E-A4F4A2F6FE6B}
Einige Dateien in TEMP:
====================
C:\Users\PAULA.sabinen\AppData\Local\Temp\avgnt.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\mybestofferstoday.exe
C:\Users\PAULA.sabinen\AppData\Local\Temp\optimizerpro.exe
C:\Users\sabine n\AppData\Local\Temp\cct.dll
C:\Users\sabine n\AppData\Local\Temp\JavaIC.dll
C:\Users\sabine n\AppData\Local\Temp\msscct32.dll
C:\Users\sabine n\AppData\Local\Temp\sqlite3.dll
C:\Users\sabine n\AppData\Local\Temp\YSearchUtil.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-12 22:04
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-12-2015
durchgeführt von sabine n (2016-01-03 22:35:56)
Gestartet von C:\Users\sabine n\Desktop\RTS Dateien
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-04 15:29:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3060926553-3636460231-1984617601-500 - Administrator - Disabled)
Gast (S-1-5-21-3060926553-3636460231-1984617601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3060926553-3636460231-1984617601-1003 - Limited - Enabled)
PAULA (S-1-5-21-3060926553-3636460231-1984617601-1005 - Limited - Enabled) => C:\Users\PAULA.sabinen
sabine n (S-1-5-21-3060926553-3636460231-1984617601-1001 - Administrator - Enabled) => C:\Users\sabine n
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - )
Benutzerhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - )
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 1.0.22 - CLIQZ.com)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.2 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{483539DB-FA71-4C45-8438-55D3DCFDECC8}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Architect (HKLM-x32\...\{86D8A96B-1911-4C3F-AA16-0B47E053E492}) (Version: 1.2.97.14551 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.11.333 - Engelmann Media GmbH)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Soda PDF 2012 (HKLM-x32\...\{7315581A-6BCA-421B-9B42-469327C77CE6}) (Version: 2.1.18.4206 - LULU Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sabine n\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00184B45-1184-4661-808F-BD5041E55B48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {0A70D84B-7C91-46B7-9011-7354235F3B3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {10CCEADC-4833-4E0A-8475-CC1B4126B0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {137AAED0-50D3-4BDA-AF25-2FEBE0027C30} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.)
Task: {2459C408-0410-4B50-ABDD-9EED22BA9A93} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {24BA01D1-EFBC-4278-BBD7-AA9E5B922BEA} - System32\Tasks\HPCeeScheduleForSABINEn$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2812B293-0B56-48C9-8F87-F982B19EDECB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {2E08AF43-C6BF-46CF-9D66-B179A01AB981} - System32\Tasks\{A9ECAFF3-21D5-456F-B10F-F85C724E4390} => pcalua.exe -a "C:\Users\sabine n\Downloads\jre-8u66-windows-i586-iftw.exe" -d "C:\Users\sabine n\Downloads"
Task: {38CC9D51-3FC3-4CCE-B4C9-F62F06AD97A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {52F47DCD-FC60-4504-AE4C-51209A8402CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {53C08BE3-6AAD-4F0F-9E1C-DCCC780A1273} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {544610B2-8221-4733-ACD4-E17EC0B7DDD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {62AF791F-F62F-4A0B-9AFF-3C66549955D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {666CC9A0-9210-4088-8FD5-C064AC725B9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8E02F0D1-3D3C-483F-8E69-F11ADF9D2D7C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {98927031-A17A-40D6-B13B-18BF94A6BC0F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {B98D0172-DA59-423D-854D-ADAD10379252} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B9F8EC90-3D8F-4E38-956C-B8F23AC82019} - System32\Tasks\{D7C6B649-5705-4FB4-9DF8-F6307DB73FCA} => pcalua.exe -a "C:\Users\sabine n\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09BBVCS6\Soda_PDF_2012_Installer.exe" -d "C:\Users\sabine n\Desktop"
Task: {BC134C5D-BEB7-489A-AFCD-43ACD0389CD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C08EF655-011D-46F3-A3FC-F75FB82697F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {C8BE108D-22AF-42AA-9836-149CCF3FFA7B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-16] (Facebook Inc.)
Task: {CA0F44C1-74BD-4E61-9857-8A2D414D1673} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {DA913778-66CD-428D-9421-C465FBFFB862} - System32\Tasks\HPCeeScheduleForsabine n => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EE99FB23-E7E4-46F3-A144-080E097CDEA5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005Core.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3060926553-3636460231-1984617601-1005UA.job => C:\Users\PAULA.sabinen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForsabine n.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSABINEn$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-09-28 06:19 - 2011-09-28 06:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-11-23 21:10 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2011-09-30 09:40 - 2011-09-30 09:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-09-28 06:19 - 2011-09-28 06:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 06:06 - 2011-09-28 06:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-08-30 08:27 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3060926553-3636460231-1984617601-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sabine n\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9CD5F71D-45A2-4800-BE86-322384C2DCF5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{856E22D3-DBD8-4406-9934-EBACE1DBF8A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7370EF24-0297-4640-A007-9B51669A01B5}] => (Allow) LPort=2869
FirewallRules: [{764AA891-4B4E-40EF-BF6B-7FB0A5D5FBF4}] => (Allow) LPort=1900
FirewallRules: [{8F4ABF00-CDAC-4BFC-BD9B-C6AC800FA875}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9731869D-5C05-4DF8-9DC8-F265FB22AF58}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2E00A141-DCA8-4A3A-AC1C-677223D454E2}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{6A36A863-D696-41DA-BC3B-87FE52B86EED}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{28A1F085-2E02-4326-BD4F-B6E5DEFC7571}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEA52E36-1AA8-4C7B-B028-84F4C7A9ADB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2589DF0-0CE9-47AE-A36A-85289E09EA29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDD9A54A-B0FC-47FE-9E3D-858DF0A0467C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B43A3538-4F32-4226-884A-ADE6F5AB1974}] => (Allow) C:\Program Files (x86)\RapidSolution\Audials 9\Audials.exe
FirewallRules: [{67F5E1DD-4547-48E4-AEED-39D1739FEECC}] => (Allow) LPort=12972
FirewallRules: [{626EE433-D16D-42D7-BDC1-3C148060BA11}] => (Allow) LPort=14714
FirewallRules: [{AB251149-3880-403F-8217-C16A15ED89B3}] => (Allow) LPort=31931
FirewallRules: [{DDCD7A40-DE5B-4EFD-B14F-DFBE1609A0E3}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F001B60A-179F-4FE5-B3FB-10EBB6755C92}] => (Allow) C:\Users\sabine n\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{922C273D-E1F5-4BDE-B4DB-E43947948F1E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [UDP Query User{B6C10970-3981-446E-98D9-113252BB4200}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [TCP Query User{0A067DDA-C18F-4B82-BFB1-7C7FA2B5699C}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [UDP Query User{984A03D0-A5AC-4567-AD6C-12D2F0EB045E}C:\users\sabine n\appdata\roaming\jinuhu\buew.exe] => (Block) C:\users\sabine n\appdata\roaming\jinuhu\buew.exe
FirewallRules: [{B8B7E079-52EC-47BD-8ADE-112398DF2A7C}] => (Allow) F:\fsetup.exe
FirewallRules: [{8A1381B6-80C4-43EA-A61D-FA3E0FB487EC}] => (Allow) F:\fsetup.exe
FirewallRules: [{B95E615F-9005-4B3D-AE17-44FF91D21238}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{73B691AF-0F6F-4124-8B72-728094C6E190}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{ABC18073-3D3E-4EB8-95A0-923A34BD0B9B}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{8D3EEED9-145D-4B3A-84BC-DB63DC0BDE5F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{7E91DCF3-53C4-44A2-B49D-5F4FD091054A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{90CCC579-F1BC-4F86-93AA-55B3E0A2CEB3}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{AA45568B-AF5A-4750-A0CC-6DAB45E7B1B1}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FFF26E28-24E6-4521-8F3B-B3063C32B8AC}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{3206AD66-DBD1-48ED-93BE-C5B8473CAB24}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{813DCD76-7347-43B0-A154-8099AAE0F4DD}C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\paula.sabinen\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{FD9C73B0-4F52-4463-90B4-1E4E89D74E85}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{7EA84E85-286B-45E8-A55A-AE433B9E81AE}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{A0EBCB60-03A0-4D85-9651-829ADA921D6B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{982F7A01-43B3-438E-81C9-0BA9AA3F77D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{E97C0064-6006-43F4-A426-3E7704A083E0}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{4982E99C-C324-46A9-BF97-583A1B7C448B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{459F7B94-9CA0-4993-BE20-32D83169C60C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2532D82D-329A-41EB-A28D-7CE984068AD3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E56922C4-3CE7-4406-8927-6C5CADA5D4E8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{4EACAB4E-D47E-4BD9-BA34-BA5D60141FA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F549EBD9-B367-4704-BFB0-491FADA5B9E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6BEF4C79-EE29-46B4-95AA-35E8882490E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E647419E-57BE-45E6-B4C8-4D41CA78928C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5AD4C8F8-0DC4-48E9-97F8-5533CBBB0FFE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6253961E-8272-4C0E-90A0-7F3678B7F235}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2634BB9B-6C4E-4418-BE3C-4A5986EB80C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DF4477E-AC18-4B9B-8429-A4EF8D42CF25}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5238425-2DA5-4E15-A102-1216C62EB3C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
27-12-2015 23:42:48 AA11
30-12-2015 15:59:25 Windows Modules Installer
30-12-2015 16:09:49 Windows Modules Installer
30-12-2015 17:08:35 AA11
30-12-2015 20:20:04 Windows Update
03-01-2016 12:32:58 Windows Update
03-01-2016 21:00:20 AA11
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/03/2016 09:24:51 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/03/2016 09:21:52 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (01/03/2016 09:12:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2016 08:41:49 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/03/2016 08:40:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (01/03/2016 08:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2016 08:22:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner_5.027.exe, Version 5.0.2.7 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11ac
Startzeit: 01d14658f64b40fc
Endzeit: 0
Anwendungspfad: C:\Users\sabine n\Desktop\AdwCleaner_5.027.exe
Berichts-ID:
Error: (01/03/2016 08:16:43 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
Sent from: Name:ActiveHealth.exe
There are no context policies.
Is terminating: True
Exception object: System.InvalidOperationException: Cannot load Counter Name data because an invalid index '' was read from the registry.
at System.Diagnostics.PerformanceCounterLib.GetStringTable(Boolean isHelp)
at System.Diagnostics.PerformanceCounterLib.get_NameTable()
at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
at System.Diagnostics.PerformanceCounter.InitializeImpl()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.UpdateCounterObjects()
at HP.ActiveHealth.API.Performance.ProcessPerformanceCounter.ProcessFinder(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
Error: (01/03/2016 08:10:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (01/03/2016 08:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14211.177, Zeitstempel: 0x53d842e7
Name des fehlerhaften Moduls: avkhttp.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53d84312
Ausnahmecode: 0xc0000005
Fehleroffset: 0x67ce7650
ID des fehlerhaften Prozesses: 0x1b0c
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Systemfehler:
=============
Error: (01/03/2016 09:15:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
Error: (01/03/2016 09:14:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/03/2016 09:14:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Solutions Framework Service erreicht.
Error: (01/03/2016 09:11:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LavasoftTcpService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/03/2016 09:11:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/03/2016 09:10:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (01/03/2016 09:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/03/2016 09:09:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/03/2016 09:09:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/03/2016 09:09:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
==================== Speicherinformationen ===========================
Prozessor: AMD A4-3305M APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 5609.41 MB
Verfügbarer physikalischer RAM: 3094.62 MB
Summe virtueller Speicher: 11217.02 MB
Verfügbarer virtueller Speicher: 8013.05 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:441.08 GB) (Free:312.71 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery) (Fixed) (Total:20.52 GB) (Free:2.16 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 43BE8158)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
|
|
04.01.2016, 10:19
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Prima! Schritt 1  
Schritt 2 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
06.01.2016, 21:13
| #11 |
| | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Hallo, hier die Scans Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 05.01.2016 19:13, SYSTEM, SABINEn, Manual, Remediation Database, 2015.9.16.1, 2016.1.4.1, Update, 05.01.2016 19:13, SYSTEM, SABINEn, Manual, Rootkit Database, 2015.9.18.1, 2015.12.26.1, Update, 05.01.2016 19:13, SYSTEM, SABINEn, Manual, Domain Database, 2015.9.22.3, 2016.1.4.7, Update, 05.01.2016 19:13, SYSTEM, SABINEn, Manual, IP Database, 2015.9.21.2, 2015.12.30.1, Update, 05.01.2016 19:13, SYSTEM, SABINEn, Manual, Malware Database, 2015.9.22.5, 2016.1.5.4, Scan, 05.01.2016 20:17, SYSTEM, SABINEn, Manual, Start: 05.01.2016 19:14, Dauer: 1 Std. 2 Min. 13 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 12 Nicht-Malware-Erkennungen, Error, 05.01.2016 20:20, SYSTEM, SABINEn, Protection, IsLicensed, 13, Protection, 05.01.2016 20:20, SYSTEM, SABINEn, Protection, Malware Protection, Stopping, Protection, 05.01.2016 20:20, SYSTEM, SABINEn, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bb72e87f18f4044082c24b21c41a84af
# end=init
# utc_time=2016-01-05 07:29:28
# local_time=2016-01-05 08:29:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27507
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bb72e87f18f4044082c24b21c41a84af
# end=updated
# utc_time=2016-01-05 07:34:01
# local_time=2016-01-05 08:34:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bb72e87f18f4044082c24b21c41a84af
# engine=27507
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-06 07:59:04
# local_time=2016-01-06 08:59:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 95724 203740194 0 0
# scanned=336796
# found=27
# cleaned=26
# scan_time=1503
sh=42F005F09BB900C778CAF5769460A4B543A67B4F ft=1 fh=bf2609c2104fe69b vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetupU0K34I0B.exe"
sh=5EB4B3C8CD4E6F9F6783FFF00AD8812F0CFE413D ft=1 fh=50f5a1b9ae232537 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5113\nsib.dll.vir"
sh=AE9FC10D55C07D58BF367B2586FF972654EB75D1 ft=1 fh=24496c038e0081bf vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5116\nsib.dll.vir"
sh=603595B043897013185E24C54366784561AD498B ft=1 fh=5e2476dcbe241a49 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5119\nsib.dll.vir"
sh=8FF0DFDDA7819EFC41A5E2EC2C22C607759F7D1A ft=1 fh=79c87908ee336689 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5123\nsib.dll.vir"
sh=556F7D02A86E8D2E5E3BC540FCDB85ED9A4B4C1A ft=1 fh=1de97e00348dce55 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5131\nsib.dll.vir"
sh=2386195141E578F6773682CC21DAA23454BEFD7D ft=1 fh=db97fc21a0880c5b vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5132\nsib.dll.vir"
sh=FBF72EEB581D4C82C2D26F01241DB03BC0DD91F7 ft=1 fh=bf3f894b22130c62 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\tprb\5141\nsib.dll.vir"
sh=32EEE1864E49A4FA06A68005D78A42202771D551 ft=1 fh=d4756073afcc2186 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir"
sh=1F4C2E6BCF89CECF7E57FCA218A3ED10A5879828 ft=1 fh=ecb34756e46ac693 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir"
sh=181241E6431887DC27F4E2B92159F77D82831893 ft=1 fh=80d13d017bfcdcc5 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5113\nsib.dll.vir"
sh=4A1C619288EF819FB99EB59FC2CDDEB1E11C53ED ft=1 fh=a39ab979e92d10f3 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5116\nsib.dll.vir"
sh=C0A6EE22B75DAB50FA3B2C6C71B7F3A2A6F470DC ft=1 fh=ef388b79d75014b6 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5119\nsib.dll.vir"
sh=D589418ED5B785A121824C5F6B6B4D99BEE7AF36 ft=1 fh=23a86629a9f2b83e vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5123\nsib.dll.vir"
sh=E1F78B4540FCC254BF66324F6A846411AD86F79B ft=1 fh=283d488de8e01b58 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5131\nsib.dll.vir"
sh=52D2E7000C51C535BE065DBC04697148F2A91DA7 ft=1 fh=0a5709db6f26ac2f vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5132\nsib.dll.vir"
sh=636553DBD4D8839C3BB36F59A90C63F23BCD7504 ft=1 fh=8b8daa0a3405b1f4 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\mjcm\5141\nsib.dll.vir"
sh=F1942F3D0D5EDBF3C5B390C8D64B520F388D519F ft=1 fh=d34279516b4a8603 vn="JS/Superfish.A evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\PAULA.sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV8GPILL\FastPlayerSetup[1].exe"
sh=EBEAFE724CB934442795775B3AF373C6C25B2F52 ft=1 fh=ded36d5ce8d1ab8d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\PAULA.sabine\AppData\LocalLow\DrawPlus_Starter_Edition_DE\tbDraw.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\PAULA.sabine\AppData\LocalLow\DrawPlus_Starter_Edition_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\sabine neehoff\AppData\LocalLow\DrawPlus_Starter_Edition_DE\tbDra0.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\sabine \AppData\LocalLow\DrawPlus_Starter_Edition_DE\tbDra2.dll"
sh=EBEAFE724CB934442795775B3AF373C6C25B2F52 ft=1 fh=ded36d5ce8d1ab8d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\sabine neehoff\AppData\LocalLow\DrawPlus_Starter_Edition_DE\tbDraw.dll"
sh=D11BB1A4403C5F66BD7CD16FB88EE52CB8EA32CA ft=1 fh=888585d6e9672639 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\sabine \Downloads\K Lite Codec Pack Standard - CHIP-Installer.exe"
sh=AF88F42E23FC2578B64DFEB23FEC54C697858AB8 ft=1 fh=f9e7246d666b8d09 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\sabine\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\sabine neehoff\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=61EA69C2E38A0B4C8D6B35DDC10E81DDC4B51E47 ft=1 fh=6188de924bf3dd7b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\sabine \Downloads\VLC media player 32 Bit - CHIP-Installer.exe"
|
|
07.01.2016, 18:53
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Bitte richtiges Scan-Log von Malwarebytes posten. Malwarebytes Anti-Malware Logfile finden - Anleitungen Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
11.01.2016, 13:20
| #13 |
| | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung Hallo Jürgen, sorry für meine späte Antwort, war beruflich unterwegs und nicht mit meinem Rechner online. Sieht gut aus, scheint alles ok. Ich prüfe es heute Abend nochmal. Vielen Dank für die tolle Hilfe!!!! Gruß, Sabine |
|
11.01.2016, 13:25
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Umleitung auf Werbeseiten und Pop up Werbung OK.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Windows 7: Umleitung auf Werbeseiten und Pop up Werbung |
| ad-aware, antivirus, askbar, avg, avira, bonjour, desktop, device driver, dnsapi.dll, failed, firefox, flash player, google, home, homepage, launch, lavasofttcpservice64.dll, mal-ware, monitor, mozilla, office 365, onedrive, prozesse, realtek, registry, scan, secure search, security, software, system, udp, web companion, werbefenster, werbung, windows |
zu 
und drücke den "Aktualisieren" Button.
dann auf 
und dann auf 
.
Linear-Darstellung
