| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werde Browser Hijacker (Safefinder) auf Firefox nicht los.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.04.2016, 22:33
| #1 |
 |  Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Ich habe mir den Safefinder-Hijacker bei unachtsamer Freeware-Installation eingefangen. FRST, MBAM, AdvCleaner, und Junkware habe ich in dieser Reihenfolge bereits ausgeführt. Leider leitet Firefox immer noch über eine fremde Startseite (feed.snapdo.com) um. Ich komme jetzt nicht mehr weiter und brauche eure Hilfe. Hier sind die Scans in obiger Reihenfolge: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
durchgeführt von Regina (Administrator) auf KELLER-PC (17-04-2016 16:24:03)
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\ProgramData\Graveair\Graveair.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\DNS Unlocker\dnspillow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [Dropbox Update] => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
AppInit_DLLs: C:\ProgramData\Graveair\K-lux.dll => Keine Datei
AppInit_DLLs-x32: C:\ProgramData\Graveair\RunNix.dll => C:\ProgramData\Graveair\RunNix.dll [257536 2016-03-05] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\..\Interfaces\{1F742A42-6343-45CD-B58C-A37185B72A30}: [NameServer] 82.163.143.144,82.163.142.146
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {FA56DABC-FA5C-432F-8305-1DB5F303655D} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151111&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default
FF NewTab: C:\\ProgramData\\Graveairs\\ff.NT
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxps://de.search.yahoo.com/search?fr=mcafee&type=A111DE0&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\findit.xml [2016-03-05]
FF SearchPlugin: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\McSiteAdvisor.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09]
FF Extension: DownThemAll! - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: WEB.DE MailCheck - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\mailcheck@web.de [2015-12-16]
FF Extension: Adblock Plus - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-13] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-18]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-18]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [764416 2016-03-05] () [Datei ist nicht signiert]
R2 Graveair; C:\ProgramData\\Graveair\\Graveair.exe [764416 2016-03-05] () [Datei ist nicht signiert]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2016-02-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-17 16:24 - 2016-04-17 16:24 - 00020529 _____ C:\Users\Regina\Desktop\FRST.txt
2016-04-17 16:23 - 2016-04-17 16:24 - 00000000 ____D C:\FRST
2016-04-17 16:11 - 2016-04-17 16:00 - 02375168 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2016-04-17 13:19 - 2016-04-16 18:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Regina\Desktop\revosetup95.exe
2016-04-17 13:18 - 2016-04-16 18:45 - 01610352 _____ (Malwarebytes) C:\Users\Regina\Desktop\JRT.exe
2016-04-17 13:18 - 2016-04-16 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\Regina\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-17 13:18 - 2016-04-16 18:39 - 03677760 _____ C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
2016-04-15 17:44 - 2016-04-15 17:44 - 00282856 _____ C:\windows\Minidump\041516-33515-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-17 16:20 - 2014-06-01 22:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 16:11 - 2014-04-28 15:56 - 00440562 _____ C:\windows\system32\perfh014.dat
2016-04-17 16:11 - 2014-04-28 15:56 - 00076716 _____ C:\windows\system32\perfc014.dat
2016-04-17 16:11 - 2014-04-28 13:38 - 00764340 _____ C:\windows\system32\perfh007.dat
2016-04-17 16:11 - 2014-04-28 13:38 - 00159160 _____ C:\windows\system32\perfc007.dat
2016-04-17 16:11 - 2014-03-18 17:26 - 02291150 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-17 16:11 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-04-17 15:59 - 2015-06-13 09:48 - 00001248 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job
2016-04-17 13:46 - 2014-05-29 13:05 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3771097824-1906411585-235964679-1002
2016-04-17 13:12 - 2014-05-29 13:07 - 00000000 __RDO C:\Users\Regina\OneDrive
2016-04-15 20:09 - 2014-05-29 12:58 - 00000000 ____D C:\Users\Regina
2016-04-15 17:46 - 2016-03-05 16:32 - 00000000 ____D C:\ProgramData\Graveair
2016-04-15 17:45 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-04-15 17:44 - 2015-08-09 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-15 17:44 - 2014-09-03 21:37 - 793586938 _____ C:\windows\MEMORY.DMP
2016-04-15 17:44 - 2014-09-03 21:37 - 00000000 ____D C:\windows\Minidump
2016-04-15 17:44 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-15 17:44 - 2013-08-22 16:44 - 00387440 _____ C:\windows\system32\FNTCACHE.DAT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
2016-03-05 16:32 - 2016-03-05 16:32 - 0848437 _____ () C:\Users\Regina\AppData\Roaming\Whitefan.bin
2014-05-07 17:22 - 2014-05-07 17:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppscwtk.dll
C:\Users\Regina\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Regina\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Regina\AppData\Local\Temp\tmp3049.exe
C:\Users\Regina\AppData\Local\Temp\tmp67F7.exe
C:\Users\Regina\AppData\Local\Temp\tmpE862.exe
C:\Users\Regina\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Regina\AppData\Local\Temp\_is8320.exe
C:\Users\Regina\AppData\Local\Temp\_is908C.exe
C:\Users\Regina\AppData\Local\Temp\_isA1B4.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-17 13:46
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-04-2016
durchgeführt von Regina (2016-04-17 16:24:43)
Gestartet von C:\Users\Regina\Desktop
Windows 8.1 (X64) (2014-05-29 10:58:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3771097824-1906411585-235964679-500 - Administrator - Disabled)
Gast (S-1-5-21-3771097824-1906411585-235964679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3771097824-1906411585-235964679-1004 - Limited - Enabled)
Regina (S-1-5-21-3771097824-1906411585-235964679-1002 - Administrator - Enabled) => C:\Users\Regina
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-5490CN (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3910 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ACHTUNG
Dropbox (HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.3.1 - CM&V)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.171 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
SafeFinder (HKLM-x32\...\{7163DACB-8DCA-4318-B729-353A83ED3C59}) (Version: 1.0.0.0 - Linkury) <==== ACHTUNG
Silhouette Studio (HKLM-x32\...\{85E3BB6E-39E3-491F-B8E0-60BF11F48471}) (Version: 3.3.638 - Silhouette America)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16D9D28F-6824-4C1E-8A25-7CCA4D1C5BF6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {29B48724-AB0E-4166-9B44-3C79FED9765C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2CE01BEC-63D0-407E-9BEA-B7E88F2F29F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {4C07A135-B508-4ED2-B2B1-CF12124D354A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {50342E5B-CF36-43E7-A21B-69A529320C58} - System32\Tasks\DNSPILLOW => dnspillow.exe <==== ACHTUNG
Task: {9E27F967-2BE2-46B3-96FD-4C0F31162698} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C7460098-8594-4ECB-B7B8-90C64290223F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-02-11] (Microsoft Corporation)
Task: {DA993FD8-9032-419D-B2D7-5C02E50BCE15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.aldi-essen.de
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-17 22:55 - 2014-04-17 22:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-05 16:32 - 2016-03-05 16:32 - 00764416 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 00764416 _____ () C:\ProgramData\Graveair\Graveair.exe
2014-05-08 09:20 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-24 23:04 - 2005-04-22 13:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-06-24 23:05 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-17 23:29 - 2014-04-17 23:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-03-05 16:32 - 2016-02-25 11:50 - 00677376 _____ () C:\Program Files (x86)\DNS Unlocker\dnspillow.exe
2015-12-12 16:34 - 2016-01-12 20:44 - 00034768 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-22 16:39 - 2016-01-12 20:45 - 00019408 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-02-22 16:39 - 2016-01-12 20:44 - 00116688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 16:34 - 2016-01-12 20:44 - 00093640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 16:34 - 2016-01-12 20:44 - 00018376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 16:34 - 2016-02-16 20:39 - 00019760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00105928 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-02-22 16:39 - 2016-01-12 20:44 - 00392144 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 16:34 - 2016-02-16 20:39 - 00381752 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 16:34 - 2016-01-12 20:44 - 00692688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00020816 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 16:34 - 2016-01-12 20:45 - 00112592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 01682760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00020808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 16:34 - 2016-02-16 20:39 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 16:34 - 2016-02-16 20:39 - 00021840 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00038696 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-02-22 16:39 - 2016-01-12 20:46 - 00020936 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00024528 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00114640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00124880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00021832 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00175560 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00030160 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00043472 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00028616 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00048592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00026456 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00057808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00117056 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00024392 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-22 16:39 - 2016-01-12 20:47 - 00036296 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 16:34 - 2016-02-16 20:39 - 00023376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 16:34 - 2016-01-12 20:44 - 00134608 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-02-22 16:39 - 2016-01-12 20:44 - 00134088 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-22 16:39 - 2016-01-12 20:45 - 00240584 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00052024 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00021824 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00019776 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00020280 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00350152 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00022352 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00084792 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-02-22 16:39 - 2016-02-16 20:39 - 01826096 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 16:34 - 2016-01-12 20:45 - 00083912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\sip.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 03928880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 01971504 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00531248 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00132912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00223544 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00207672 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00158008 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00042808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-22 16:39 - 2016-01-12 20:49 - 00017864 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-22 16:39 - 2016-01-12 20:49 - 01631184 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 16:34 - 2016-02-16 20:39 - 00024904 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2014-06-24 23:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{82C57A89-E0E9-436E-A004-3B41AB398FF3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E7FB244F-0022-40A0-B0B6-83F6DE5AC5C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FFC0F777-525B-4416-8BC1-E5B95DBB29E8}] => (Allow) LPort=2869
FirewallRules: [{7444B070-8E08-48C8-A0B1-22DE9F908422}] => (Allow) LPort=1900
FirewallRules: [{F53BA5DE-0D68-4F14-AB21-2229668848B1}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{879BE00D-DCDB-42F3-90C1-D34493024AA6}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D71416C0-B215-4AE9-87AB-251D4A21BDD0}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F6AEF13-D68B-43FB-B373-E2AF4E41912F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F9EC1EF5-1491-4631-BD3C-D77C202A98B8}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{75FA3425-7E27-44E7-9123-01232BF5C16B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{BC5FACDA-4AAA-4C05-A727-2098486A2305}] => (Allow) LPort=54925
FirewallRules: [{F0703D0A-9258-4978-8C15-C680E9FCDC4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9778E8B-235E-4223-902C-54618C45CEB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D174CBCC-C3A1-404E-AABA-7ABB9C84B5EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCFDC947-D6D3-4B3E-85E5-D9A4114D3030}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5868ED3-11F4-422B-B5E6-2AC8ED12652D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9798F09E-0165-4961-A4CE-E090F48820C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E99815-7E71-420D-B056-647682BED2AD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{342E946C-1251-45F8-970B-C47F640C2FE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F1B6BE8-8F34-4B8D-8653-F01D69370E3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3BEC659E-6C3E-4386-B761-59520357EA4A}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [UDP Query User{7DB3A14D-9501-4BBC-83FD-A6F322CEFB9C}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{C68CFB00-7AB8-4788-AF23-366C3A50812C}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EC2FE292-DE32-434F-ADDD-BA30862E4365}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
==================== Wiederherstellungspunkte =========================
20-03-2016 07:55:13 Geplanter Prüfpunkt
17-04-2016 13:51:21 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/17/2016 03:05:42 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
Error: (04/17/2016 03:05:42 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
Error: (04/17/2016 02:20:30 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
Error: (04/17/2016 01:19:59 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (04/17/2016 01:08:41 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
Error: (04/17/2016 01:08:41 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
Error: (04/15/2016 08:09:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14813
Error: (04/15/2016 08:09:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14813
Error: (04/15/2016 08:09:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/15/2016 08:09:35 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
Systemfehler:
=============
Error: (04/17/2016 01:13:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/15/2016 06:23:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/15/2016 05:44:12 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT-AUTORITÄT)
Description: 32212254731129808
Error: (04/15/2016 05:44:51 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff6a80006a1f0, 0x0000000000000000, 0xfffff800c892080a, 0x0000000000000002)C:\windows\MEMORY.DMP041516-33515-01
Error: (04/15/2016 05:44:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.03.2016 um 06:27:46 unerwartet heruntergefahren.
Error: (03/20/2016 06:55:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/19/2016 06:17:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/18/2016 05:38:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/17/2016 03:47:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/16/2016 06:39:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
CodeIntegrity:
===================================
Date: 2014-09-09 20:06:30.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-09 20:05:52.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:23:28.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:25.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:16.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:49.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:24.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 3948.49 MB
Verfügbarer physikalischer RAM: 2357.75 MB
Summe virtueller Speicher: 7916.49 MB
Verfügbarer virtueller Speicher: 5742.38 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:1801.31 GB) (Free:1631.59 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.64 GB) NTFS
Drive g: () (Removable) (Total:3.73 GB) (Free:1.75 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.04.2016 Suchlaufzeit: 17:48 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.02.16.06 Rootkit-Datenbank: v2016.02.08.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Regina Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346053 Abgelaufene Zeit: 6 Min., 57 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 3 Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, 5632, Löschen bei Neustart, [32340d54712878be2f1654898180966a] PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, 1864, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e] PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, 5632, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 13 PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, In Quarantäne, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, In Quarantäne, [a9bd4d14fe9bb086c2eb19ff7d8725db], PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, In Quarantäne, [d78fbea30c8d39fda70b4e08f113fd03], PUP.Optional.ClousdScout.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSPILLOW, In Quarantäne, [0d590e538f0a5adc62445f9abe44867a], PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, In Quarantäne, [26400b561683b18579405fb86c9844bc], PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, In Quarantäne, [aabcf36e1b7ed85e9d1053c5d133c23e], PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, In Quarantäne, [5115075a6c2d93a36864ba1021e2c937], PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, In Quarantäne, [bda988d9a8f1df578c26f066cd37dd23], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, In Quarantäne, [b2b44918b7e287afcdec7d9a6c9851af], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7163DACB-8DCA-4318-B729-353A83ED3C59}, In Quarantäne, [491dbba6c0d9b97ddb9b6f7f26dd6e92], PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, In Quarantäne, [e77fe27fbddcae8826af4bab30d23bc5], PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [303631303b5ed462f3abae4ee41ea15f], PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], Registrierungswerte: 11 PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, In Quarantäne, [5115075a6c2d93a36864ba1021e2c937] PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [d492b9a8663353e3d3faae1c9c67eb15] PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [8ed894cde9b056e09f2f11b9ca391de3] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7163DACB-8DCA-4318-B729-353A83ED3C59}|Publisher, Linkury, In Quarantäne, [491dbba6c0d9b97ddb9b6f7f26dd6e92] PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|ImagePath, C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a, In Quarantäne, [471fd190772267cf795ee67930d44ab6] Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{1F742A42-6343-45CD-B58C-A37185B72A30}|NameServer, 82.163.143.144,82.163.142.146, In Quarantäne, [dc8a5c059bfeec4a2d30fc5ac341fa06] PUP.Optional.Linkury, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\ENVIRONMENT|SNF, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [35311d44a0f943f36df2c72747bc23dd] PUP.Optional.Linkury, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\ENVIRONMENT|SNP, hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFCovus&co=DE&userid=948f8e3b-d848-439f-3bd7-05a5c4adeacb&searchtype=sc&installDate=05.03.2016&barcodeid=50036003&channelid=3&av=windows, In Quarantäne, [ea7c530e574286b0134d8d617e85fe02] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [303631303b5ed462f3abae4ee41ea15f] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [34321150e3b65bdbc307ab1fc1427789] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [6402bba6e5b45dd9dcef8a4041c29a66] Registrierungsdaten: 8 PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Graveair\RunNix.dll, Gut: (), Schlecht: (C:\ProgramData\Graveair\RunNix.dll),Ersetzt,[cb9b64fdf3a661d5e1411bbe857c738d] PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[acba075a584176c0614b33b3877dd62a] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[174f3c25b3e61d194066974f1aea45bb] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,),Ersetzt,[2c3a362b811816208027ae3842c27a86] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[cd99144d1f7a2412584e7d696d9701ff] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[71f56ff27920092d703642a420e4de22] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[600686dbbadfcb6b297f20c61ce859a7] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[5e08471a1a7f04328128cc1a36ce18e8] Ordner: 3 PUP.Optional.Linkury, C:\ProgramData\CloudPrinter, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], Dateien: 29 Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, Löschen bei Neustart, [32340d54712878be2f1654898180966a], PUP.Optional.Linkury, C:\ProgramData\Graveair\RunNix.dll, In Quarantäne, [cb9b64fdf3a661d5e1411bbe857c738d], PUP.Optional.Linkury, C:\ProgramData\Graveair\Overdax.exe, In Quarantäne, [32347ce5b6e3e056130ef9e031d0867a], PUP.Optional.Linkury, C:\ProgramData\Graveair\Unotough.exe, In Quarantäne, [80e60c559801f4428c97f7e2f60bd927], PUP.Optional.Linkury, C:\Users\Regina\AppData\Roaming\Whitefan.bin, In Quarantäne, [f86eeb76118853e397cb12cb40c4f10f], PUP.Optional.ClousdScout.BrwsrFlsh, C:\Windows\System32\Tasks\DNSPILLOW, In Quarantäne, [82e41b46c4d5f3434c586b8e8b779a66], PUP.Optional.Linkury.ShrtCln, C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\findit.xml, In Quarantäne, [0165c1a07524290db47d606cb74c748c], PUP.Optional.Linkury.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml, In Quarantäne, [94d2f26f7d1c79bdb87aca02e3207d83], PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\Config.xml, In Quarantäne, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\config.ini, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\DNSPILLOW.cer, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Info.rtf, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\License.rtf, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoBlack.ico, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoGreen.ico, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoYellow.ico, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Microsoft.Win32.TaskScheduler.dll, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\settings.ini, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.dat, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.exe, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs\ff.HP, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs\ff.NT, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], PUP.Optional.Linkury.ShrtCln, C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), Ersetzt,[1a4c5f02d8c1f343774fcb42ec1933cd] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.111 - Bericht erstellt am 17/04/2016 um 18:09:16
# Aktualisiert am 14/04/2016 von Xplode
# Datenbank : 2016-04-10.2 [Lokal]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Regina - KELLER-PC
# Gestartet von : C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
Dienst gefunden : CloudPrinter
***** [ Ordner ] *****
Ordner gefunden : C:\ProgramData\CloudPrinter
Ordner gefunden : C:\ProgramData\Application Data\CloudPrinter
Ordner gefunden : C:\Users\Regina\AppData\Local\Temp\OCS
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
Verknüpfung infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( %SNF% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( %SNP% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( %SNP% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( %SNP% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( %SNF% )
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Schlüssel gefunden : HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\OCS
***** [ Internetbrowser ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1783 Bytes] - [17/04/2016 18:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1856 Bytes] ##########
Code:
ATTFilter # AdwCleaner v5.111 - Bericht erstellt am 17/04/2016 um 18:14:00
# Aktualisiert am 14/04/2016 von Xplode
# Datenbank : 2016-04-10.2 [Lokal]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Regina - KELLER-PC
# Gestartet von : C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst gelöscht : CloudPrinter
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\ProgramData\CloudPrinter
[#] Ordner gelöscht : C:\ProgramData\Application Data\CloudPrinter
[-] Ordner gelöscht : C:\Users\Regina\AppData\Local\Temp\OCS
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1820 Bytes] - [17/04/2016 18:14:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [1939 Bytes] - [17/04/2016 18:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1966 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Regina (Administrator) on 17.04.2016 at 18:42:06,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Regina\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\extensions\mailcheck@web.de\searchplugins\mailcom-search.xml (File)
Deleted the following from C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\prefs.js
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.04.2016 at 18:43:28,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| Themen zu Werde Browser Hijacker (Safefinder) auf Firefox nicht los. |
| adware.cloudguard, askbar, dnsapi.dll, einstellungen, flash player, homepage, iexplore.exe, neustart, prozesse, pup.optional.cloudscout, pup.optional.clousdscout.brwsrflsh, pup.optional.dnsunlocker, pup.optional.dnsunlocker.brwsrflsh, pup.optional.linkury, pup.optional.linkury.shrtcln, safefinder virus entfernen, security, services.exe, siteadvisor, software, svchost.exe, trojan.dnschanger.dnsrst, webadvisor, win32/downloadguide.d, win32/downloadsponsor.a, win32/trojandropper.addrop.ac, winlogon.exe, wrapper |
Baum-Darstellung