| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werde Browser Hijacker (Safefinder) auf Firefox nicht los.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2016, 22:33
| #1 |
 |  Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Ich habe mir den Safefinder-Hijacker bei unachtsamer Freeware-Installation eingefangen. FRST, MBAM, AdvCleaner, und Junkware habe ich in dieser Reihenfolge bereits ausgeführt. Leider leitet Firefox immer noch über eine fremde Startseite (feed.snapdo.com) um. Ich komme jetzt nicht mehr weiter und brauche eure Hilfe. Hier sind die Scans in obiger Reihenfolge: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
durchgeführt von Regina (Administrator) auf KELLER-PC (17-04-2016 16:24:03)
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\ProgramData\Graveair\Graveair.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\DNS Unlocker\dnspillow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [Dropbox Update] => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
AppInit_DLLs: C:\ProgramData\Graveair\K-lux.dll => Keine Datei
AppInit_DLLs-x32: C:\ProgramData\Graveair\RunNix.dll => C:\ProgramData\Graveair\RunNix.dll [257536 2016-03-05] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\..\Interfaces\{1F742A42-6343-45CD-B58C-A37185B72A30}: [NameServer] 82.163.143.144,82.163.142.146
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {FA56DABC-FA5C-432F-8305-1DB5F303655D} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151111&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default
FF NewTab: C:\\ProgramData\\Graveairs\\ff.NT
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxps://de.search.yahoo.com/search?fr=mcafee&type=A111DE0&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\findit.xml [2016-03-05]
FF SearchPlugin: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\McSiteAdvisor.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09]
FF Extension: DownThemAll! - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: WEB.DE MailCheck - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\mailcheck@web.de [2015-12-16]
FF Extension: Adblock Plus - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-13] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-18]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-18]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [764416 2016-03-05] () [Datei ist nicht signiert]
R2 Graveair; C:\ProgramData\\Graveair\\Graveair.exe [764416 2016-03-05] () [Datei ist nicht signiert]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2016-02-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-17 16:24 - 2016-04-17 16:24 - 00020529 _____ C:\Users\Regina\Desktop\FRST.txt
2016-04-17 16:23 - 2016-04-17 16:24 - 00000000 ____D C:\FRST
2016-04-17 16:11 - 2016-04-17 16:00 - 02375168 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2016-04-17 13:19 - 2016-04-16 18:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Regina\Desktop\revosetup95.exe
2016-04-17 13:18 - 2016-04-16 18:45 - 01610352 _____ (Malwarebytes) C:\Users\Regina\Desktop\JRT.exe
2016-04-17 13:18 - 2016-04-16 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\Regina\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-17 13:18 - 2016-04-16 18:39 - 03677760 _____ C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
2016-04-15 17:44 - 2016-04-15 17:44 - 00282856 _____ C:\windows\Minidump\041516-33515-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-17 16:20 - 2014-06-01 22:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 16:11 - 2014-04-28 15:56 - 00440562 _____ C:\windows\system32\perfh014.dat
2016-04-17 16:11 - 2014-04-28 15:56 - 00076716 _____ C:\windows\system32\perfc014.dat
2016-04-17 16:11 - 2014-04-28 13:38 - 00764340 _____ C:\windows\system32\perfh007.dat
2016-04-17 16:11 - 2014-04-28 13:38 - 00159160 _____ C:\windows\system32\perfc007.dat
2016-04-17 16:11 - 2014-03-18 17:26 - 02291150 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-17 16:11 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-04-17 15:59 - 2015-06-13 09:48 - 00001248 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job
2016-04-17 13:46 - 2014-05-29 13:05 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3771097824-1906411585-235964679-1002
2016-04-17 13:12 - 2014-05-29 13:07 - 00000000 __RDO C:\Users\Regina\OneDrive
2016-04-15 20:09 - 2014-05-29 12:58 - 00000000 ____D C:\Users\Regina
2016-04-15 17:46 - 2016-03-05 16:32 - 00000000 ____D C:\ProgramData\Graveair
2016-04-15 17:45 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-04-15 17:44 - 2015-08-09 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-15 17:44 - 2014-09-03 21:37 - 793586938 _____ C:\windows\MEMORY.DMP
2016-04-15 17:44 - 2014-09-03 21:37 - 00000000 ____D C:\windows\Minidump
2016-04-15 17:44 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-15 17:44 - 2013-08-22 16:44 - 00387440 _____ C:\windows\system32\FNTCACHE.DAT
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
2016-03-05 16:32 - 2016-03-05 16:32 - 0848437 _____ () C:\Users\Regina\AppData\Roaming\Whitefan.bin
2014-05-07 17:22 - 2014-05-07 17:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppscwtk.dll
C:\Users\Regina\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Regina\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Regina\AppData\Local\Temp\tmp3049.exe
C:\Users\Regina\AppData\Local\Temp\tmp67F7.exe
C:\Users\Regina\AppData\Local\Temp\tmpE862.exe
C:\Users\Regina\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Regina\AppData\Local\Temp\_is8320.exe
C:\Users\Regina\AppData\Local\Temp\_is908C.exe
C:\Users\Regina\AppData\Local\Temp\_isA1B4.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-17 13:46
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-04-2016
durchgeführt von Regina (2016-04-17 16:24:43)
Gestartet von C:\Users\Regina\Desktop
Windows 8.1 (X64) (2014-05-29 10:58:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3771097824-1906411585-235964679-500 - Administrator - Disabled)
Gast (S-1-5-21-3771097824-1906411585-235964679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3771097824-1906411585-235964679-1004 - Limited - Enabled)
Regina (S-1-5-21-3771097824-1906411585-235964679-1002 - Administrator - Enabled) => C:\Users\Regina
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-5490CN (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3910 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ACHTUNG
Dropbox (HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.3.1 - CM&V)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.171 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
SafeFinder (HKLM-x32\...\{7163DACB-8DCA-4318-B729-353A83ED3C59}) (Version: 1.0.0.0 - Linkury) <==== ACHTUNG
Silhouette Studio (HKLM-x32\...\{85E3BB6E-39E3-491F-B8E0-60BF11F48471}) (Version: 3.3.638 - Silhouette America)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16D9D28F-6824-4C1E-8A25-7CCA4D1C5BF6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {29B48724-AB0E-4166-9B44-3C79FED9765C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2CE01BEC-63D0-407E-9BEA-B7E88F2F29F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {4C07A135-B508-4ED2-B2B1-CF12124D354A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {50342E5B-CF36-43E7-A21B-69A529320C58} - System32\Tasks\DNSPILLOW => dnspillow.exe <==== ACHTUNG
Task: {9E27F967-2BE2-46B3-96FD-4C0F31162698} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C7460098-8594-4ECB-B7B8-90C64290223F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-02-11] (Microsoft Corporation)
Task: {DA993FD8-9032-419D-B2D7-5C02E50BCE15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.aldi-essen.de
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-17 22:55 - 2014-04-17 22:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-05 16:32 - 2016-03-05 16:32 - 00764416 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 00764416 _____ () C:\ProgramData\Graveair\Graveair.exe
2014-05-08 09:20 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-24 23:04 - 2005-04-22 13:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-06-24 23:05 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-17 23:29 - 2014-04-17 23:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-03-05 16:32 - 2016-02-25 11:50 - 00677376 _____ () C:\Program Files (x86)\DNS Unlocker\dnspillow.exe
2015-12-12 16:34 - 2016-01-12 20:44 - 00034768 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-22 16:39 - 2016-01-12 20:45 - 00019408 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-02-22 16:39 - 2016-01-12 20:44 - 00116688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 16:34 - 2016-01-12 20:44 - 00093640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 16:34 - 2016-01-12 20:44 - 00018376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 16:34 - 2016-02-16 20:39 - 00019760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00105928 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-02-22 16:39 - 2016-01-12 20:44 - 00392144 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 16:34 - 2016-02-16 20:39 - 00381752 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 16:34 - 2016-01-12 20:44 - 00692688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00020816 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 16:34 - 2016-01-12 20:45 - 00112592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 01682760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00020808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 16:34 - 2016-02-16 20:39 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 16:34 - 2016-02-16 20:39 - 00021840 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00038696 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-02-22 16:39 - 2016-01-12 20:46 - 00020936 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00024528 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00114640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00124880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00021832 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00175560 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00030160 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00043472 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00028616 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00048592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00026456 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 16:34 - 2016-01-12 20:46 - 00057808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00117056 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00024392 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-22 16:39 - 2016-01-12 20:47 - 00036296 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 16:34 - 2016-02-16 20:39 - 00023376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 16:34 - 2016-01-12 20:44 - 00134608 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-02-22 16:39 - 2016-01-12 20:44 - 00134088 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-22 16:39 - 2016-01-12 20:45 - 00240584 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00052024 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00021824 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00019776 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-22 16:39 - 2016-02-16 20:38 - 00020280 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 16:34 - 2016-01-12 20:47 - 00350152 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 14:59 - 2016-02-16 20:39 - 00022352 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00084792 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-02-22 16:39 - 2016-02-16 20:39 - 01826096 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 16:34 - 2016-01-12 20:45 - 00083912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\sip.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 03928880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 01971504 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00531248 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00132912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00223544 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00207672 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00158008 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-22 16:39 - 2016-02-16 20:39 - 00042808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-22 16:39 - 2016-01-12 20:49 - 00017864 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-22 16:39 - 2016-01-12 20:49 - 01631184 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 16:34 - 2016-02-16 20:39 - 00024904 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2014-06-24 23:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{82C57A89-E0E9-436E-A004-3B41AB398FF3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E7FB244F-0022-40A0-B0B6-83F6DE5AC5C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FFC0F777-525B-4416-8BC1-E5B95DBB29E8}] => (Allow) LPort=2869
FirewallRules: [{7444B070-8E08-48C8-A0B1-22DE9F908422}] => (Allow) LPort=1900
FirewallRules: [{F53BA5DE-0D68-4F14-AB21-2229668848B1}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{879BE00D-DCDB-42F3-90C1-D34493024AA6}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D71416C0-B215-4AE9-87AB-251D4A21BDD0}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F6AEF13-D68B-43FB-B373-E2AF4E41912F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F9EC1EF5-1491-4631-BD3C-D77C202A98B8}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{75FA3425-7E27-44E7-9123-01232BF5C16B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{BC5FACDA-4AAA-4C05-A727-2098486A2305}] => (Allow) LPort=54925
FirewallRules: [{F0703D0A-9258-4978-8C15-C680E9FCDC4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9778E8B-235E-4223-902C-54618C45CEB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D174CBCC-C3A1-404E-AABA-7ABB9C84B5EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCFDC947-D6D3-4B3E-85E5-D9A4114D3030}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5868ED3-11F4-422B-B5E6-2AC8ED12652D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9798F09E-0165-4961-A4CE-E090F48820C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E99815-7E71-420D-B056-647682BED2AD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{342E946C-1251-45F8-970B-C47F640C2FE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F1B6BE8-8F34-4B8D-8653-F01D69370E3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3BEC659E-6C3E-4386-B761-59520357EA4A}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [UDP Query User{7DB3A14D-9501-4BBC-83FD-A6F322CEFB9C}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{C68CFB00-7AB8-4788-AF23-366C3A50812C}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EC2FE292-DE32-434F-ADDD-BA30862E4365}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
==================== Wiederherstellungspunkte =========================
20-03-2016 07:55:13 Geplanter Prüfpunkt
17-04-2016 13:51:21 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/17/2016 03:05:42 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
Error: (04/17/2016 03:05:42 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
Error: (04/17/2016 02:20:30 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
Error: (04/17/2016 01:19:59 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (04/17/2016 01:08:41 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
Error: (04/17/2016 01:08:41 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
Error: (04/15/2016 08:09:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14813
Error: (04/15/2016 08:09:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14813
Error: (04/15/2016 08:09:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/15/2016 08:09:35 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
Systemfehler:
=============
Error: (04/17/2016 01:13:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/15/2016 06:23:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/15/2016 05:44:12 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT-AUTORITÄT)
Description: 32212254731129808
Error: (04/15/2016 05:44:51 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff6a80006a1f0, 0x0000000000000000, 0xfffff800c892080a, 0x0000000000000002)C:\windows\MEMORY.DMP041516-33515-01
Error: (04/15/2016 05:44:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.03.2016 um 06:27:46 unerwartet heruntergefahren.
Error: (03/20/2016 06:55:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/19/2016 06:17:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/18/2016 05:38:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/17/2016 03:47:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (03/16/2016 06:39:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
CodeIntegrity:
===================================
Date: 2014-09-09 20:06:30.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-09 20:05:52.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:23:28.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:25.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:16.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:49.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:24.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 3948.49 MB
Verfügbarer physikalischer RAM: 2357.75 MB
Summe virtueller Speicher: 7916.49 MB
Verfügbarer virtueller Speicher: 5742.38 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:1801.31 GB) (Free:1631.59 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.64 GB) NTFS
Drive g: () (Removable) (Total:3.73 GB) (Free:1.75 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.04.2016 Suchlaufzeit: 17:48 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.02.16.06 Rootkit-Datenbank: v2016.02.08.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Regina Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346053 Abgelaufene Zeit: 6 Min., 57 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 3 Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, 5632, Löschen bei Neustart, [32340d54712878be2f1654898180966a] PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, 1864, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e] PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, 5632, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 13 PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, In Quarantäne, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, In Quarantäne, [a9bd4d14fe9bb086c2eb19ff7d8725db], PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, In Quarantäne, [d78fbea30c8d39fda70b4e08f113fd03], PUP.Optional.ClousdScout.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSPILLOW, In Quarantäne, [0d590e538f0a5adc62445f9abe44867a], PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, In Quarantäne, [26400b561683b18579405fb86c9844bc], PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, In Quarantäne, [aabcf36e1b7ed85e9d1053c5d133c23e], PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, In Quarantäne, [5115075a6c2d93a36864ba1021e2c937], PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, In Quarantäne, [bda988d9a8f1df578c26f066cd37dd23], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, In Quarantäne, [b2b44918b7e287afcdec7d9a6c9851af], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7163DACB-8DCA-4318-B729-353A83ED3C59}, In Quarantäne, [491dbba6c0d9b97ddb9b6f7f26dd6e92], PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, In Quarantäne, [e77fe27fbddcae8826af4bab30d23bc5], PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [303631303b5ed462f3abae4ee41ea15f], PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], Registrierungswerte: 11 PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, In Quarantäne, [5115075a6c2d93a36864ba1021e2c937] PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [d492b9a8663353e3d3faae1c9c67eb15] PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [8ed894cde9b056e09f2f11b9ca391de3] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7163DACB-8DCA-4318-B729-353A83ED3C59}|Publisher, Linkury, In Quarantäne, [491dbba6c0d9b97ddb9b6f7f26dd6e92] PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|ImagePath, C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a, In Quarantäne, [471fd190772267cf795ee67930d44ab6] Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{1F742A42-6343-45CD-B58C-A37185B72A30}|NameServer, 82.163.143.144,82.163.142.146, In Quarantäne, [dc8a5c059bfeec4a2d30fc5ac341fa06] PUP.Optional.Linkury, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\ENVIRONMENT|SNF, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [35311d44a0f943f36df2c72747bc23dd] PUP.Optional.Linkury, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\ENVIRONMENT|SNP, hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFCovus&co=DE&userid=948f8e3b-d848-439f-3bd7-05a5c4adeacb&searchtype=sc&installDate=05.03.2016&barcodeid=50036003&channelid=3&av=windows, In Quarantäne, [ea7c530e574286b0134d8d617e85fe02] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [303631303b5ed462f3abae4ee41ea15f] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [34321150e3b65bdbc307ab1fc1427789] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, In Quarantäne, [6402bba6e5b45dd9dcef8a4041c29a66] Registrierungsdaten: 8 PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Graveair\RunNix.dll, Gut: (), Schlecht: (C:\ProgramData\Graveair\RunNix.dll),Ersetzt,[cb9b64fdf3a661d5e1411bbe857c738d] PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[acba075a584176c0614b33b3877dd62a] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[174f3c25b3e61d194066974f1aea45bb] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,),Ersetzt,[2c3a362b811816208027ae3842c27a86] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[cd99144d1f7a2412584e7d696d9701ff] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[71f56ff27920092d703642a420e4de22] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}),Ersetzt,[600686dbbadfcb6b297f20c61ce859a7] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[5e08471a1a7f04328128cc1a36ce18e8] Ordner: 3 PUP.Optional.Linkury, C:\ProgramData\CloudPrinter, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], Dateien: 29 Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, Löschen bei Neustart, [32340d54712878be2f1654898180966a], PUP.Optional.Linkury, C:\ProgramData\Graveair\RunNix.dll, In Quarantäne, [cb9b64fdf3a661d5e1411bbe857c738d], PUP.Optional.Linkury, C:\ProgramData\Graveair\Overdax.exe, In Quarantäne, [32347ce5b6e3e056130ef9e031d0867a], PUP.Optional.Linkury, C:\ProgramData\Graveair\Unotough.exe, In Quarantäne, [80e60c559801f4428c97f7e2f60bd927], PUP.Optional.Linkury, C:\Users\Regina\AppData\Roaming\Whitefan.bin, In Quarantäne, [f86eeb76118853e397cb12cb40c4f10f], PUP.Optional.ClousdScout.BrwsrFlsh, C:\Windows\System32\Tasks\DNSPILLOW, In Quarantäne, [82e41b46c4d5f3434c586b8e8b779a66], PUP.Optional.Linkury.ShrtCln, C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\findit.xml, In Quarantäne, [0165c1a07524290db47d606cb74c748c], PUP.Optional.Linkury.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml, In Quarantäne, [94d2f26f7d1c79bdb87aca02e3207d83], PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Löschen bei Neustart, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\Config.xml, In Quarantäne, [372f90d1c4d57db99c39e57a32d2f20e], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\config.ini, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\DNSPILLOW.cer, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnspillow.exe, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Info.rtf, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\License.rtf, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoBlack.ico, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoGreen.ico, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoYellow.ico, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Microsoft.Win32.TaskScheduler.dll, Löschen bei Neustart, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\settings.ini, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.dat, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.exe, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll, In Quarantäne, [4422c39e8c0d171f0d7607ba8e746997], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs\ff.HP, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs\ff.NT, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [b4b2d58c98012e08210945c8ed189868], PUP.Optional.Linkury.ShrtCln, C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), Ersetzt,[1a4c5f02d8c1f343774fcb42ec1933cd] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.111 - Bericht erstellt am 17/04/2016 um 18:09:16
# Aktualisiert am 14/04/2016 von Xplode
# Datenbank : 2016-04-10.2 [Lokal]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Regina - KELLER-PC
# Gestartet von : C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
Dienst gefunden : CloudPrinter
***** [ Ordner ] *****
Ordner gefunden : C:\ProgramData\CloudPrinter
Ordner gefunden : C:\ProgramData\Application Data\CloudPrinter
Ordner gefunden : C:\Users\Regina\AppData\Local\Temp\OCS
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
Verknüpfung infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( %SNF% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( %SNP% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( %SNP% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( %SNP% )
Verknüpfung infiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( %SNF% )
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Schlüssel gefunden : HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\OCS
***** [ Internetbrowser ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1783 Bytes] - [17/04/2016 18:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1856 Bytes] ##########
Code:
ATTFilter # AdwCleaner v5.111 - Bericht erstellt am 17/04/2016 um 18:14:00
# Aktualisiert am 14/04/2016 von Xplode
# Datenbank : 2016-04-10.2 [Lokal]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Regina - KELLER-PC
# Gestartet von : C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst gelöscht : CloudPrinter
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\ProgramData\CloudPrinter
[#] Ordner gelöscht : C:\ProgramData\Application Data\CloudPrinter
[-] Ordner gelöscht : C:\Users\Regina\AppData\Local\Temp\OCS
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Verknüpfung desinfiziert : C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1820 Bytes] - [17/04/2016 18:14:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [1939 Bytes] - [17/04/2016 18:09:16]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1966 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Regina (Administrator) on 17.04.2016 at 18:42:06,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Regina\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\extensions\mailcheck@web.de\searchplugins\mailcom-search.xml (File)
Deleted the following from C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\prefs.js
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.04.2016 at 18:43:28,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
22.04.2016, 17:12
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Bitte frische Logs: Schritt 1   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ |
|
23.04.2016, 10:24
| #3 |
| | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Hallo Jürgen,
__________________ich freue mich, dass du mir hilfst. So jetzt kommen die frischen Scans: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
durchgeführt von Regina (Administrator) auf KELLER-PC (23-04-2016 11:14:15)
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\Graveair\Graveair.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [Dropbox Update] => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
AppInit_DLLs: C:\ProgramData\Graveair\DaltRon.dll => Keine Datei
AppInit_DLLs-x32: C:\ProgramData\Graveair\Dong-Hold.dll => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1F742A42-6343-45CD-B58C-A37185B72A30}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {FA56DABC-FA5C-432F-8305-1DB5F303655D} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151111&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-03] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default
FF NewTab: C:\\ProgramData\\Graveairs\\ff.NT
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxps://de.search.yahoo.com/search?fr=mcafee&type=A111DE0&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\McSiteAdvisor.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09]
FF Extension: DownThemAll! - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: WEB.DE MailCheck - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\mailcheck@web.de [2015-12-16]
FF Extension: Adblock Plus - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-13] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-17]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Graveair; C:\ProgramData\\Graveair\\Graveair.exe [764416 2016-03-05] () [Datei ist nicht signiert]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-21 22:04 - 2016-04-21 22:05 - 00000000 ____D C:\Users\Regina\Desktop\Scans
2016-04-17 19:45 - 2016-04-17 19:45 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-17 19:21 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-17 19:08 - 2016-04-17 19:08 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-17 18:47 - 2016-04-17 19:20 - 00000000 ____D C:\ProgramData\Graveairs
2016-04-17 18:43 - 2016-04-17 18:43 - 00000967 _____ C:\Users\Regina\Desktop\JRT.txt
2016-04-17 18:39 - 2016-04-17 18:39 - 00002052 _____ C:\Users\Regina\Desktop\AdwCleaner[C1].txt
2016-04-17 18:10 - 2016-04-17 18:10 - 00001942 _____ C:\Users\Regina\Desktop\AdwCleaner[S1].txt
2016-04-17 18:08 - 2016-04-17 18:14 - 00000000 ____D C:\AdwCleaner
2016-04-17 18:02 - 2016-04-17 18:02 - 00015975 _____ C:\Users\Regina\Desktop\mbam.txt
2016-04-17 17:46 - 2016-04-17 17:46 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-17 17:45 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-17 17:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-17 17:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-17 16:34 - 2016-04-17 16:34 - 00001284 _____ C:\Users\Regina\Desktop\Revo Uninstaller.lnk
2016-04-17 16:34 - 2016-04-17 16:34 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-17 16:34 - 2016-04-17 16:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-04-17 16:24 - 2016-04-23 11:14 - 00019886 _____ C:\Users\Regina\Desktop\FRST.txt
2016-04-17 16:24 - 2016-04-17 16:25 - 00038127 _____ C:\Users\Regina\Desktop\Addition.txt
2016-04-17 16:23 - 2016-04-23 11:14 - 00000000 ____D C:\FRST
2016-04-17 16:11 - 2016-04-17 16:00 - 02375168 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2016-04-17 13:19 - 2016-04-16 18:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Regina\Desktop\revosetup95.exe
2016-04-17 13:18 - 2016-04-16 18:45 - 01610352 _____ (Malwarebytes) C:\Users\Regina\Desktop\JRT.exe
2016-04-17 13:18 - 2016-04-16 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\Regina\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-17 13:18 - 2016-04-16 18:39 - 03677760 _____ C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
2016-04-15 17:44 - 2016-04-15 17:44 - 00282856 _____ C:\windows\Minidump\041516-33515-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 11:15 - 2014-05-29 13:05 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3771097824-1906411585-235964679-1002
2016-04-23 11:05 - 2014-05-29 13:07 - 00000000 __RDO C:\Users\Regina\OneDrive
2016-04-21 23:20 - 2014-06-01 22:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-21 22:59 - 2015-06-13 09:48 - 00001248 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job
2016-04-21 22:55 - 2014-05-29 18:17 - 00000000 ____D C:\Users\Regina\Documents\Andreas
2016-04-21 22:54 - 2014-04-28 15:56 - 00440562 _____ C:\windows\system32\perfh014.dat
2016-04-21 22:54 - 2014-04-28 15:56 - 00076716 _____ C:\windows\system32\perfc014.dat
2016-04-21 22:54 - 2014-04-28 13:38 - 00764340 _____ C:\windows\system32\perfh007.dat
2016-04-21 22:54 - 2014-04-28 13:38 - 00159160 _____ C:\windows\system32\perfc007.dat
2016-04-21 22:54 - 2014-03-18 17:26 - 02291150 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-21 22:54 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-04-21 22:00 - 2016-03-05 16:32 - 00000000 ____D C:\ProgramData\Graveair
2016-04-21 21:58 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-21 21:58 - 2013-08-22 16:44 - 00387440 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-17 22:39 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-04-17 22:38 - 2014-05-07 16:59 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-04-17 19:58 - 2014-06-02 14:04 - 00000000 ____D C:\windows\system32\MRT
2016-04-17 19:55 - 2014-04-24 18:12 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-17 19:55 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-04-17 19:46 - 2014-04-24 18:38 - 00000000 ____D C:\windows\Panther
2016-04-17 19:32 - 2016-02-17 17:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-17 19:21 - 2014-05-29 14:40 - 00000000 ___RD C:\Users\Regina\Dropbox
2016-04-17 19:20 - 2015-08-09 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-17 19:20 - 2014-05-29 14:21 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-17 19:20 - 2014-05-29 12:59 - 00001025 _____ C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 19:10 - 2015-08-09 20:29 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2016-04-17 19:10 - 2014-04-25 10:12 - 00000000 ____D C:\ProgramData\McAfee
2016-04-17 19:08 - 2014-05-29 14:37 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Dropbox
2016-04-17 19:04 - 2015-06-13 09:48 - 00000000 ____D C:\Users\Regina\AppData\Local\Dropbox
2016-04-17 18:15 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-04-15 20:09 - 2014-05-29 12:58 - 00000000 ____D C:\Users\Regina
2016-04-15 17:45 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-04-15 17:44 - 2014-09-03 21:37 - 793586938 _____ C:\windows\MEMORY.DMP
2016-04-15 17:44 - 2014-09-03 21:37 - 00000000 ____D C:\windows\Minidump
2016-04-05 23:53 - 2014-09-16 14:14 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-05 23:53 - 2014-09-16 14:14 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
2014-05-07 17:22 - 2014-05-07 17:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppscwtk.dll
C:\Users\Regina\AppData\Local\Temp\libeay32.dll
C:\Users\Regina\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Regina\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Regina\AppData\Local\Temp\msvcr120.dll
C:\Users\Regina\AppData\Local\Temp\sqlite3.dll
C:\Users\Regina\AppData\Local\Temp\tmp3049.exe
C:\Users\Regina\AppData\Local\Temp\tmp67F7.exe
C:\Users\Regina\AppData\Local\Temp\tmpE862.exe
C:\Users\Regina\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Regina\AppData\Local\Temp\_is8320.exe
C:\Users\Regina\AppData\Local\Temp\_is908C.exe
C:\Users\Regina\AppData\Local\Temp\_isA1B4.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-17 13:46
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-04-2016
durchgeführt von Regina (2016-04-23 11:15:26)
Gestartet von C:\Users\Regina\Desktop
Windows 8.1 (X64) (2014-05-29 10:58:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3771097824-1906411585-235964679-500 - Administrator - Disabled)
Gast (S-1-5-21-3771097824-1906411585-235964679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3771097824-1906411585-235964679-1004 - Limited - Enabled)
Regina (S-1-5-21-3771097824-1906411585-235964679-1002 - Administrator - Enabled) => C:\Users\Regina
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-5490CN (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3910 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Dropbox (HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.3.1 - CM&V)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.187 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Silhouette Studio (HKLM-x32\...\{85E3BB6E-39E3-491F-B8E0-60BF11F48471}) (Version: 3.3.638 - Silhouette America)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16D9D28F-6824-4C1E-8A25-7CCA4D1C5BF6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {29B48724-AB0E-4166-9B44-3C79FED9765C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2CE01BEC-63D0-407E-9BEA-B7E88F2F29F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {4C07A135-B508-4ED2-B2B1-CF12124D354A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {50342E5B-CF36-43E7-A21B-69A529320C58} - \DNSPILLOW -> Keine Datei <==== ACHTUNG
Task: {61701E3A-D242-4631-9AD4-E0109FCA2065} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\windows\system32\MRT.exe [2016-04-17] (Microsoft Corporation)
Task: {B45D8F60-29AB-481B-B6DD-D1F7C36AB7DF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C7460098-8594-4ECB-B7B8-90C64290223F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-04-17] (Microsoft Corporation)
Task: {DA993FD8-9032-419D-B2D7-5C02E50BCE15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.aldi-essen.de
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-17 22:55 - 2014-04-17 22:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-05 16:32 - 2016-03-05 16:32 - 00764416 _____ () C:\ProgramData\Graveair\Graveair.exe
2014-05-08 09:20 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-24 23:04 - 2005-04-22 13:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-06-24 23:05 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-17 23:29 - 2014-04-17 23:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-12-12 16:34 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-17 19:07 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-17 19:07 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 16:34 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 16:34 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 16:34 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-17 19:07 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 16:34 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 16:34 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 16:34 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 16:34 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-17 19:07 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 16:34 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 16:34 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-17 19:07 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-17 19:07 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-17 19:07 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-17 19:07 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-17 19:07 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 16:34 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-17 19:07 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-17 19:07 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 16:34 - 2016-04-08 20:20 - 00024904 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2014-06-24 23:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{82C57A89-E0E9-436E-A004-3B41AB398FF3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E7FB244F-0022-40A0-B0B6-83F6DE5AC5C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FFC0F777-525B-4416-8BC1-E5B95DBB29E8}] => (Allow) LPort=2869
FirewallRules: [{7444B070-8E08-48C8-A0B1-22DE9F908422}] => (Allow) LPort=1900
FirewallRules: [{F53BA5DE-0D68-4F14-AB21-2229668848B1}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{879BE00D-DCDB-42F3-90C1-D34493024AA6}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D71416C0-B215-4AE9-87AB-251D4A21BDD0}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F6AEF13-D68B-43FB-B373-E2AF4E41912F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F9EC1EF5-1491-4631-BD3C-D77C202A98B8}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{75FA3425-7E27-44E7-9123-01232BF5C16B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{BC5FACDA-4AAA-4C05-A727-2098486A2305}] => (Allow) LPort=54925
FirewallRules: [{F0703D0A-9258-4978-8C15-C680E9FCDC4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9778E8B-235E-4223-902C-54618C45CEB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D174CBCC-C3A1-404E-AABA-7ABB9C84B5EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCFDC947-D6D3-4B3E-85E5-D9A4114D3030}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5868ED3-11F4-422B-B5E6-2AC8ED12652D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9798F09E-0165-4961-A4CE-E090F48820C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E99815-7E71-420D-B056-647682BED2AD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{342E946C-1251-45F8-970B-C47F640C2FE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F1B6BE8-8F34-4B8D-8653-F01D69370E3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3BEC659E-6C3E-4386-B761-59520357EA4A}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [UDP Query User{7DB3A14D-9501-4BBC-83FD-A6F322CEFB9C}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{C68CFB00-7AB8-4788-AF23-366C3A50812C}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EC2FE292-DE32-434F-ADDD-BA30862E4365}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
==================== Wiederherstellungspunkte =========================
20-03-2016 07:55:13 Geplanter Prüfpunkt
17-04-2016 13:51:21 Geplanter Prüfpunkt
17-04-2016 18:42:08 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/23/2016 11:04:49 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
Error: (04/23/2016 11:04:49 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
Error: (04/23/2016 11:04:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 127413609
Error: (04/23/2016 11:04:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 127413609
Error: (04/23/2016 11:04:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/21/2016 11:41:15 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
Error: (04/21/2016 11:17:14 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (04/21/2016 09:59:00 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
Error: (04/21/2016 09:59:00 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
Error: (04/21/2016 09:59:00 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: Target FB Allocation : FAILED
Systemfehler:
=============
Error: (04/23/2016 11:09:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/21/2016 10:06:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/17/2016 07:09:19 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/17/2016 07:09:19 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/17/2016 07:09:08 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/17/2016 07:09:08 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/17/2016 07:09:07 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/17/2016 07:09:07 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/17/2016 07:09:07 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/17/2016 07:09:07 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
CodeIntegrity:
===================================
Date: 2014-09-09 20:06:30.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-09 20:05:52.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:23:28.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:25.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:16.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:49.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:24.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 3948.49 MB
Verfügbarer physikalischer RAM: 2430.64 MB
Summe virtueller Speicher: 7916.49 MB
Verfügbarer virtueller Speicher: 6213.2 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:1801.31 GB) (Free:1629.18 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.64 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
23.04.2016, 10:38
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
R2 Graveair; C:\ProgramData\\Graveair\\Graveair.exe [764416 2016-03-05] () [Datei ist nicht signiert]
C:\ProgramData\Graveair\
AppInit_DLLs: C:\ProgramData\Graveair\DaltRon.dll => Keine Datei
AppInit_DLLs-x32: C:\ProgramData\Graveair\Dong-Hold.dll => Keine Datei
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 ->
FF NewTab:
Task: {50342E5B-CF36-43E7-A21B-69A529320C58} - \DNSPILLOW ->
Schritt 2 Bitte starte FRST erneut, und drücke auf Untersuchen. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.04.2016, 11:41
| #5 |
| | Logs Hier ist der Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-04-2016
durchgeführt von Regina (2016-04-23 12:33:35) Run:1
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
R2 Graveair; C:\ProgramData\\Graveair\\Graveair.exe [764416 2016-03-05] () [Datei ist nicht signiert]
C:\ProgramData\Graveair\
AppInit_DLLs: C:\ProgramData\Graveair\DaltRon.dll => Keine Datei
AppInit_DLLs-x32: C:\ProgramData\Graveair\Dong-Hold.dll => Keine Datei
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 ->
FF NewTab:
Task: {50342E5B-CF36-43E7-A21B-69A529320C58} - \DNSPILLOW ->
*****************
Prozess erfolgreich geschlossen.
Graveair => Dienst erfolgreich entfernt
C:\ProgramData\Graveair => erfolgreich verschoben
"C:\ProgramData\Graveair\DaltRon.dll" => Wert Daten erfolgreich entfernt.
"C:\ProgramData\Graveair\Dong-Hold.dll" => Wert Daten erfolgreich entfernt.
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wert erfolgreich entfernt
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => Wert erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\ielnksrch => Schlüssel nicht gefunden.
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> => Wert nicht gefunden.
Firefox "newtab" erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{50342E5B-CF36-43E7-A21B-69A529320C58}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50342E5B-CF36-43E7-A21B-69A529320C58}" => Schlüssel erfolgreich entfernt
Das System musste neu gestartet werden.
==== Ende von Fixlog 12:33:37 ====
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
durchgeführt von Regina (Administrator) auf KELLER-PC (23-04-2016 12:36:01)
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [Dropbox Update] => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1F742A42-6343-45CD-B58C-A37185B72A30}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {FA56DABC-FA5C-432F-8305-1DB5F303655D} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151111&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-03] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: hxxps://de.search.yahoo.com/search?fr=mcafee&type=A111DE0&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\searchplugins\McSiteAdvisor.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09]
FF Extension: DownThemAll! - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: WEB.DE MailCheck - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\mailcheck@web.de [2015-12-16]
FF Extension: Adblock Plus - C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\us6eaphg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-13] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-17]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-17]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 12:33 - 2016-04-23 12:33 - 00004635 _____ C:\Users\Regina\Desktop\Fixlog.txt
2016-04-21 22:04 - 2016-04-21 22:05 - 00000000 ____D C:\Users\Regina\Desktop\2015-04-17_Scans
2016-04-17 19:45 - 2016-04-17 19:45 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-17 19:21 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-17 19:08 - 2016-04-17 19:08 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-17 18:47 - 2016-04-17 19:20 - 00000000 ____D C:\ProgramData\Graveairs
2016-04-17 18:08 - 2016-04-17 18:14 - 00000000 ____D C:\AdwCleaner
2016-04-17 17:46 - 2016-04-17 17:46 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-17 17:45 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-17 17:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-17 17:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-17 16:34 - 2016-04-17 16:34 - 00001284 _____ C:\Users\Regina\Desktop\Revo Uninstaller.lnk
2016-04-17 16:34 - 2016-04-17 16:34 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-17 16:34 - 2016-04-17 16:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-04-17 16:24 - 2016-04-23 12:36 - 00017341 _____ C:\Users\Regina\Desktop\FRST.txt
2016-04-17 16:24 - 2016-04-23 11:16 - 00037312 _____ C:\Users\Regina\Desktop\Addition.txt
2016-04-17 16:23 - 2016-04-23 12:36 - 00000000 ____D C:\FRST
2016-04-17 16:11 - 2016-04-17 16:00 - 02375168 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2016-04-17 13:19 - 2016-04-16 18:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Regina\Desktop\revosetup95.exe
2016-04-17 13:18 - 2016-04-16 18:45 - 01610352 _____ (Malwarebytes) C:\Users\Regina\Desktop\JRT.exe
2016-04-17 13:18 - 2016-04-16 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\Regina\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-17 13:18 - 2016-04-16 18:39 - 03677760 _____ C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
2016-04-15 17:44 - 2016-04-15 17:44 - 00282856 _____ C:\windows\Minidump\041516-33515-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 12:34 - 2014-05-29 13:07 - 00000000 __RDO C:\Users\Regina\OneDrive
2016-04-23 12:34 - 2014-05-07 16:59 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-04-23 12:34 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-23 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-04-23 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-04-23 12:20 - 2014-06-01 22:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-23 12:00 - 2015-06-13 09:48 - 00001248 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job
2016-04-23 11:59 - 2015-06-13 09:48 - 00001196 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core.job
2016-04-23 11:26 - 2014-05-29 13:05 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3771097824-1906411585-235964679-1002
2016-04-21 22:55 - 2014-05-29 18:17 - 00000000 ____D C:\Users\Regina\Documents\Andreas
2016-04-21 22:54 - 2014-04-28 15:56 - 00440562 _____ C:\windows\system32\perfh014.dat
2016-04-21 22:54 - 2014-04-28 15:56 - 00076716 _____ C:\windows\system32\perfc014.dat
2016-04-21 22:54 - 2014-04-28 13:38 - 00764340 _____ C:\windows\system32\perfh007.dat
2016-04-21 22:54 - 2014-04-28 13:38 - 00159160 _____ C:\windows\system32\perfc007.dat
2016-04-21 22:54 - 2014-03-18 17:26 - 02291150 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-21 22:54 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-04-21 21:58 - 2013-08-22 16:44 - 00387440 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-17 19:58 - 2014-06-02 14:04 - 00000000 ____D C:\windows\system32\MRT
2016-04-17 19:55 - 2014-04-24 18:12 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-17 19:55 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-04-17 19:46 - 2014-04-24 18:38 - 00000000 ____D C:\windows\Panther
2016-04-17 19:32 - 2016-02-17 17:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-17 19:21 - 2014-05-29 14:40 - 00000000 ___RD C:\Users\Regina\Dropbox
2016-04-17 19:20 - 2015-08-09 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-17 19:20 - 2014-05-29 14:21 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-17 19:20 - 2014-05-29 12:59 - 00001025 _____ C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 19:10 - 2015-08-09 20:29 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2016-04-17 19:10 - 2014-04-25 10:12 - 00000000 ____D C:\ProgramData\McAfee
2016-04-17 19:08 - 2014-05-29 14:37 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Dropbox
2016-04-17 19:04 - 2015-06-13 09:48 - 00000000 ____D C:\Users\Regina\AppData\Local\Dropbox
2016-04-17 18:15 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-04-15 20:09 - 2014-05-29 12:58 - 00000000 ____D C:\Users\Regina
2016-04-15 17:44 - 2014-09-03 21:37 - 793586938 _____ C:\windows\MEMORY.DMP
2016-04-15 17:44 - 2014-09-03 21:37 - 00000000 ____D C:\windows\Minidump
2016-04-05 23:53 - 2014-09-16 14:14 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-05 23:53 - 2014-09-16 14:14 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
2014-05-07 17:22 - 2014-05-07 17:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppscwtk.dll
C:\Users\Regina\AppData\Local\Temp\libeay32.dll
C:\Users\Regina\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Regina\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Regina\AppData\Local\Temp\msvcr120.dll
C:\Users\Regina\AppData\Local\Temp\sqlite3.dll
C:\Users\Regina\AppData\Local\Temp\tmp3049.exe
C:\Users\Regina\AppData\Local\Temp\tmp67F7.exe
C:\Users\Regina\AppData\Local\Temp\tmpE862.exe
C:\Users\Regina\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Regina\AppData\Local\Temp\_is8320.exe
C:\Users\Regina\AppData\Local\Temp\_is908C.exe
C:\Users\Regina\AppData\Local\Temp\_isA1B4.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-23 11:34
==================== Ende von FRST.txt ============================
|
|
23.04.2016, 14:10
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ --> Werde Browser Hijacker (Safefinder) auf Firefox nicht los. |
|
23.04.2016, 20:08
| #7 |
| | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Hat etwas gedauert, aber jetzt habe ich den Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=56b6eb25bda3544b974af640c8fbf5b0
# end=init
# utc_time=2016-04-23 02:36:33
# local_time=2016-04-23 04:36:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29208
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=56b6eb25bda3544b974af640c8fbf5b0
# engine=29208
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-23 06:47:21
# local_time=2016-04-23 08:47:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='*McAfee*'
# compatibility_mode=5132 16777214 100 100 523669 46400627 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 21993405 25226811 0 0
# scanned=366774
# found=7
# cleaned=0
# scan_time=14254
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Regina\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=DDDC05F4D47FD3BE1226D75F940741DCB0361497 ft=1 fh=c216c59805261d79 vn="Variante von Win32/TrojanDropper.Addrop.AC Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Graveair\Graveair.exe"
sh=DDDC05F4D47FD3BE1226D75F940741DCB0361497 ft=1 fh=c216c59805261d79 vn="Variante von Win32/TrojanDropper.Addrop.AC Trojaner" ac=I fn="C:\Program Files (x86)\Common Files\ZunTip\uninstall.exe"
sh=2E894970AA0F416232301FC32BDB56EA6FD9E73C ft=1 fh=404c5331a140e9b4 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Regina\AppData\Local\Microsoft\Windows\INetCache\IE\017823W4\audiograbber_1.83[1].exe"
sh=DDDC05F4D47FD3BE1226D75F940741DCB0361497 ft=1 fh=c216c59805261d79 vn="Variante von Win32/TrojanDropper.Addrop.AC Trojaner" ac=I fn="C:\Users\Regina\AppData\Roaming\JayTontam.exe"
sh=DDDC05F4D47FD3BE1226D75F940741DCB0361497 ft=1 fh=c216c59805261d79 vn="Variante von Win32/TrojanDropper.Addrop.AC Trojaner" ac=I fn="C:\Users\Regina\AppData\Roaming\Strongin.exe"
sh=3379C0E00AFD1B014A886A97186CDDE87AE41BB7 ft=1 fh=6bdf5f5be2313e72 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Regina\Dropbox\Downloads\SmartDVB - CHIP-Installer.exe"
|
|
24.04.2016, 13:27
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Werde Browser Hijacker (Safefinder) auf Firefox nicht los.Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.04.2016, 19:11
| #9 |
| | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Hallo Jürgen, beim Öffnen von Firefox erscheint kurzzeitig eine Adresse auf Laufwerk C, welche den Begriff "Graveair" enthält, dann wird weitergeleitet auf search.sidecubes.com, dann warnt der McAfee WebAdvisor "Bedrohung erkannt". Viele Grüsse Peto |
|
25.04.2016, 13:33
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Bitte mal Firefox zurücksetzen. https://support.mozilla.org/de/kb/firefox-bereinigen Wie sieht es jetzt aus?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
25.04.2016, 20:56
| #11 |
| | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Hallo Jürgen, nach bem Bereinigen öffnet sich wieder "search.sidecubes.com" mit einer Google-ähnlichen Suchmaske und einer Werbung, welche das Scannen mit dem "Windows-PC- Bereinigungs- und Reparatur-Tool" empfiehlt.  Und nun? Viele Grüsse Peto |
|
26.04.2016, 17:58
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Frische Logs bitte: Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.04.2016, 20:27
| #13 |
| | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Hi Jürgen, zunächst schon einmal danke für dein Engagement! Und nun die Logs: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
durchgeführt von Regina (Administrator) auf KELLER-PC (26-04-2016 21:13:49)
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\AMD\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)
HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Run: [Dropbox Update] => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1F742A42-6343-45CD-B58C-A37185B72A30}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt2qRoE1nLDDdcJp8b3Is13G8RcNUsJuc_WcZzXApAfwtPEOtncXlAoFMK0pSP2Yh2FwyfGIjsm4oDpqbopxXiS8ImD_Y,
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {FA56DABC-FA5C-432F-8305-1DB5F303655D} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151111&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3771097824-1906411585-235964679-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTKKEFTEffkXdtd7uxWJPXoiUJjpr-AJ_p_CygreHlU_YT2pCvQY6YxH1KHfhLqDOt1nroZrCovs66ybSQgXnf6ffA46_rmTx7ii2FdPJlFrxYtlW6Ebv6pJlXi_8b956klYR6utPaIxxN7Kfop1zDPawa5Co,&q={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-03] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\xjuylais.default-1461613735508
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-13] [ist nicht signiert]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-24]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-04-17] () [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [274656 2014-04-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 eapihdrv; C:\Users\Regina\AppData\Local\Temp\ehdrv.sys [135760 2016-04-23] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-26 21:13 - 2016-04-26 21:14 - 00016537 _____ C:\Users\Regina\Desktop\FRST.txt
2016-04-26 21:11 - 2016-04-26 21:13 - 00000000 ____D C:\Users\Regina\Desktop\2016-04-25_Scans
2016-04-25 21:49 - 2016-04-25 21:49 - 00000000 ____D C:\Users\Regina\Desktop\Alte Firefox-Daten
2016-04-23 16:43 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-23 16:43 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-23 16:43 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-23 16:43 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-23 16:43 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-23 16:43 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-23 16:43 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-23 16:43 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-23 16:43 - 2016-03-16 01:00 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-04-23 16:43 - 2016-03-15 16:14 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-23 16:43 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-23 16:43 - 2016-03-10 20:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-23 16:43 - 2016-03-10 20:21 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-23 16:43 - 2016-03-10 20:20 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-23 16:43 - 2016-03-10 19:44 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-23 16:43 - 2016-03-10 19:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-23 16:43 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-23 16:43 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-23 16:39 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-23 16:39 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-23 16:39 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-23 16:39 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-23 16:39 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-23 16:39 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-23 16:39 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-04-23 16:39 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-23 16:39 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-23 16:39 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-23 16:39 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-23 16:39 - 2016-03-31 01:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-04-23 16:39 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-23 16:39 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-23 16:39 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-23 16:39 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-23 16:39 - 2016-03-31 01:43 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-23 16:39 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-23 16:39 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-23 16:39 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-23 16:39 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-23 16:39 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-23 16:39 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-04-23 16:39 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-04-23 16:39 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-23 16:39 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-23 16:39 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-23 16:39 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-23 16:39 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-23 16:39 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-23 16:39 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-23 16:39 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-23 16:39 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-23 16:39 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-23 16:39 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-23 16:39 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-23 16:39 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-04-23 16:39 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-04-23 16:39 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-04-23 16:39 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-04-23 16:39 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-04-23 16:39 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-04-23 16:39 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2016-04-23 16:39 - 2016-02-02 20:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys
2016-04-23 16:39 - 2016-01-24 20:19 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-04-23 16:39 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2016-04-23 16:39 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2016-04-23 16:39 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2016-04-23 16:39 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2016-04-23 16:39 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2016-04-23 16:39 - 2016-01-09 03:38 - 00091992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-04-23 16:39 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-04-23 16:39 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-04-23 16:37 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-23 16:37 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-23 16:37 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-04-23 16:37 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-04-23 16:37 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-04-23 16:37 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-04-23 16:37 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2016-04-23 16:37 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-04-23 16:37 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-04-23 16:37 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\WsmAgent.dll
2016-04-23 16:37 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-04-23 16:37 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-04-23 16:37 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAgent.dll
2016-04-23 16:37 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-04-23 16:37 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-04-23 16:37 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-23 16:37 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-04-23 16:37 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-04-23 16:36 - 2016-04-23 16:36 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-23 16:36 - 2016-03-10 21:19 - 07452512 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-23 16:36 - 2016-03-10 21:17 - 01663192 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-23 16:36 - 2016-03-10 21:17 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-04-23 16:36 - 2016-03-10 21:17 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-23 16:36 - 2016-03-10 21:17 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-04-23 16:36 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-23 16:36 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-23 16:36 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-23 16:36 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-23 16:36 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-23 16:36 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-04-23 16:36 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-04-23 16:36 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-04-23 16:36 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-04-23 16:36 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-04-23 16:36 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-04-23 16:36 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-04-23 16:36 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-04-23 16:36 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-04-23 16:36 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-04-23 16:36 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-04-23 16:36 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-04-23 16:36 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-04-23 16:36 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-04-23 16:36 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-04-23 16:36 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-04-23 16:36 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2016-04-23 16:36 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-04-23 16:36 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\windows\SysWOW64\themecpl.dll
2016-04-23 16:36 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2016-04-23 16:36 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-04-23 16:36 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2016-04-23 16:36 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\windows\SysWOW64\hgcpl.dll
2016-04-23 16:36 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2016-04-23 16:36 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingMonitor.dll
2016-04-23 16:36 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2016-04-23 16:36 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2016-04-23 16:36 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2016-04-23 16:36 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-04-23 16:36 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\windows\system32\themecpl.dll
2016-04-23 16:36 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2016-04-23 16:36 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-04-23 16:36 - 2016-02-08 19:12 - 14466560 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-04-23 16:36 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2016-04-23 16:36 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\hgcpl.dll
2016-04-23 16:36 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2016-04-23 16:36 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll
2016-04-23 16:36 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-23 16:36 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2016-04-23 16:36 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2016-04-23 16:36 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2016-04-23 16:36 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2016-04-23 16:36 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2016-04-23 16:36 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2016-04-23 16:36 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-04-23 16:36 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-04-23 16:36 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\dhcpsapi.dll
2016-04-23 16:36 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpsapi.dll
2016-04-23 16:36 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2016-04-23 16:36 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-04-23 16:36 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-04-23 16:36 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-04-23 16:36 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2016-04-23 16:36 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpci.sys
2016-04-23 16:36 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-04-23 16:36 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-04-23 16:36 - 2016-01-21 00:40 - 00099672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-04-23 16:36 - 2016-01-13 23:26 - 01737080 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-23 16:36 - 2016-01-13 23:26 - 01501488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-23 16:36 - 2016-01-10 20:18 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2016-04-23 16:36 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2016-04-23 16:36 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll
2016-04-23 16:36 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2016-04-23 16:36 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\windows\system32\AppxAllUserStore.dll
2016-04-23 16:36 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxAllUserStore.dll
2016-04-23 16:35 - 2016-04-23 16:28 - 02870984 _____ (ESET) C:\Users\Regina\Desktop\esetsmartinstaller_deu.exe
2016-04-23 16:35 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-04-23 16:35 - 2016-02-07 01:05 - 00551256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-04-23 16:35 - 2016-02-07 00:41 - 00316760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2016-04-23 16:35 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-04-23 16:35 - 2016-02-05 21:07 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-04-23 16:35 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\windows\system32\WMASF.DLL
2016-04-23 16:35 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMASF.DLL
2016-04-23 16:35 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2016-04-23 16:35 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2016-04-23 16:35 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2016-04-23 16:35 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-04-23 16:35 - 2016-02-05 17:02 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2016-04-23 16:35 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-04-23 16:35 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-04-23 16:35 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-04-23 16:35 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-04-23 16:35 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-04-23 16:35 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-04-23 16:35 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-04-23 16:35 - 2016-02-04 18:23 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2016-04-23 16:35 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2016-04-23 16:35 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\wbengine.exe
2016-04-23 16:35 - 2016-01-31 21:16 - 00148832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-04-23 16:35 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\windows\system32\WindowsAnytimeUpgradeui.exe
2016-04-23 16:35 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-04-23 16:35 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-04-23 16:35 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-04-23 16:35 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-04-23 16:35 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-04-23 16:35 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2016-04-23 16:35 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-04-23 16:35 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-04-23 16:35 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-04-21 22:04 - 2016-04-21 22:05 - 00000000 ____D C:\Users\Regina\Desktop\2016-04-17_Scans
2016-04-17 19:21 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-17 19:08 - 2016-04-17 19:08 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-17 18:47 - 2016-04-17 19:20 - 00000000 ____D C:\ProgramData\Graveairs
2016-04-17 18:08 - 2016-04-17 18:14 - 00000000 ____D C:\AdwCleaner
2016-04-17 17:46 - 2016-04-17 17:46 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 17:45 - 2016-04-17 17:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-17 17:45 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-17 17:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-17 17:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-17 16:34 - 2016-04-17 16:34 - 00001284 _____ C:\Users\Regina\Desktop\Revo Uninstaller.lnk
2016-04-17 16:34 - 2016-04-17 16:34 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-17 16:34 - 2016-04-17 16:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-04-17 16:23 - 2016-04-26 21:13 - 00000000 ____D C:\FRST
2016-04-17 16:11 - 2016-04-17 16:00 - 02375168 _____ (Farbar) C:\Users\Regina\Desktop\FRST64.exe
2016-04-17 13:19 - 2016-04-16 18:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Regina\Desktop\revosetup95.exe
2016-04-17 13:18 - 2016-04-16 18:45 - 01610352 _____ (Malwarebytes) C:\Users\Regina\Desktop\JRT.exe
2016-04-17 13:18 - 2016-04-16 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\Regina\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-17 13:18 - 2016-04-16 18:39 - 03677760 _____ C:\Users\Regina\Desktop\AdwCleaner_5.111.exe
2016-04-15 17:44 - 2016-04-15 17:44 - 00282856 _____ C:\windows\Minidump\041516-33515-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-26 21:10 - 2014-05-29 13:07 - 00000000 __RDO C:\Users\Regina\OneDrive
2016-04-26 21:10 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-04-26 21:09 - 2015-08-09 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-26 21:09 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-26 21:09 - 2013-08-22 16:44 - 00387440 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-25 22:04 - 2014-05-07 16:59 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-04-25 22:04 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-04-25 22:02 - 2015-04-15 16:54 - 00000000 ____D C:\windows\system32\appraiser
2016-04-25 22:02 - 2015-04-05 05:04 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-04-25 22:02 - 2015-04-05 05:04 - 00000000 ___SD C:\windows\system32\GWX
2016-04-25 22:02 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ToastData
2016-04-25 21:59 - 2015-06-13 09:48 - 00001248 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job
2016-04-25 06:20 - 2014-06-01 22:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-24 20:14 - 2014-05-29 13:05 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3771097824-1906411585-235964679-1002
2016-04-23 18:00 - 2014-04-24 18:38 - 00000000 ____D C:\windows\Panther
2016-04-23 17:56 - 2016-02-13 20:35 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-23 17:01 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-04-23 16:35 - 2014-05-29 14:40 - 00000000 ___RD C:\Users\Regina\Dropbox
2016-04-23 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-04-23 11:59 - 2015-06-13 09:48 - 00001196 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core.job
2016-04-21 22:55 - 2014-05-29 18:17 - 00000000 ____D C:\Users\Regina\Documents\Andreas
2016-04-21 22:54 - 2014-04-28 15:56 - 00440562 _____ C:\windows\system32\perfh014.dat
2016-04-21 22:54 - 2014-04-28 15:56 - 00076716 _____ C:\windows\system32\perfc014.dat
2016-04-21 22:54 - 2014-04-28 13:38 - 00764340 _____ C:\windows\system32\perfh007.dat
2016-04-21 22:54 - 2014-04-28 13:38 - 00159160 _____ C:\windows\system32\perfc007.dat
2016-04-21 22:54 - 2014-03-18 17:26 - 02291150 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-17 19:58 - 2014-06-02 14:04 - 00000000 ____D C:\windows\system32\MRT
2016-04-17 19:55 - 2014-04-24 18:12 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-17 19:32 - 2016-02-17 17:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-17 19:20 - 2014-05-29 14:21 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-17 19:20 - 2014-05-29 12:59 - 00001025 _____ C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 19:18 - 2016-01-13 08:16 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-17 19:10 - 2015-08-09 20:29 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2016-04-17 19:10 - 2014-04-25 10:12 - 00000000 ____D C:\ProgramData\McAfee
2016-04-17 19:08 - 2014-05-29 14:37 - 00000000 ____D C:\Users\Regina\AppData\Roaming\Dropbox
2016-04-17 19:04 - 2015-06-13 09:48 - 00000000 ____D C:\Users\Regina\AppData\Local\Dropbox
2016-04-17 18:15 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2016-04-15 20:09 - 2014-05-29 12:58 - 00000000 ____D C:\Users\Regina
2016-04-15 17:44 - 2014-09-03 21:37 - 793586938 _____ C:\windows\MEMORY.DMP
2016-04-15 17:44 - 2014-09-03 21:37 - 00000000 ____D C:\windows\Minidump
2016-04-05 23:53 - 2014-09-16 14:14 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-05 23:53 - 2014-09-16 14:14 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
2014-05-07 17:22 - 2014-05-07 17:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Regina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppscwtk.dll
C:\Users\Regina\AppData\Local\Temp\libeay32.dll
C:\Users\Regina\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Regina\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Regina\AppData\Local\Temp\msvcr120.dll
C:\Users\Regina\AppData\Local\Temp\sqlite3.dll
C:\Users\Regina\AppData\Local\Temp\tmp3049.exe
C:\Users\Regina\AppData\Local\Temp\tmp67F7.exe
C:\Users\Regina\AppData\Local\Temp\tmpE862.exe
C:\Users\Regina\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Regina\AppData\Local\Temp\_is8320.exe
C:\Users\Regina\AppData\Local\Temp\_is908C.exe
C:\Users\Regina\AppData\Local\Temp\_isA1B4.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-24 03:42
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-04-2016
durchgeführt von Regina (2016-04-26 21:14:40)
Gestartet von C:\Users\Regina\Desktop
Windows 8.1 (X64) (2014-05-29 10:58:50)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3771097824-1906411585-235964679-500 - Administrator - Disabled)
Gast (S-1-5-21-3771097824-1906411585-235964679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3771097824-1906411585-235964679-1004 - Limited - Enabled)
Regina (S-1-5-21-3771097824-1906411585-235964679-1002 - Administrator - Enabled) => C:\Users\Regina
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-5490CN (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3910 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Dropbox (HKU\S-1-5-21-3771097824-1906411585-235964679-1002\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.3.1 - CM&V)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Silhouette Studio (HKLM-x32\...\{85E3BB6E-39E3-491F-B8E0-60BF11F48471}) (Version: 3.3.638 - Silhouette America)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3771097824-1906411585-235964679-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16D9D28F-6824-4C1E-8A25-7CCA4D1C5BF6} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {29B48724-AB0E-4166-9B44-3C79FED9765C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2CE01BEC-63D0-407E-9BEA-B7E88F2F29F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {4C07A135-B508-4ED2-B2B1-CF12124D354A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {B45D8F60-29AB-481B-B6DD-D1F7C36AB7DF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C7460098-8594-4ECB-B7B8-90C64290223F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-04-17] (Microsoft Corporation)
Task: {DA993FD8-9032-419D-B2D7-5C02E50BCE15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002Core.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3771097824-1906411585-235964679-1002UA.job => C:\Users\Regina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Regina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.aldi-essen.de
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-17 22:55 - 2014-04-17 22:55 - 00082432 _____ () C:\AMD\amdacpusrsvc.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 09:20 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-24 23:04 - 2005-04-22 13:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-06-24 23:05 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-17 23:29 - 2014-04-17 23:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-12-12 16:34 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-17 19:07 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-17 19:07 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 16:34 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 16:34 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 16:34 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-17 19:07 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 16:34 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 16:34 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 16:34 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 16:34 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-17 19:07 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 16:34 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 16:34 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-17 19:07 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-17 19:07 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-17 19:07 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-17 19:07 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 16:34 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 14:59 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-17 19:07 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-17 19:07 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 16:34 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-17 19:07 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-17 19:07 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-17 19:07 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 16:34 - 2016-04-08 20:20 - 00024904 _____ () C:\Users\Regina\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2014-06-24 23:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3771097824-1906411585-235964679-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{82C57A89-E0E9-436E-A004-3B41AB398FF3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E7FB244F-0022-40A0-B0B6-83F6DE5AC5C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FFC0F777-525B-4416-8BC1-E5B95DBB29E8}] => (Allow) LPort=2869
FirewallRules: [{7444B070-8E08-48C8-A0B1-22DE9F908422}] => (Allow) LPort=1900
FirewallRules: [{F53BA5DE-0D68-4F14-AB21-2229668848B1}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{879BE00D-DCDB-42F3-90C1-D34493024AA6}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D71416C0-B215-4AE9-87AB-251D4A21BDD0}] => (Allow) C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F6AEF13-D68B-43FB-B373-E2AF4E41912F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F9EC1EF5-1491-4631-BD3C-D77C202A98B8}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{75FA3425-7E27-44E7-9123-01232BF5C16B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08x\FAXRX.exe
FirewallRules: [{BC5FACDA-4AAA-4C05-A727-2098486A2305}] => (Allow) LPort=54925
FirewallRules: [{F0703D0A-9258-4978-8C15-C680E9FCDC4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9778E8B-235E-4223-902C-54618C45CEB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D174CBCC-C3A1-404E-AABA-7ABB9C84B5EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCFDC947-D6D3-4B3E-85E5-D9A4114D3030}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5868ED3-11F4-422B-B5E6-2AC8ED12652D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9798F09E-0165-4961-A4CE-E090F48820C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E99815-7E71-420D-B056-647682BED2AD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{342E946C-1251-45F8-970B-C47F640C2FE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F1B6BE8-8F34-4B8D-8653-F01D69370E3F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3BEC659E-6C3E-4386-B761-59520357EA4A}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [UDP Query User{7DB3A14D-9501-4BBC-83FD-A6F322CEFB9C}C:\program files\vlc\vlc.exe] => (Block) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{C68CFB00-7AB8-4788-AF23-366C3A50812C}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EC2FE292-DE32-434F-ADDD-BA30862E4365}C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\regina\appdata\roaming\dropbox\bin\dropbox.exe
==================== Wiederherstellungspunkte =========================
20-03-2016 07:55:13 Geplanter Prüfpunkt
17-04-2016 13:51:21 Geplanter Prüfpunkt
17-04-2016 18:42:08 JRT Pre-Junkware Removal
23-04-2016 16:46:14 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/26/2016 09:09:23 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: IOCTL_ACPKSD_KSD_TO_USR_SVC_SET_FB_APERTURES: FAILED
Error: (04/26/2016 09:09:23 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: FAILED
Error: (04/26/2016 09:09:23 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GfxMemServiceInitialize: Target FB Allocation : FAILED
Error: (04/25/2016 09:53:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (04/25/2016 09:37:56 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: FAILED.
Error: (04/25/2016 09:37:56 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvcacpusrsvc: GraphicsMemory API Wrapper: Dummy Packet Submission FAILED
Error: (04/25/2016 09:37:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54401375
Error: (04/25/2016 09:37:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54401375
Error: (04/25/2016 09:37:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/25/2016 06:31:14 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: amdacpusrsvc[EVENT]: SERVICE_CONTROL_POWEREVENT: RESUME: IOCTL_USR_SVC_TO_ACPKSD_POWER_STATE_NOTIFICATION: FAILED
Systemfehler:
=============
Error: (04/25/2016 09:42:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/24/2016 08:06:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (04/23/2016 04:42:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (04/23/2016 04:42:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Regina\AppData\Local\Temp\ehdrv.sys
Error: (04/23/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/23/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/23/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1069
Error: (04/23/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/23/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/23/2016 12:34:07 PM) (Source: DCOM) (EventID: 10010) (User: KELLER-PC)
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
CodeIntegrity:
===================================
Date: 2014-09-09 20:06:30.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-09 20:05:52.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:23:28.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:20:32.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:25.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 22:12:16.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:49.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-09-02 19:19:24.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 3948.49 MB
Verfügbarer physikalischer RAM: 2416.07 MB
Summe virtueller Speicher: 7916.49 MB
Verfügbarer virtueller Speicher: 6320.43 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:1801.31 GB) (Free:1621.51 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.64 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
26.04.2016, 20:40
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-04-17]
C:\Program Files (x86)\Common Files\ZunTip
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
C:\Users\Regina\AppData\Local\Microsoft\Windows\INetCache\IE\017823W4\audiograbber_1.83[1].exe
C:\Users\Regina\AppData\Roaming\JayTontam.exe
EmptyTemp:
Wie sieht es nach dem Reboot aus?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
27.04.2016, 18:16
| #15 |
| | Werde Browser Hijacker (Safefinder) auf Firefox nicht los. Hi Jürgen, habe ich gemacht. Firefox zeigt immer noch dieselben Symtome. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:17-04-2016
durchgeführt von Regina (2016-04-27 19:01:32) Run:2
Gestartet von C:\Users\Regina\Desktop
Geladene Profile: Regina (Verfügbare Profile: Regina)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2016-04-17]
C:\Program Files (x86)\Common Files\ZunTip
2016-03-05 16:32 - 2016-03-05 16:32 - 8037888 _____ () C:\Users\Regina\AppData\Roaming\agent.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0054272 _____ () C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0065040 _____ () C:\Users\Regina\AppData\Roaming\Config.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0015888 _____ () C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0127488 _____ () C:\Users\Regina\AppData\Roaming\Installer.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 0072712 _____ () C:\Users\Regina\AppData\Roaming\JayTontam.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\lobby.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0018432 _____ () C:\Users\Regina\AppData\Roaming\Main.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0005568 _____ () C:\Users\Regina\AppData\Roaming\md.xml
2016-03-05 16:32 - 2016-03-05 16:32 - 0126464 _____ () C:\Users\Regina\AppData\Roaming\noah.dat
2016-03-05 16:32 - 2016-03-05 16:32 - 0764416 _____ () C:\Users\Regina\AppData\Roaming\Strongin.exe
2016-03-05 16:32 - 2016-03-05 16:32 - 1903064 _____ () C:\Users\Regina\AppData\Roaming\Strongin.tst
2016-03-05 16:32 - 2016-03-05 16:32 - 0032038 _____ () C:\Users\Regina\AppData\Roaming\uninstall_temp.ico
C:\Users\Regina\AppData\Local\Microsoft\Windows\INetCache\IE\017823W4\audiograbber_1.83[1].exe
C:\Users\Regina\AppData\Roaming\JayTontam.exe
EmptyTemp:
*****************
Prozess erfolgreich geschlossen.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml => erfolgreich verschoben
C:\Program Files (x86)\Common Files\ZunTip => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\agent.dat => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\ApplicationHosting.dat => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\Config.xml => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\InstallationConfiguration.xml => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\Installer.dat => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\JayTontam.exe => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\JayTontam.tst => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\lobby.dat => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\Main.dat => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\md.xml => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\noah.dat => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\Strongin.exe => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\Strongin.tst => erfolgreich verschoben
C:\Users\Regina\AppData\Roaming\uninstall_temp.ico => erfolgreich verschoben
C:\Users\Regina\AppData\Local\Microsoft\Windows\INetCache\IE\017823W4\audiograbber_1.83[1].exe => erfolgreich verschoben
"C:\Users\Regina\AppData\Roaming\JayTontam.exe" => nicht gefunden.
EmptyTemp: => 3.5 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 19:02:39 ====
Peto |
|
| Themen zu Werde Browser Hijacker (Safefinder) auf Firefox nicht los. |
| adware.cloudguard, askbar, dnsapi.dll, einstellungen, flash player, homepage, iexplore.exe, neustart, prozesse, pup.optional.cloudscout, pup.optional.clousdscout.brwsrflsh, pup.optional.dnsunlocker, pup.optional.dnsunlocker.brwsrflsh, pup.optional.linkury, pup.optional.linkury.shrtcln, safefinder virus entfernen, security, services.exe, siteadvisor, software, svchost.exe, trojan.dnschanger.dnsrst, webadvisor, win32/downloadguide.d, win32/downloadsponsor.a, win32/trojandropper.addrop.ac, winlogon.exe, wrapper |
Linear-Darstellung
