| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lavasoft Web Companion - werde es allein nicht losWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.02.2016, 01:33
| #1 |
 |  Lavasoft Web Companion - werde es allein nicht los Hallo, habe mir Lavasoft Web Companion zugezogen (und möglicherweise andere Schädlinge). Habe alle möglichen Virenprogramme wie adwcleaner, jrt oder Malwarebytes eingesetzt und sogar registry einträge gelöscht - hat alles nix gebracht. Betriebssystem ist Win 10. Bin dankbar für jede Hilfe!  evapro |
|
20.02.2016, 10:07
| #2 |
| | FRST-Log Dateien Hallo,
__________________habe in der Zwischenzeit einen FRST Scan gemacht und schicke hier die Logdateien... |
|
21.02.2016, 00:41
| #3 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, komischerweise werde ich ständig als offline angezeigt, obwohl ich eingeloggt bin. Kann das an den Schädlingen liegen?
__________________Bitte um Hilfe! Bin total verzweifelt. Kann meine Dateien nicht mehr auf externe Laufwerke kopieren. Bekomme immer wieder Fehlermeldungen, dass Dateien und/oder Laufwerke beschädigt sind. Habe Angst alles zu verlieren... Bitte, bitte helfen Sie mir! Kann meine Dateien nicht mehr auf externe Lauferke kopieren. Bekomme immer Fehlermeldungen, dass Dateien und/oder Laufwerke beschädigt sind. Habe Angst, alles zu verlieren. Hier im trojaner-bord erscheine ich ständig als offline obwohl ich online und eingeloggt bin. Bin total verzweifelt...  |
|
23.02.2016, 13:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Lavasoft Web Companion - werde es allein nicht los 1. wenn du dir selbst antwortest, verschwindet dein Thread aus dem Fokus - wir bearbeiten primär nur Threads OHNE Antworten 2. für sowas hat man nicht die Meldefunktion zu missbrauchen sondern den Erinnerungsthread zu nutzen => http://www.trojaner-board.de/72623-e...en-thread.html 3. Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.02.2016, 10:38
| #5 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, ich bitte vielmals um Entschuldigung. Ich habe das nicht gewußt... Habe einen neuen FRST Scan gemacht, weil ich mittlerweile noch weitere Virenscans gemacht und Schädlinge entfernt habe. Hier ist das aktuelle Resultat: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-02-2016 01
Ran by ES (administrator) on ES-PC (24-02-2016 10:27:57)
Running from C:\Users\ES\Downloads
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14688512 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\WINDOWS\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [HP ENVY 4500 series (NET) #2] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{1dc105ae-8e87-4360-af98-5bbd70b5caf2}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{463066ba-d45a-4f4c-8d6d-426a499e0e30}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{4c6fab08-4c81-474e-9dea-1e2ec6279925}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{66490054-2ee0-424b-b4eb-f1c0a080123b}: [DhcpNameServer] 82.163.143.171
Internet Explorer:
==================
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ES\AppData\Roaming\Mozilla\Firefox\Profiles\yokyqeli.default-1455898717427
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-29] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-09-22] [not signed]
FF HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1926896 2016-02-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2015-03-17] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [218784 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-12-05] (Paragon Software Group)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-12-12] (REALiX(tm))
S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [24848 2011-05-06] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-10-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-12-19] (Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2014-07-30] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 10:27 - 2016-02-24 10:28 - 00013947 _____ C:\Users\ES\Downloads\FRST.txt
2016-02-24 10:25 - 2016-02-24 10:27 - 01722368 _____ (Farbar) C:\Users\ES\Downloads\FRST.exe
2016-02-24 10:20 - 2016-02-24 10:20 - 00000000 _____ C:\Users\ES\Downloads\avast_free_antivirus_setup.exe
2016-02-24 10:19 - 2016-02-24 10:20 - 144039550 _____ C:\Users\ES\Downloads\avast_free_antivirus_setup.exe.part
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:06 - 2016-02-23 19:07 - 01511936 _____ C:\Users\ES\Downloads\adwcleaner_5.036.exe
2016-02-23 18:18 - 2016-02-23 19:41 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-23 18:18 - 2016-02-23 18:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2016-02-23 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtremeCopy
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\Program Files\Easersoft
2016-02-23 01:24 - 2016-02-23 01:24 - 00000017 _____ C:\Users\ES\Desktop\Fehler 0x80070570.txt
2016-02-22 23:20 - 2016-02-23 19:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-22 11:48 - 2016-02-22 11:48 - 00000001 _____ C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2016-02-22 11:11 - 2016-02-22 11:11 - 00042764 ____H C:\WINDOWS\TempFDB.fdb
2016-02-22 11:06 - 2016-02-22 11:07 - 00000000 ____D C:\Program Files\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\ConeXware
2016-02-22 00:26 - 2016-02-22 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2014 Free
2016-02-21 23:52 - 2016-02-21 23:54 - 00000000 ____D C:\Users\ES\Desktop\USB
2016-02-20 10:00 - 2016-02-24 10:27 - 00000000 ____D C:\FRST
2016-02-19 23:15 - 2016-02-19 23:15 - 00000000 ____D C:\Users\ES\AppData\Roaming\dlg
2016-02-19 23:13 - 2016-02-23 19:14 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-19 23:13 - 2016-02-20 00:32 - 00000000 ____D C:\Users\ES\AppData\Roaming\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\Users\ES\AppData\Local\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-19 23:12 - 2016-02-20 00:32 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\launcher
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\formatpart
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\explauncher
2016-02-19 18:18 - 2016-02-19 18:18 - 00000000 ____D C:\Program Files\Paragon Software
2016-02-19 18:11 - 2016-02-23 19:06 - 00000000 ____D C:\Users\ES\Viren
2016-02-19 16:22 - 2016-02-24 01:03 - 00000000 ____D C:\ProgramData\f568f502
2016-02-19 16:21 - 2013-12-05 13:34 - 00027464 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2016-02-17 07:20 - 2016-02-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 01:40 - 2016-02-14 01:40 - 00000228 _____ C:\Users\ES\Desktop\neu mix.txt
2016-02-13 12:48 - 2016-02-13 12:48 - 00002373 _____ C:\Users\ES\Desktop\kü.txt
2016-02-12 19:34 - 2016-02-12 19:34 - 00000000 ____D C:\Users\ES\AppData\Roaming\NVIDIA
2016-02-12 19:32 - 2016-02-24 09:14 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-12 18:57 - 2016-02-12 18:57 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-12 18:56 - 2016-02-12 18:56 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-02-12 18:56 - 2016-02-12 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 18:13 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 05798240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 01560848 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 18:13 - 2016-01-27 07:15 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 18:13 - 2016-01-27 07:12 - 00279376 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 18:13 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 18:13 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 18:13 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 18:13 - 2016-01-27 06:47 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 18:13 - 2016-01-27 06:47 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 18:13 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 18:13 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 18:13 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 18:13 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 18:13 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 18:13 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 18:13 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 18:13 - 2016-01-27 05:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 18:13 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 18:13 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 18:13 - 2016-01-27 05:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 18:13 - 2016-01-27 05:51 - 01903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 13:24 - 2016-02-05 13:24 - 00051480 _____ C:\Users\ES\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 10:17 - 2016-02-01 10:57 - 00000000 ____D C:\Users\ES\Documents\My Music
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\ES\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TuneClone
2016-01-31 23:42 - 2016-01-31 23:42 - 00000000 ____D C:\Users\ES\AppData\Local\Apple Computer
2016-01-31 23:38 - 2016-02-01 13:00 - 00000000 ____D C:\Users\ES\AppData\Roaming\Anvsoft
2016-01-31 23:38 - 2016-01-31 23:38 - 00000000 ____D C:\Users\ES\Documents\Any Audio Converter
2016-01-31 23:05 - 2016-02-01 09:52 - 00000000 ____D C:\Users\ES\AppData\Roaming\Apple Computer
2016-01-31 23:02 - 2016-01-31 23:02 - 00000000 ____D C:\Users\ES\AppData\Local\Apple
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\Users\ES\AppData\LocalLow\Apple Computer
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\ProgramData\Apple
2016-01-31 22:31 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TEMP
2016-01-31 22:30 - 2011-05-06 23:29 - 00024848 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\lmvac.sys
2016-01-31 20:09 - 2016-02-07 22:10 - 00004608 _____ C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-31 18:57 - 2016-01-31 18:59 - 00000000 ____D C:\Users\ES\Documents\PA
2016-01-31 16:50 - 2016-01-31 16:50 - 00000000 ____D C:\Users\ES\AppData\Local\ElevatedDiagnostics
2016-01-31 14:58 - 2016-01-31 14:58 - 00000000 ____D C:\Users\ES\AppData\Roaming\Flo & Seb Engineering
2016-01-31 14:57 - 2016-02-23 19:40 - 00001038 _____ C:\Users\ES\Desktop\Kochbuch.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kochbuch
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\Program Files\Kochbuch
2016-01-31 14:49 - 2016-02-20 00:02 - 00000000 ____D C:\searchplugins
2016-01-28 09:25 - 2016-01-16 07:35 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 09:25 - 2016-01-16 07:33 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 09:25 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 09:25 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 09:25 - 2016-01-16 07:17 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 09:25 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 09:25 - 2016-01-16 07:04 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 09:25 - 2016-01-16 07:03 - 00364168 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 09:25 - 2016-01-16 06:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 09:25 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 09:25 - 2016-01-16 06:35 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 09:25 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 09:25 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 09:25 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 09:25 - 2016-01-16 06:30 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 09:25 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 09:25 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 09:25 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 09:25 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 09:25 - 2016-01-16 06:22 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 09:25 - 2016-01-16 06:22 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 09:25 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 01552896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00176128 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 09:25 - 2016-01-16 06:17 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 09:25 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 09:25 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 09:25 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 09:24 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 09:24 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 09:24 - 2016-01-16 06:31 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 09:24 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 09:24 - 2016-01-16 06:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-25 03:21 - 2016-01-25 03:21 - 00984682 _____ C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 10:13 - 2015-09-06 21:17 - 00001190 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-24 10:12 - 2015-12-10 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-24 10:12 - 2015-10-30 06:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-24 10:10 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-24 09:55 - 2015-12-01 11:12 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-24 09:36 - 2015-09-06 21:17 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-23 20:15 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\rescache
2016-02-23 19:41 - 2016-01-22 18:06 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-02-23 19:41 - 2016-01-17 22:10 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-23 19:41 - 2015-12-10 14:26 - 00001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-23 19:41 - 2015-09-26 08:22 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-02-23 19:41 - 2015-09-06 21:14 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-23 19:40 - 2016-01-24 00:30 - 00001187 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-02-23 19:40 - 2016-01-22 20:04 - 00002413 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-23 19:40 - 2015-11-30 00:00 - 00001640 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 4.0.1.0.lnk
2016-02-23 19:40 - 2015-11-29 18:08 - 00001272 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2016-02-23 19:40 - 2015-11-29 14:07 - 00001051 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-02-23 19:40 - 2015-09-22 13:07 - 00001315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-02-23 19:09 - 2015-09-06 21:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-23 18:26 - 2015-12-03 23:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-23 09:48 - 2015-10-30 06:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-22 22:22 - 2015-11-23 10:20 - 00000000 ____D C:\Users\ES\Desktop\Aktuell
2016-02-22 21:43 - 2015-10-30 06:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 21:41 - 2015-10-30 06:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-22 21:41 - 2015-10-04 09:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-22 21:39 - 2015-09-06 20:34 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-22 11:19 - 2015-10-30 06:47 - 00000000 ____D C:\WINDOWS\INF
2016-02-22 11:13 - 2015-12-10 14:19 - 03095098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-22 11:13 - 2015-12-10 13:56 - 00833460 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-22 11:13 - 2015-12-10 13:56 - 00173692 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00905156 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00199808 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-22 00:45 - 2015-09-06 21:30 - 00000000 ___RD C:\Users\ES\Dropbox
2016-02-22 00:44 - 2015-09-06 21:17 - 00000000 ____D C:\Users\ES\AppData\Local\Dropbox
2016-02-21 23:55 - 2015-12-01 18:24 - 00000000 ____D C:\Users\ES\AppData\Local\CrashDumps
2016-02-19 18:12 - 2015-12-10 14:20 - 00000000 ____D C:\Users\ES
2016-02-19 17:59 - 2015-12-12 22:32 - 00000000 ____D C:\ProgramData\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Users\ES\AppData\Roaming\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Program Files\IObit
2016-02-18 10:05 - 2015-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-02-17 13:11 - 2015-09-22 09:56 - 00000000 ____D C:\Users\ES\AppData\Roaming\MyPhoneExplorer
2016-02-17 07:20 - 2015-09-06 21:17 - 00000000 ____D C:\Program Files\Dropbox
2016-02-12 19:32 - 2016-01-14 14:34 - 00000000 ____D C:\Users\ES\AppData\Local\Adobe
2016-02-12 19:24 - 2015-09-19 20:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-12 18:57 - 2016-01-14 01:29 - 00000000 ____D C:\ProgramData\Oracle
2016-02-12 18:56 - 2016-01-14 01:30 - 00000000 ____D C:\Users\ES\.oracle_jre_usage
2016-02-12 18:55 - 2016-01-14 15:28 - 00000000 ____D C:\Program Files\Java
2016-02-11 21:47 - 2015-11-29 14:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 21:43 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:32 - 2015-10-30 06:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 18:32 - 2015-09-06 19:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 18:27 - 2015-09-06 19:39 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 22:23 - 2015-12-05 21:36 - 00000000 ____D C:\Users\ES\Documents\Camtasia Studio
2016-02-04 13:24 - 2015-09-12 17:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-03 20:01 - 2015-10-30 06:49 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-01 13:06 - 2015-11-29 14:03 - 00000000 ____D C:\Users\ES\AppData\Local\Packages
2016-02-01 13:02 - 2015-11-09 16:13 - 00000000 ____D C:\Program Files\QuickTime
2016-02-01 12:58 - 2015-10-30 06:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-01 12:31 - 2016-01-14 14:06 - 00000000 ____D C:\AdwCleaner
2016-01-31 18:54 - 2016-01-23 23:28 - 00000000 ____D C:\Users\ES\AppData\Local\RezeptSuite
2016-01-31 09:52 - 2016-01-22 19:46 - 00000490 __RSH C:\ProgramData\ntuser.pol
2016-01-30 10:11 - 2016-01-18 17:09 - 00000000 ____D C:\Users\ES\Documents\OneNote-Notizbücher
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-29 11:53 - 2015-11-29 14:12 - 00000000 ___RD C:\Users\ES\OneDrive
==================== Files in the root of some directories =======
2016-01-31 20:09 - 2016-02-07 22:10 - 0004608 _____ () C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-22 11:48 - 2016-02-22 11:48 - 0000001 _____ () C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-01-25 03:21 - 2016-01-25 03:21 - 0984682 _____ () C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
2015-10-11 15:18 - 2015-10-11 15:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-12 22:54 - 2015-12-12 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-29 23:59 - 2015-12-21 10:30 - 0019535 _____ () C:\ProgramData\empty.ico
2015-09-22 13:00 - 2015-09-23 23:10 - 0003945 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\ES\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-22 11:30
==================== End of FRST.txt ===========================
Und die andere Datei: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by ES (2016-02-24 10:29:02)
Running from C:\Users\ES\Downloads
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-10 13:41:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1867245428-2212190316-3825727470-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867245428-2212190316-3825727470-503 - Limited - Disabled)
ES (S-1-5-21-1867245428-2212190316-3825727470-1001 - Administrator - Enabled) => C:\Users\ES
HomeGroupUser$ (S-1-5-21-1867245428-2212190316-3825727470-1002 - Limited - Enabled)
Invitado (S-1-5-21-1867245428-2212190316-3825727470-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1867245428-2212190316-3825727470-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D1500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ExtremeCopy (HKLM\...\{23D6630B-7538-483B-8B27-6452AE3BA628}) (Version: 1.00.0000 - Easersoft)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
HMA! Pro VPN 2.8.24.0 (HKLM\...\HMA! Pro VPN) (Version: 2.8.24.0 - Privax Ltd)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{DB8B599D-2BD5-493C-ABC1-FEE980129D19}) (Version: 13.0 - HP)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{65314850-703E-4544-91CF-CB62131E28D2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.6.4 (HKLM\...\Kochbuch_is1) (Version: 2.6.4 - Flo & Seb Engineering)
Kylook Sync for Outlook Addin 2.4.4 (HKLM\...\{AD0574C4-BDA0-4AF8-BAC6-323BA548B2BB}) (Version: 2.40.4000 - Kylook GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.0.5895 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Panel de control de NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PowerArchiver 2010 (HKLM\...\{F3B19B7C-0125-4044-85D3-D72364295CCA}) (Version: 11.63.12 - ConeXware, Inc.)
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D3F7F0-6EDC-46F2-BF67-070AD6658F4A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {030E8311-6141-4C18-B3FD-19AA96B3C2F6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {09185214-E58F-49B3-9718-5F5134B978B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1CEDCEC5-6356-406E-99CA-E43447122DF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {280C32B4-BC64-472E-AA00-8CF96DE49CC2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29E27BA6-040B-4D47-B63B-04A95A0C6774} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DE35621-6141-4B65-9362-A32D4A79D14A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32D1C905-E04C-410D-A5B2-6E0F3FA4AC8F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {34EAE6F1-88B9-447B-B16C-FA4E63C1698E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C23AA26-3AD0-48E8-85A5-A8AB6FF22E15} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {425AF687-7A73-44DD-95C6-A637144EB522} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {509E797C-58E4-4E09-99CF-B2A6E8BBC481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {581B2914-F4CA-4AC4-98FC-F7ED70A4670A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {5CF7FAC9-43FB-4FB9-92B9-9341FBEB9AC0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {67198D53-CB2C-4631-BFC9-699943CE101E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1867245428-2212190316-3825727470-1001
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77B68C8E-3605-44F1-8372-90CD76D0F92D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {798CFD23-77BC-4700-B066-490F17F815D2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {875B83AE-0693-41EB-8395-0A613C3CE67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88C2375C-CB6B-4372-B744-70414C6CFCF0} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
Task: {8D0DE38A-BED6-40F4-B286-4BDE2791DDB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8E99770E-AE9E-4601-B306-CC78E1B06CBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {977FF5F9-441C-4E07-A9CA-8EC870EC09CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {9CB42367-75C8-424A-A3DA-1FF0DA77ECD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A5C523DF-266B-4C1E-8205-BDCD611FF094} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0537A83-1E7C-4EF0-B82F-5FE949141574} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C9F769-594B-4FD9-B96C-AC8EA6E24473} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {B8F06183-DCBF-4467-B60E-AC1FFCF49EAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0FF4EC1-E798-4159-8C42-932A65791212} - System32\Tasks\{5A1CB7D9-D066-4A98-B74D-617497213FCE} => pcalua.exe -a "C:\Program Files\HMA! Pro VPN\Uninstall.exe"
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7A4106A-E62F-4E87-A966-872B5EC9BD3B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C97824D2-046A-493F-B3B8-1756DC4271DE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CBE0BED0-D424-4316-9DCC-C98D32BC2708} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {D8111B21-A0CB-46BE-8311-587D3FC7D117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D932F5E0-7387-4773-AC5C-A066572FE14B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCDCAD91-FA26-4996-AD8F-89B90F08725B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5367C37-8B51-48DC-AD07-1D62A0836264} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF765DB1-B9D5-49A8-9348-5653DCC34A1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5C22478-EB3C-4C38-BBCA-FDFE7BA609B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 06:44 - 2015-10-30 06:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 14:14 - 2015-10-13 17:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-01-22 17:52 - 2016-02-04 05:26 - 00144576 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-23 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-23 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-23 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 21:52 - 2016-01-21 21:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 21:07 - 2015-12-07 05:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 21:07 - 2015-12-07 04:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 00:31 - 2016-01-05 02:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:31 - 2016-01-05 02:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:25 - 2016-01-16 06:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:25 - 2016-01-16 06:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:B66E5745
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-15 14:29 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ES\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bg1.png
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q342HP05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Dropbox"
HKLM\...\StartupApproved\Run: => "SDTray"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{878D0376-AAFD-49C5-BCEC-59D536E5D065}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3899561B-70E9-427D-A283-9834889E5260}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CED344FE-6CE7-47BD-84E9-325B2466D1BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{048BDEA8-53E3-47EF-BC37-34EF6B80327F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A371D0C-A1DA-4157-81E6-8C85C726FD2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EDEB89AC-713F-4ED4-94E3-620D16461B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD8774A4-6BC9-4855-ACAE-65D0CD175F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3FBE786-F560-4551-AC41-ACF685C34254}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACEEC36D-96F6-479B-AC38-CE177D246F47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD39CC7-FD43-46AA-8922-DAA15AD9BE48}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{1DDB82A7-F75B-4884-B2EA-2BF83A085464}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{BD757584-5237-475B-9925-A93728B3FF1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D2690F28-4F27-4642-94FB-56B3CFD24A24}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7F92F5A9-CAAD-47B1-8249-0B018D24C173}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6E8518D4-C330-4461-9861-6114EB2A8624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D1457DF7-2FD9-4F13-A5F3-85044186DC2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F0C8EDB6-A643-4382-AD38-099E137AEE07}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AA8E40E6-360F-4292-86A9-9B69C6D37540}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B19A5B0D-6F51-474C-B105-CC47D02A40C8}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{EB13E10C-B2E3-49C7-B567-80B702C2C04B}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{398F2915-A41E-4637-BC99-C11EB6FBD58B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FB117515-837D-4265-92B2-40A3B5F8BC8A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0300D242-1824-466E-A199-01C59BDC4843}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{772E0335-9C24-422D-83CD-EF90D00E2A30}] => (Allow) LPort=5357
FirewallRules: [{7AD450D7-7199-4217-A6A2-1E44F20316AE}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{598D8397-D04A-47FD-87C1-19E93532E54A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB8A5DA3-F58E-4E21-9E62-BA6ECD418BCF}] => (Allow) LPort=2869
FirewallRules: [{9B9BC86C-0630-4AF8-9945-8411419E2C2C}] => (Allow) LPort=1900
FirewallRules: [{DD806805-B6D5-4B74-92EC-1425AB8D03F2}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
22-02-2016 00:25:15 Installed Paragon Partition Manager™ 2014 Free.
23-02-2016 10:44:28 Installed ExtremeCopy.
23-02-2016 19:12:30 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2016 07:12:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 05:38:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ES-PC)
Description: Das Paket „Microsoft.Windows.Photos_16.201.11370.0_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/23/2016 10:44:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 09:47:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ES-PC)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009280. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/22/2016 09:01:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 09:01:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 09:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:20:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:18:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
System errors:
=============
Error: (02/24/2016 10:13:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/24/2016 10:12:57 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/23/2016 07:13:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetMsmqActivator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetMsmqActivator erreicht.
Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetPipeActivator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
CodeIntegrity:
===================================
Date: 2016-02-22 23:46:20.857
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-22 21:40:41.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-22 11:31:23.631
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-21 01:36:10.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-20 09:48:44.216
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-20 00:01:52.367
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-20 00:01:52.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 21:47:04.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-10 22:24:51.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-09 22:53:09.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 39%
Total physical RAM: 3066.73 MB
Available physical RAM: 1845.13 MB
Total Virtual: 6138.73 MB
Available Virtual: 4806.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:296.16 GB) (Free:179.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.48 GB) (Free:0.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F188FF0C)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=05)
Partition 2: (Active) - (Size=296.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
|
|
24.02.2016, 10:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lavasoft Web Companion - werde es allein nicht los moin  musst dich nicht entschuldigen, es waren nur Hinweise, deswegen ist hier niemand verärgert Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!
__________________ --> Lavasoft Web Companion - werde es allein nicht los |
|
24.02.2016, 18:21
| #7 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, vielen Dank für die freundliche Antwort. Leider habe ich nur noch 2 logfiles (JRT und ESETS), die anderen habe ich gelöscht - Idiot! Ich sende es wieder als Code... Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x86
Ran by ES (Administrator) on 23.02.2016 at 19:12:27,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Failed to delete: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job (Task)
Successfully deleted: C:\Program Files\lavasoft\web companion (Folder)
Successfully deleted: C:\WINDOWS\prefetch\POWARC116312-FREE.EXE-003E8BFB.pf (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.02.2016 at 19:15:12,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0879b951f8c58c419f1dd4bf286324cb
# end=init
# utc_time=2016-02-23 09:02:30
# local_time=2016-02-23 10:02:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28269
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0879b951f8c58c419f1dd4bf286324cb
# end=updated
# utc_time=2016-02-23 09:46:10
# local_time=2016-02-23 10:46:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0879b951f8c58c419f1dd4bf286324cb
# engine=28269
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-24 12:05:58
# local_time=2016-02-24 01:05:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28011 10092083 0 0
# scanned=237203
# found=12
# cleaned=11
# scan_time=8388
sh=277CF466D8E7EFF1E59552191BB3323E78789E97 ft=1 fh=c71c0011af8bafee vn="Variante von Win32/Adware.Adposhel.A Anwendung" ac=I fn="C:\Users\All Users\f568f502\c826d67a.dll"
sh=84093467014EE5F577456C210D2369735E094E3A ft=1 fh=83f4773317d54569 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1867245428-2212190316-3825727470-1001\$R28VM69.exe"
sh=1715A449C058968BBD7068F64E3AB8F09306FA89 ft=1 fh=7ccbe0befa16063e vn="Variante von MSIL/MyPCBackup.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\OLBPre\OLBPre.exe.vir"
sh=0E523ECC14E218051E63A9D18AA3A75FB228D986 ft=1 fh=1b01a05abcca77ed vn="Variante von Win32/Adware.CouponMarvel.U Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\IIFKWRHK32.dll.vir"
sh=135F3090DDFA1803B25C7CA1B7D70A4657CF5077 ft=1 fh=6778d26e88a364f2 vn="Variante von Win32/Adware.CouponMarvel.Q Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\NSISHelper.dll.vir"
sh=7A25898EBE1DC489752BC615620E64D3D8A0B36E ft=1 fh=4d3c316109d55ce6 vn="Variante von Win32/Adware.CouponMarvel.Q.gen Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\uninstall.exe.vir"
sh=277CF466D8E7EFF1E59552191BB3323E78789E97 ft=1 fh=c71c0011af8bafee vn="Variante von Win32/Adware.Adposhel.A Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\ProgramData\f568f502\c826d67a.dll"
sh=2C04767C4DC7778F8B9CE16359EE3D687FE54E4B ft=1 fh=27646bdbe06902ab vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\AppData\Local\Temp\7zS394E\Optional\HP_IPG_Toolbar_installer.exe"
sh=25EFC5F0778A51028FF49B40816F17F841C166E7 ft=1 fh=b79ba7112d2a946c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\AppData\Local\Temp\DMR\dmr_72.exe"
sh=4CE14671B6635B010E0D497A02272C44B3582263 ft=1 fh=a0ec4620f4486628 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht)" ac=C fn="C:\Users\ES\Downloads\EN4500_198.exe"
sh=1E005B640F0F9B1F5E76097A43288F5450D184D0 ft=1 fh=02992d5159953ad7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\Downloads\ExtremeCopy - CHIP-Installer.exe"
sh=26B9D456E7AE71AB96B83713184D9CCE0CCB7250 ft=1 fh=7f568c6779c14406 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
Geändert von evapro (24.02.2016 um 18:26 Uhr) |
|
25.02.2016, 09:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lavasoft Web Companion - werde es allein nicht los Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2016, 14:51
| #9 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, habe alles so gemacht, wie Du gesagt hast. AdwCleaner hat nix gefunden und daher gabs keinen Neustart und keine logfiles. Die beiden anderen sind hier: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x86
Ran by ES (Administrator) on 25.02.2016 at 14:41:53,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Failed to delete: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2016 at 14:43:08,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-02-2016
Ran by ES (administrator) on ES-PC (25-02-2016 14:45:45)
Running from C:\Users\ES\Desktop
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14688512 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\WINDOWS\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [HP ENVY 4500 series (NET) #2] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{1dc105ae-8e87-4360-af98-5bbd70b5caf2}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{463066ba-d45a-4f4c-8d6d-426a499e0e30}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{4c6fab08-4c81-474e-9dea-1e2ec6279925}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{66490054-2ee0-424b-b4eb-f1c0a080123b}: [DhcpNameServer] 82.163.143.171
Internet Explorer:
==================
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ES\AppData\Roaming\Mozilla\Firefox\Profiles\yokyqeli.default-1455898717427
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-29] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-09-22] [not signed]
FF HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1926896 2016-02-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2015-03-17] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [218784 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-12-05] (Paragon Software Group)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-12-12] (REALiX(tm))
S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [24848 2011-05-06] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-10-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-12-19] (Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2014-07-30] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-25 14:45 - 2016-02-25 14:46 - 00013792 _____ C:\Users\ES\Desktop\FRST.txt
2016-02-25 14:44 - 2016-02-25 14:45 - 01722368 _____ (Farbar) C:\Users\ES\Desktop\FRST.exe
2016-02-25 14:41 - 2016-02-25 14:41 - 01609216 _____ (Malwarebytes) C:\Users\ES\Desktop\JRT.exe
2016-02-25 14:31 - 2016-02-25 14:31 - 01511936 _____ C:\Users\ES\Desktop\AdwCleaner_5.036.exe
2016-02-24 23:42 - 2016-02-25 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-24 22:33 - 2016-02-24 22:33 - 00000063 _____ C:\Users\ES\Desktop\ziegelbau.txt
2016-02-24 10:51 - 2016-02-24 10:52 - 00000000 ____D C:\Users\ES\Desktop\Kü
2016-02-24 10:19 - 2016-02-24 10:32 - 201900432 _____ (AVAST Software) C:\Users\ES\Downloads\avast_free_antivirus_setup.exe
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:15 - 2016-02-25 14:43 - 00000608 _____ C:\Users\ES\Desktop\JRT.txt
2016-02-23 18:18 - 2016-02-23 19:41 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-23 18:18 - 2016-02-23 18:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2016-02-23 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtremeCopy
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\Program Files\Easersoft
2016-02-23 01:24 - 2016-02-23 01:24 - 00000017 _____ C:\Users\ES\Desktop\Fehler 0x80070570.txt
2016-02-22 11:48 - 2016-02-22 11:48 - 00000001 _____ C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2016-02-22 11:11 - 2016-02-22 11:11 - 00042764 ____H C:\WINDOWS\TempFDB.fdb
2016-02-22 11:06 - 2016-02-22 11:07 - 00000000 ____D C:\Program Files\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\ConeXware
2016-02-22 00:26 - 2016-02-22 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2014 Free
2016-02-21 23:52 - 2016-02-21 23:54 - 00000000 ____D C:\Users\ES\Desktop\USB
2016-02-20 10:00 - 2016-02-25 14:45 - 00000000 ____D C:\FRST
2016-02-19 23:15 - 2016-02-19 23:15 - 00000000 ____D C:\Users\ES\AppData\Roaming\dlg
2016-02-19 23:13 - 2016-02-23 19:14 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-19 23:13 - 2016-02-20 00:32 - 00000000 ____D C:\Users\ES\AppData\Roaming\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\Users\ES\AppData\Local\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-19 23:12 - 2016-02-20 00:32 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\launcher
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\formatpart
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\explauncher
2016-02-19 18:18 - 2016-02-19 18:18 - 00000000 ____D C:\Program Files\Paragon Software
2016-02-19 16:22 - 2016-02-24 01:03 - 00000000 ____D C:\ProgramData\f568f502
2016-02-19 16:21 - 2013-12-05 13:34 - 00027464 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2016-02-17 07:20 - 2016-02-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 01:40 - 2016-02-14 01:40 - 00000228 _____ C:\Users\ES\Desktop\neu mix.txt
2016-02-13 12:48 - 2016-02-13 12:48 - 00002373 _____ C:\Users\ES\Desktop\kü.txt
2016-02-12 19:34 - 2016-02-12 19:34 - 00000000 ____D C:\Users\ES\AppData\Roaming\NVIDIA
2016-02-12 19:32 - 2016-02-25 14:14 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-12 18:57 - 2016-02-12 18:57 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-12 18:56 - 2016-02-12 18:56 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-02-12 18:56 - 2016-02-12 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 18:13 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 05798240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 01560848 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 18:13 - 2016-01-27 07:15 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 18:13 - 2016-01-27 07:12 - 00279376 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 18:13 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 18:13 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 18:13 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 18:13 - 2016-01-27 06:47 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 18:13 - 2016-01-27 06:47 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 18:13 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 18:13 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 18:13 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 18:13 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 18:13 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 18:13 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 18:13 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 18:13 - 2016-01-27 05:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 18:13 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 18:13 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 18:13 - 2016-01-27 05:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 18:13 - 2016-01-27 05:51 - 01903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 13:24 - 2016-02-05 13:24 - 00051480 _____ C:\Users\ES\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 10:17 - 2016-02-01 10:57 - 00000000 ____D C:\Users\ES\Documents\My Music
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\ES\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TuneClone
2016-01-31 23:42 - 2016-01-31 23:42 - 00000000 ____D C:\Users\ES\AppData\Local\Apple Computer
2016-01-31 23:38 - 2016-02-01 13:00 - 00000000 ____D C:\Users\ES\AppData\Roaming\Anvsoft
2016-01-31 23:38 - 2016-01-31 23:38 - 00000000 ____D C:\Users\ES\Documents\Any Audio Converter
2016-01-31 23:05 - 2016-02-01 09:52 - 00000000 ____D C:\Users\ES\AppData\Roaming\Apple Computer
2016-01-31 23:02 - 2016-01-31 23:02 - 00000000 ____D C:\Users\ES\AppData\Local\Apple
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\Users\ES\AppData\LocalLow\Apple Computer
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\ProgramData\Apple
2016-01-31 22:31 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TEMP
2016-01-31 22:30 - 2011-05-06 23:29 - 00024848 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\lmvac.sys
2016-01-31 20:09 - 2016-02-07 22:10 - 00004608 _____ C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-31 18:57 - 2016-01-31 18:59 - 00000000 ____D C:\Users\ES\Documents\PA
2016-01-31 16:50 - 2016-01-31 16:50 - 00000000 ____D C:\Users\ES\AppData\Local\ElevatedDiagnostics
2016-01-31 14:58 - 2016-01-31 14:58 - 00000000 ____D C:\Users\ES\AppData\Roaming\Flo & Seb Engineering
2016-01-31 14:57 - 2016-02-23 19:40 - 00001038 _____ C:\Users\ES\Desktop\Kochbuch.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kochbuch
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\Program Files\Kochbuch
2016-01-31 14:49 - 2016-02-20 00:02 - 00000000 ____D C:\searchplugins
2016-01-28 09:25 - 2016-01-16 07:35 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 09:25 - 2016-01-16 07:33 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 09:25 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 09:25 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 09:25 - 2016-01-16 07:17 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 09:25 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 09:25 - 2016-01-16 07:04 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 09:25 - 2016-01-16 07:03 - 00364168 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 09:25 - 2016-01-16 06:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 09:25 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 09:25 - 2016-01-16 06:35 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 09:25 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 09:25 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 09:25 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 09:25 - 2016-01-16 06:30 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 09:25 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 09:25 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 09:25 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 09:25 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 09:25 - 2016-01-16 06:22 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 09:25 - 2016-01-16 06:22 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 09:25 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 01552896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00176128 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 09:25 - 2016-01-16 06:17 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 09:25 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 09:25 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 09:25 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 09:24 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 09:24 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 09:24 - 2016-01-16 06:31 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 09:24 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 09:24 - 2016-01-16 06:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-25 14:39 - 2016-01-14 14:06 - 00000000 ____D C:\AdwCleaner
2016-02-25 14:36 - 2015-09-06 21:17 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-25 14:29 - 2015-12-10 14:20 - 00000000 ____D C:\Users\ES
2016-02-25 13:49 - 2015-09-06 21:17 - 00001190 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-25 08:14 - 2015-09-06 21:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-24 22:34 - 2015-12-10 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-24 22:33 - 2015-10-30 06:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-24 10:12 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppCompat
2016-02-24 10:10 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-24 09:55 - 2015-12-01 11:12 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 20:15 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\rescache
2016-02-23 19:41 - 2016-01-22 18:06 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-02-23 19:41 - 2016-01-17 22:10 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-23 19:41 - 2015-12-10 14:26 - 00001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-23 19:41 - 2015-09-26 08:22 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-02-23 19:41 - 2015-09-06 21:14 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-23 19:40 - 2016-01-24 00:30 - 00001187 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-02-23 19:40 - 2016-01-22 20:04 - 00002413 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-23 19:40 - 2015-11-30 00:00 - 00001640 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 4.0.1.0.lnk
2016-02-23 19:40 - 2015-11-29 18:08 - 00001272 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2016-02-23 19:40 - 2015-11-29 14:07 - 00001051 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-02-23 19:40 - 2015-09-22 13:07 - 00001315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-02-23 18:26 - 2015-12-03 23:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-23 09:48 - 2015-10-30 06:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-22 22:22 - 2015-11-23 10:20 - 00000000 ____D C:\Users\ES\Desktop\Aktuell
2016-02-22 21:43 - 2015-10-30 06:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 21:41 - 2015-10-30 06:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-22 21:41 - 2015-10-04 09:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-22 21:39 - 2015-09-06 20:34 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-22 11:19 - 2015-10-30 06:47 - 00000000 ____D C:\WINDOWS\INF
2016-02-22 11:13 - 2015-12-10 14:19 - 03095098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-22 11:13 - 2015-12-10 13:56 - 00833460 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-22 11:13 - 2015-12-10 13:56 - 00173692 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00905156 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00199808 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-22 00:45 - 2015-09-06 21:30 - 00000000 ___RD C:\Users\ES\Dropbox
2016-02-22 00:44 - 2015-09-06 21:17 - 00000000 ____D C:\Users\ES\AppData\Local\Dropbox
2016-02-21 23:55 - 2015-12-01 18:24 - 00000000 ____D C:\Users\ES\AppData\Local\CrashDumps
2016-02-19 17:59 - 2015-12-12 22:32 - 00000000 ____D C:\ProgramData\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Users\ES\AppData\Roaming\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Program Files\IObit
2016-02-18 10:05 - 2015-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-02-17 13:11 - 2015-09-22 09:56 - 00000000 ____D C:\Users\ES\AppData\Roaming\MyPhoneExplorer
2016-02-17 07:20 - 2015-09-06 21:17 - 00000000 ____D C:\Program Files\Dropbox
2016-02-12 19:32 - 2016-01-14 14:34 - 00000000 ____D C:\Users\ES\AppData\Local\Adobe
2016-02-12 19:24 - 2015-09-19 20:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-12 18:57 - 2016-01-14 01:29 - 00000000 ____D C:\ProgramData\Oracle
2016-02-12 18:56 - 2016-01-14 01:30 - 00000000 ____D C:\Users\ES\.oracle_jre_usage
2016-02-12 18:55 - 2016-01-14 15:28 - 00000000 ____D C:\Program Files\Java
2016-02-11 21:47 - 2015-11-29 14:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 21:43 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:32 - 2015-10-30 06:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 18:32 - 2015-09-06 19:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 18:27 - 2015-09-06 19:39 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 22:23 - 2015-12-05 21:36 - 00000000 ____D C:\Users\ES\Documents\Camtasia Studio
2016-02-04 13:24 - 2015-09-12 17:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-03 20:01 - 2015-10-30 06:49 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-01 13:06 - 2015-11-29 14:03 - 00000000 ____D C:\Users\ES\AppData\Local\Packages
2016-02-01 13:02 - 2015-11-09 16:13 - 00000000 ____D C:\Program Files\QuickTime
2016-02-01 12:58 - 2015-10-30 06:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-31 18:54 - 2016-01-23 23:28 - 00000000 ____D C:\Users\ES\AppData\Local\RezeptSuite
2016-01-31 09:52 - 2016-01-22 19:46 - 00000490 __RSH C:\ProgramData\ntuser.pol
2016-01-30 10:11 - 2016-01-18 17:09 - 00000000 ____D C:\Users\ES\Documents\OneNote-Notizbücher
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-29 11:53 - 2015-11-29 14:12 - 00000000 ___RD C:\Users\ES\OneDrive
==================== Files in the root of some directories =======
2016-01-31 20:09 - 2016-02-07 22:10 - 0004608 _____ () C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-22 11:48 - 2016-02-22 11:48 - 0000001 _____ () C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-01-25 03:21 - 2016-01-25 03:21 - 0984682 _____ () C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
2015-10-11 15:18 - 2015-10-11 15:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-12 22:54 - 2015-12-12 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-29 23:59 - 2015-12-21 10:30 - 0019535 _____ () C:\ProgramData\empty.ico
2015-09-22 13:00 - 2015-09-23 23:10 - 0003945 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-22 11:30
==================== End of FRST.txt ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version:24-02-2016
Ran by ES (2016-02-25 14:46:57)
Running from C:\Users\ES\Desktop
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-10 13:41:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1867245428-2212190316-3825727470-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867245428-2212190316-3825727470-503 - Limited - Disabled)
ES (S-1-5-21-1867245428-2212190316-3825727470-1001 - Administrator - Enabled) => C:\Users\ES
HomeGroupUser$ (S-1-5-21-1867245428-2212190316-3825727470-1002 - Limited - Enabled)
Invitado (S-1-5-21-1867245428-2212190316-3825727470-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1867245428-2212190316-3825727470-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D1500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
ExtremeCopy (HKLM\...\{23D6630B-7538-483B-8B27-6452AE3BA628}) (Version: 1.00.0000 - Easersoft)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
HMA! Pro VPN 2.8.24.0 (HKLM\...\HMA! Pro VPN) (Version: 2.8.24.0 - Privax Ltd)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{DB8B599D-2BD5-493C-ABC1-FEE980129D19}) (Version: 13.0 - HP)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{65314850-703E-4544-91CF-CB62131E28D2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.6.4 (HKLM\...\Kochbuch_is1) (Version: 2.6.4 - Flo & Seb Engineering)
Kylook Sync for Outlook Addin 2.4.4 (HKLM\...\{AD0574C4-BDA0-4AF8-BAC6-323BA548B2BB}) (Version: 2.40.4000 - Kylook GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.0.5897 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Panel de control de NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PowerArchiver 2010 (HKLM\...\{F3B19B7C-0125-4044-85D3-D72364295CCA}) (Version: 11.63.12 - ConeXware, Inc.)
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D3F7F0-6EDC-46F2-BF67-070AD6658F4A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {030E8311-6141-4C18-B3FD-19AA96B3C2F6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {09185214-E58F-49B3-9718-5F5134B978B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1CEDCEC5-6356-406E-99CA-E43447122DF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {280C32B4-BC64-472E-AA00-8CF96DE49CC2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29E27BA6-040B-4D47-B63B-04A95A0C6774} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DE35621-6141-4B65-9362-A32D4A79D14A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32D1C905-E04C-410D-A5B2-6E0F3FA4AC8F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {34EAE6F1-88B9-447B-B16C-FA4E63C1698E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {425AF687-7A73-44DD-95C6-A637144EB522} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {509E797C-58E4-4E09-99CF-B2A6E8BBC481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {581B2914-F4CA-4AC4-98FC-F7ED70A4670A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {5CF7FAC9-43FB-4FB9-92B9-9341FBEB9AC0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {67198D53-CB2C-4631-BFC9-699943CE101E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1867245428-2212190316-3825727470-1001
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77B68C8E-3605-44F1-8372-90CD76D0F92D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {798CFD23-77BC-4700-B066-490F17F815D2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {875B83AE-0693-41EB-8395-0A613C3CE67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88C2375C-CB6B-4372-B744-70414C6CFCF0} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
Task: {8D0DE38A-BED6-40F4-B286-4BDE2791DDB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8E99770E-AE9E-4601-B306-CC78E1B06CBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {977FF5F9-441C-4E07-A9CA-8EC870EC09CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {9CB42367-75C8-424A-A3DA-1FF0DA77ECD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A5C523DF-266B-4C1E-8205-BDCD611FF094} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0537A83-1E7C-4EF0-B82F-5FE949141574} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C9F769-594B-4FD9-B96C-AC8EA6E24473} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {B8F06183-DCBF-4467-B60E-AC1FFCF49EAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0FF4EC1-E798-4159-8C42-932A65791212} - System32\Tasks\{5A1CB7D9-D066-4A98-B74D-617497213FCE} => pcalua.exe -a "C:\Program Files\HMA! Pro VPN\Uninstall.exe"
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7A4106A-E62F-4E87-A966-872B5EC9BD3B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C97824D2-046A-493F-B3B8-1756DC4271DE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CA3B8A64-B426-4277-8968-3E11E7379918} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {CBE0BED0-D424-4316-9DCC-C98D32BC2708} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {D8111B21-A0CB-46BE-8311-587D3FC7D117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D932F5E0-7387-4773-AC5C-A066572FE14B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCDCAD91-FA26-4996-AD8F-89B90F08725B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5367C37-8B51-48DC-AD07-1D62A0836264} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF765DB1-B9D5-49A8-9348-5653DCC34A1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5C22478-EB3C-4C38-BBCA-FDFE7BA609B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-22 17:52 - 2016-02-04 05:26 - 00144576 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-23 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-23 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-23 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-30 06:44 - 2015-10-30 06:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 21:52 - 2016-01-21 21:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-13 00:31 - 2016-01-05 02:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:31 - 2016-01-05 02:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:25 - 2016-01-16 06:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:25 - 2016-01-16 06:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 21:07 - 2015-12-07 05:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 21:07 - 2015-12-07 04:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-10 14:14 - 2015-10-13 17:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:B66E5745
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-15 14:29 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ES\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bg1.png
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q342HP05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Dropbox"
HKLM\...\StartupApproved\Run: => "SDTray"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{878D0376-AAFD-49C5-BCEC-59D536E5D065}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3899561B-70E9-427D-A283-9834889E5260}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CED344FE-6CE7-47BD-84E9-325B2466D1BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{048BDEA8-53E3-47EF-BC37-34EF6B80327F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A371D0C-A1DA-4157-81E6-8C85C726FD2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EDEB89AC-713F-4ED4-94E3-620D16461B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD8774A4-6BC9-4855-ACAE-65D0CD175F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3FBE786-F560-4551-AC41-ACF685C34254}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACEEC36D-96F6-479B-AC38-CE177D246F47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD39CC7-FD43-46AA-8922-DAA15AD9BE48}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{1DDB82A7-F75B-4884-B2EA-2BF83A085464}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{BD757584-5237-475B-9925-A93728B3FF1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D2690F28-4F27-4642-94FB-56B3CFD24A24}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7F92F5A9-CAAD-47B1-8249-0B018D24C173}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6E8518D4-C330-4461-9861-6114EB2A8624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D1457DF7-2FD9-4F13-A5F3-85044186DC2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F0C8EDB6-A643-4382-AD38-099E137AEE07}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AA8E40E6-360F-4292-86A9-9B69C6D37540}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B19A5B0D-6F51-474C-B105-CC47D02A40C8}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{EB13E10C-B2E3-49C7-B567-80B702C2C04B}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{398F2915-A41E-4637-BC99-C11EB6FBD58B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FB117515-837D-4265-92B2-40A3B5F8BC8A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0300D242-1824-466E-A199-01C59BDC4843}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{772E0335-9C24-422D-83CD-EF90D00E2A30}] => (Allow) LPort=5357
FirewallRules: [{7AD450D7-7199-4217-A6A2-1E44F20316AE}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{598D8397-D04A-47FD-87C1-19E93532E54A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB8A5DA3-F58E-4E21-9E62-BA6ECD418BCF}] => (Allow) LPort=2869
FirewallRules: [{9B9BC86C-0630-4AF8-9945-8411419E2C2C}] => (Allow) LPort=1900
FirewallRules: [{DD806805-B6D5-4B74-92EC-1425AB8D03F2}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
22-02-2016 00:25:15 Installed Paragon Partition Manager™ 2014 Free.
23-02-2016 10:44:28 Installed ExtremeCopy.
23-02-2016 19:12:30 JRT Pre-Junkware Removal
25-02-2016 14:41:57 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/25/2016 02:42:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 07:12:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 05:38:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ES-PC)
Description: Das Paket „Microsoft.Windows.Photos_16.201.11370.0_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/23/2016 10:44:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/23/2016 09:47:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ES-PC)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009280. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/22/2016 09:01:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 09:01:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 09:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
Error: (02/22/2016 12:20:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.
System Error:
Acceso denegado.
.
System errors:
=============
Error: (02/25/2016 02:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/25/2016 09:21:08 AM) (Source: DCOM) (EventID: 10010) (User: ES-PC)
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}
Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.
CodeIntegrity:
===================================
Date: 2016-02-22 23:46:20.857
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-22 21:40:41.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-22 11:31:23.631
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-21 01:36:10.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-20 09:48:44.216
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-20 00:01:52.367
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-20 00:01:52.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-11 21:47:04.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-10 22:24:51.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-09 22:53:09.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 34%
Total physical RAM: 3066.73 MB
Available physical RAM: 2007.11 MB
Total Virtual: 6138.73 MB
Available Virtual: 5002.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:296.16 GB) (Free:179.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.48 GB) (Free:0.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F188FF0C)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=05)
Partition 2: (Active) - (Size=296.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
|
|
25.02.2016, 15:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lavasoft Web Companion - werde es allein nicht los FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job
C:\ProgramData\f568f502
C:\ProgramData\Service0561
C:\PROGRA~1\FAST-S~1
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2016, 19:11
| #11 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, hier ist das Resultat: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version:24-02-2016
Ran by ES (2016-02-25 19:05:36) Run:1
Running from C:\Users\ES\Desktop
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL =
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job
C:\ProgramData\f568f502
C:\ProgramData\Service0561
C:\PROGRA~1\FAST-S~1
emptytemp:
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => value removed successfully.
"HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04E321E3-0141-4CAE-8219-997C219B497E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E321E3-0141-4CAE-8219-997C219B497E}" => key removed successfully.
C:\Windows\System32\Tasks\gte3014 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gte3014" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05ABFBE0-9AC1-4323-A66F-70EC31F6D35A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05ABFBE0-9AC1-4323-A66F-70EC31F6D35A}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RCMCAIDBF1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18739273-EC5A-4463-A50E-00150ED9CBBD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18739273-EC5A-4463-A50E-00150ED9CBBD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{453038AD-0B4A-4B86-B099-3C505CD5511E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{453038AD-0B4A-4B86-B099-3C505CD5511E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BBC85C1-A5C1-4027-8B19-1BD45D1371E6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BBC85C1-A5C1-4027-8B19-1BD45D1371E6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D121365-AE81-448B-911D-B5D714D702E0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D121365-AE81-448B-911D-B5D714D702E0}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF945AC-3DEC-4A1E-8FED-D942312EDFB9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF945AC-3DEC-4A1E-8FED-D942312EDFB9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8576A135-928A-46CA-9E0D-DDCA26E330FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8576A135-928A-46CA-9E0D-DDCA26E330FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E2D6B22-692C-4E23-99E2-F7B3ABAF241C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E2D6B22-692C-4E23-99E2-F7B3ABAF241C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F37512F-D003-4B0D-9716-F4EFCE8DB13F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F37512F-D003-4B0D-9716-F4EFCE8DB13F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C321E8A1-2648-4194-860B-9FB332FE9232}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C321E8A1-2648-4194-860B-9FB332FE9232}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E98CF94E-9AA0-400E-9694-303504958AA2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E98CF94E-9AA0-400E-9694-303504958AA2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => moved successfully
"C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job" => not found.
C:\ProgramData\f568f502 => moved successfully
"C:\ProgramData\Service0561" => not found.
"C:\PROGRA~1\FAST-S~1" => not found.
EmptyTemp: => 956.4 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:06:51 ====
|
|
25.02.2016, 22:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lavasoft Web Companion - werde es allein nicht los Okay, dann Kontrollscans mit MBAM und SC bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2016, 10:33
| #13 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, hier die Ergebnisse von mbam und security check: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 26.02.2016 Suchlaufzeit: 10:13 Protokolldatei: mbm.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.26.03 Rootkit-Datenbank: v2016.02.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x86 Dateisystem: NTFS Benutzer: ES Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 387167 Abgelaufene Zeit: 15 Min., 5 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Results of screen317's Security Check version 1.009 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 8 Update 73 Java version 32-bit out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 20.0.0.306 Mozilla Firefox (45.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` |
|
26.02.2016, 10:40
| #14 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lavasoft Web Companion - werde es allein nicht losZitat:
 1. Spybot ist wirkungsloses Geraffel 2. Java wird nur noch in Spezialfällen benötigt, ich glaub minecraft (?) braucht das 3. Flashplayer 10 was macht der denn da???Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2016, 11:15
| #15 |
| | Lavasoft Web Companion - werde es allein nicht los Hallo, werde spybot sofort deinstallieren. Java wurde mir im Zuge von Webseitengestaltung als nötig eingeredet und den Flashplayer hole ich mir immer von der Adobe Seite. Habe auch Angst, dass meine externen Laufwerke eventuell befallen sind. Ein USB Stick läßt sich nicht um die Burg beschreiben, eine externe Festplatte von Toshiba scheint okay zu sein. Kann ich mit denen auch einen Virenscan machen? Liebe Grüße evapro Nachtrag: alle 3 deinstalliert! Geändert von evapro (26.02.2016 um 11:59 Uhr) |
|
| Themen zu Lavasoft Web Companion - werde es allein nicht los |
| adwcleaner, andere, betriebssystem, dankbar, einträge, gelöscht, gesetzt, hilfe, hilfe!, lavasoft, lavasoft web companion, malwarebytes, möglichen, möglicherweise, nicht, programme, registry, schädlinge, schädlingssoftware, träge, virenprogramme, web, web companion, win |
Linear-Darstellung
