|
Plagegeister aller Art und deren Bekämpfung: Win32:Dropper in C:\Program Files (x86)\WinZipper gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.08.2016, 16:16 | #1 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Hallo! Mein Anti-Vir-Programm (Avast) hat eine "schwere" Bedrohung festgestellt (Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden), woraufhin ich eine Startzeitüberprüfung gemacht habe. Das Programm konnte die Viren nicht entfernen, da sie sich "diese Aktion nicht unterstützt wird". Ich habe auch versucht den Ordner manuell zu löschen, was aber leider auch nicht möglich war. Nach kurzer Suche, habe ich herausgefunden, dass es sich um einen Trojaner handeln könnte. Mein PC hat Windows 10 und läuft sonst ganz normal. Ich hoffe ihr könnte mir weiterhelfen! Gruß Martin |
28.08.2016, 09:18 | #2 |
/// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefundenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Sieht nach Adware aus ... keine "schwere Infektion"... eine "schwere Infektion" knippst dir dein Avast aus, so dass es nicht mehr läuft... Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (28.08.2016 um 09:30 Uhr) |
28.08.2016, 16:01 | #3 |
| Scans Hallo Mathias,
__________________Vielen Dank, dass du mir hilfst! Hier die Scans: FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016 durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (28-08-2016 16:33:10) Gestartet von C:\Users\Martin\Desktop Geladene Profile: Martin (Verfügbare Profile: Martin) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Winziper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe (evangel technology (hk) limited) C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\cktSvc.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () C:\ProgramData\Legpat\Legpat.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AMD) C:\Windows\System32\atieclxx.exe (EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\UncheckitBsn.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Christoph Bünger Software) C:\Program Files (x86)\Wecker6\Wecker.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [safe_url__2] => C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe [2957520 2016-02-12] () HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1409296 2015-12-04] (Lavasoft) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64" HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-05-12] ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-02-24] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2014-06-11] ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software) GroupPolicy: Beschränkung - Chrome <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited) Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited) Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A2320756E636865636B69745F626567696E0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B697470726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B69745F656E640A Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0 Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1 Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKLM -> OldSearch URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1429767349&from=cor&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKLM-x32 -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D120415-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-is__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation) BHO: DealbeaverBHO Class -> {A5C87FD0-85EF-45B6-AF57-BE74A5FF1768} -> C:\Program Files (x86)\Dealbeaver\Dealbeaver64.dll [2016-05-18] (Dealbeaver) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: DealbeaverBHO Class -> {A5C87FD0-85EF-45B6-AF57-BE74A5FF1768} -> C:\Program Files (x86)\Dealbeaver\Dealbeaver.dll [2016-05-18] (Dealbeaver) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Kein Name -> {dc727a8c-7582-483c-a1c2-2b885f099bb5} -> Keine Datei BHO-x32: Kein Name -> {E6E66045-E911-4C01-961D-32387BF12768} -> C:\Users\Martin\AppData\LocalLow\Browser-Security\safe_url.dll [2015-09-11] () BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company) BHO-x32: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft) FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\avast-search.xml [2016-05-31] FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04] FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\nuesearch.xml [2016-07-12] FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert] FF Extension: (Browser-Security) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\firefox@browser-security.de.xpi [2015-12-04] [ist nicht signiert] FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\quick_searchff@gmail.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\sweetsearch@gmail.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1471937979&z=32ae82565e8943bb0a12258g3z6mdg2teceb1e7gcb&from=eve0822se&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 Chrome: ======= CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com" CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> nice CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-05-20] CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11] CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11] CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-12] CHR Extension: (Skype) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-22] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12] CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28] StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nuesearch.com/?type=sc&ts=1471937979&z=32ae82565e8943bb0a12258g3z6mdg2teceb1e7gcb&from=eve0822se&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software) R2 cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [274176 2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-04] (Lavasoft Limited) R2 LegpatP; C:\ProgramData\Legpat\Legpat.exe [399768 2016-05-26] () S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert] R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [761344 2016-05-20] (Qksee Pvt Ltd.) [Datei ist nicht signiert] R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-04] () S2 ThnAdpsrv; C:\Program Files (x86)\Thunshprerusp\ThnAdpsrv.exe [986264 2016-05-19] () R2 UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [247552 2016-07-05] (evangel technology (hk) limited) S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1141400 2016-06-21] (Winziper Pvt Ltd.) <==== ACHTUNG S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] () S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-24] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] () R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.) R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.) R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.) S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S4 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-28 16:33 - 2016-08-28 16:34 - 00050996 _____ C:\Users\Martin\Desktop\FRST.txt 2016-08-28 16:32 - 2016-08-28 16:33 - 00000000 ____D C:\FRST 2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe 2016-08-28 16:31 - 2016-08-28 16:31 - 02396672 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe 2016-08-26 01:49 - 2016-08-26 01:49 - 00000004 ____H C:\ProgramData\cm-lock 2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html 2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html 2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-23 09:39 - 2016-08-25 23:40 - 00000000 ____D C:\Program Files (x86)\_SSpm 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html 2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1 2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ 2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ 2016-08-09 15:54 - 2016-08-09 15:54 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk 2016-08-09 15:54 - 2016-08-09 15:54 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk 2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ 2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html 2016-08-08 10:42 - 2016-08-24 00:51 - 00000000 ____D C:\Program Files (x86)\SoEasySvc 2016-08-08 10:42 - 2016-08-23 09:39 - 00000000 ____D C:\ProgramData\KwinpK 2016-08-07 11:50 - 2016-08-07 11:50 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp 2016-08-05 18:50 - 2016-08-05 18:50 - 00003726 _____ C:\WINDOWS\System32\Tasks\UpdaterTask 2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys 2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS 2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS 2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip 2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf 2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls 2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html 2016-08-01 14:01 - 2016-08-23 09:39 - 05842516 _____ (Update) C:\Program Files (x86)\SSFK.exe 2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html 2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\ProgramData\JwinpJ 2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\ProgramData\fwinpf 2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-28 16:35 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien 2016-08-28 16:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-08-28 16:15 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity 2016-08-28 16:15 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity 2016-08-28 16:15 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity 2016-08-28 16:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-28 15:41 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity 2016-08-28 15:41 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity 2016-08-28 15:41 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity 2016-08-28 14:11 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai 2016-08-28 10:06 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-28 09:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-08-28 08:38 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job 2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-28 08:34 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox 2016-08-28 08:31 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles 2016-08-28 08:31 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin 2016-08-27 18:00 - 2015-12-05 18:26 - 00000498 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job 2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat 2016-08-26 18:28 - 2016-05-23 10:42 - 00000000 ____D C:\Program Files (x86)\qksee 2016-08-26 18:27 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-26 16:19 - 2016-06-16 12:44 - 00000000 ____D C:\Program Files (x86)\WinZipper 2016-08-25 21:14 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-25 08:21 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm 2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-24 01:13 - 2016-07-12 10:53 - 00000000 ____D C:\ProgramData\AwinpA 2016-08-24 01:06 - 2016-07-12 10:53 - 00000000 ____D C:\Program Files (x86)\WinSaber 2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied 2016-08-23 22:13 - 2016-07-19 12:42 - 00000000 ____D C:\ProgramData\ChelfNotify 2016-08-23 13:58 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive 2016-08-23 09:39 - 2016-07-12 10:53 - 00000000 ____D C:\Program Files (x86)\SFK 2016-08-22 22:50 - 2016-05-20 22:49 - 00003782 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2016-08-22 22:50 - 2016-05-20 22:49 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-08-22 10:42 - 2016-07-19 12:42 - 00003538 _____ C:\WINDOWS\System32\Tasks\ChelfNotify Task 2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni 2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-08 23:40 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-08 23:40 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2 2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat 2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat 2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-08-03 08:37 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-07-30 22:50 - 2013-05-04 15:33 - 00004204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-30 22:50 - 2013-05-04 15:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-30 22:50 - 2013-05-04 15:33 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab 2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi 2014-08-13 10:27 - 2014-08-13 10:27 - 0478720 _____ () C:\Program Files (x86)\setup.exe 2014-08-13 10:27 - 2014-08-13 10:27 - 0000279 _____ () C:\Program Files (x86)\setup.ini 2016-08-01 14:01 - 2016-08-23 09:39 - 5842516 _____ (Update) C:\Program Files (x86)\SSFK.exe 2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS 2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part 2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS 2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part 2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS 2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part 2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-26 01:49 - 2016-08-26 01:49 - 0000004 ____H () C:\ProgramData\cm-lock ZeroAccess: C:\Users\Martin\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Einige Dateien in TEMP: ==================== C:\Users\Martin\AppData\Local\Temp\9fQIA1hk-prog.exe C:\Users\Martin\AppData\Local\Temp\9fQIA1hk-upd.exe C:\Users\Martin\AppData\Local\Temp\AcDeltree.exe C:\Users\Martin\AppData\Local\Temp\HPSFUpdater.exe C:\Users\Martin\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Martin\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Martin\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Martin\AppData\Local\Temp\SettingUpdate.exe C:\Users\Martin\AppData\Local\Temp\sphpsa.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-08-24 09:30 ==================== Ende von FRST.txt ============================ |
28.08.2016, 16:03 | #4 |
| Scan Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-08-2016 durchgeführt von Martin (28-08-2016 16:35:31) Gestartet von C:\Users\Martin\Desktop Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled) Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled) Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - ) Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - ) Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft) Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers) AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk) AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk) Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk) Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk) Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software) AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - ) BandwidthStat (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\BandwidthStat) (Version: 1.0 - BandwidthStat) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.7.0 - Vondos Media GmbH) <==== ACHTUNG Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com) CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH) cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version: - ) <==== ACHTUNG CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG) Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft) Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft) Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - ) Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - ) Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.) G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon) GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - ) Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood) GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH) MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.) MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) ParetoLogic PC Health Advisor (HKLM-x32\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.7.0 - ParetoLogic, Inc.) Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version: - Chronic Logic LLC) Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ACHTUNG Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver) Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - ) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG) SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG) SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG) SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG) Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uncheckit (HKLM-x32\...\Uncheckit) (Version: 2.1.5 - EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN) Wajam (HKLM-x32\...\WaNetworkEnhance) (Version: 2.29.2.17 (i2.6) - WaNetworkEnhance) <==== ACHTUNG Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft) Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {55FB011F-2C02-4183-A225-2A34A62683CC} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {5E2D557B-0A4F-42B1-83FD-9CD0D6FE32D0} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2016-08-22] () Task: {5F42836E-AE85-4CA2-86A3-A313F614B55F} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-30] (Tencent) <==== ACHTUNG Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.) Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {85140850-A9DD-4BB4-B7DC-06C1A3F6F29F} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\FFF2A3639BEFA36CCEA18F04A7668C60\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ACHTUNG Task: {8B04DA55-1A17-4E84-B509-C6F091D62841} - System32\Tasks\UncheckitUpdateTaskDB => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II" Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation) Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software) Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.) Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] () Task: {CF8427F3-4A25-4915-A21D-887A076A1E74} - System32\Tasks\UncheckitUpdateTaskC => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG Task: {D3A7A3E2-2E6F-45A2-9448-8CC9BBA0EE78} - System32\Tasks\UncheckitTaskMN => C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {D8589126-C141-4109-A143-BFDE0446BE7C} - System32\Tasks\Thunshprerusp Adapter => C:\Program Files (x86)\Thunshprerusp\ThnAdptsk.exe [2016-05-19] () <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/ ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4df8ad51f300749a\Legpat.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\Users\Public\Desktop\Facebook.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll 2015-12-04 12:36 - 2015-12-04 12:36 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-12-04 12:36 - 2015-12-04 12:36 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-12-04 12:36 - 2015-12-04 12:36 - 00023824 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2016-05-26 14:00 - 2016-05-26 09:14 - 00399768 _____ () C:\ProgramData\Legpat\Legpat.exe 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-23 13:57 - 2016-08-23 13:57 - 01864384 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-04 12:36 - 2016-02-12 21:56 - 02957520 _____ () C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe 2014-08-28 06:09 - 2014-08-28 06:09 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll 2011-09-16 01:16 - 2011-09-16 01:16 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe 2016-08-16 07:41 - 2016-08-16 07:42 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-16 07:41 - 2016-08-16 07:42 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-04 08:45 - 2016-06-04 08:45 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-03-27 22:18 - 2016-03-27 22:19 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-26 16:00 - 2016-08-26 16:00 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082601\algo.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-08-27 14:31 - 2016-08-27 14:31 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082700\algo.dll 2016-06-16 12:44 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll 2016-06-16 12:44 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll 2016-05-23 10:42 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll 2016-05-23 10:42 - 2015-11-16 14:54 - 00065696 _____ () C:\Program Files (x86)\qksee\zlib1.dll 2016-05-26 14:05 - 2016-07-05 08:54 - 00068432 _____ () C:\Program Files (x86)\Uncheckit\zlib1.dll 2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-05-26 14:05 - 2016-05-25 12:28 - 00179200 _____ () C:\Program Files (x86)\Uncheckit\libpng.dll 2013-08-18 20:22 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-08-18 20:22 - 2013-01-27 16:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll 2013-08-18 20:22 - 2012-09-25 10:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll 2013-08-18 20:22 - 2013-01-27 16:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll 2016-08-23 13:57 - 2016-08-23 13:57 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-23 13:57 - 2016-08-23 13:57 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-08-24 09:02 - 2016-07-12 04:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-08-24 09:02 - 2016-07-12 04:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-08-24 09:02 - 2016-07-12 04:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-08-24 09:02 - 2016-07-12 04:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-08-24 09:02 - 2016-08-24 01:17 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-08-24 09:02 - 2016-08-24 01:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-08-24 09:02 - 2016-08-24 01:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-08-24 09:02 - 2016-08-24 01:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2011-09-16 01:17 - 2011-09-16 01:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll 2011-09-16 01:17 - 2011-09-16 01:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2011-09-16 01:18 - 2011-09-16 01:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll 2010-04-05 20:52 - 2010-04-05 20:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL 2010-04-05 20:52 - 2010-04-05 20:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-07-28 21:46 - 2016-07-28 21:46 - 22393528 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll 2016-05-03 16:41 - 2016-05-03 16:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll 2016-06-30 13:55 - 2016-06-30 13:55 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74] AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74] AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74] AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74] AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74] AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2012-07-26 07:26 - 2016-08-26 18:28 - 00003224 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A2320756E636865636B69745F626567696E0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B697470726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B69745F656E640A ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg DNS Servers: 10.156.33.53 - 129.187.5.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{83D7999B-70EB-4F99-9EFD-89AA057289DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server ==================== Wiederherstellungspunkte ========================= 10-08-2016 09:32:46 Geplanter Prüfpunkt 19-08-2016 10:38:33 Geplanter Prüfpunkt 24-08-2016 09:01:40 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/28/2016 02:11:28 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/28/2016 02:11:06 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/28/2016 01:14:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin) Description: Bei der Aktivierung der App „Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/28/2016 11:59:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1218 Error: (08/28/2016 11:59:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1218 Error: (08/28/2016 11:59:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/28/2016 09:37:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin) Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/28/2016 09:37:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin) Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/28/2016 08:33:54 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/27/2016 08:19:18 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Systemfehler: ============= Error: (08/28/2016 01:35:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT) Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt. Code: 8 0x0 0x0 Error: (08/28/2016 01:35:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT) Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt. Code: 2 0xdeaddeed 0xeeec Error: (08/28/2016 01:35:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT) Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt. Code: 1 0xc 0x4 Error: (08/28/2016 11:59:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (08/28/2016 08:33:15 AM) (Source: DCOM) (EventID: 10005) (User: Laptop-Martin) Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046} Error: (08/28/2016 08:33:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (08/28/2016 08:33:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht. Error: (08/28/2016 08:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (08/28/2016 08:31:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error: (08/27/2016 11:21:06 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {7006698D-2974-4091-A424-85DD0B909E23} CodeIntegrity: =================================== Date: 2016-08-10 17:18:45.428 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 13:17:56.917 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 10:14:07.414 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 07:27:25.005 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-13 09:06:47.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-17 15:45:12.710 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-17 11:43:54.192 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-16 12:49:49.599 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-30 22:21:40.173 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-05-30 21:00:16.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Prozentuale Nutzung des RAM: 42% Installierter physikalischer RAM: 8084.27 MB Verfügbarer physikalischer RAM: 4658.36 MB Summe virtueller Speicher: 9364.27 MB Verfügbarer virtueller Speicher: 5371.94 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:448.21 GB) (Free:139.98 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10) Partition: GPT. ==================== Ende von Addition.txt ============================ |
28.08.2016, 16:04 | #5 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden TDSSKller Code:
ATTFilter 16:41:53.0484 0x1154 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31 16:41:53.0484 0x1154 UEFI system 16:41:58.0034 0x1154 ============================================================ 16:41:58.0034 0x1154 Current date / time: 2016/08/28 16:41:58.0034 16:41:58.0035 0x1154 SystemInfo: 16:41:58.0035 0x1154 16:41:58.0035 0x1154 OS Version: 10.0.10586 ServicePack: 0.0 16:41:58.0035 0x1154 Product type: Workstation 16:41:58.0035 0x1154 ComputerName: LAPTOP-MARTIN 16:41:58.0035 0x1154 UserName: Martin 16:41:58.0035 0x1154 Windows directory: C:\WINDOWS 16:41:58.0035 0x1154 System windows directory: C:\WINDOWS 16:41:58.0035 0x1154 Running under WOW64 16:41:58.0035 0x1154 Processor architecture: Intel x64 16:41:58.0035 0x1154 Number of processors: 4 16:41:58.0035 0x1154 Page size: 0x1000 16:41:58.0035 0x1154 Boot type: Normal boot 16:41:58.0035 0x1154 CodeIntegrityOptions = 0x00000001 16:41:58.0035 0x1154 ============================================================ 16:41:58.0951 0x1154 KLMD registered as C:\WINDOWS\system32\drivers\74074566.sys 16:41:58.0951 0x1154 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.545, osProperties = 0x19 16:42:00.0262 0x1154 System UUID: {34B26B61-8220-4638-323C-40A5C5B2118A} 16:42:01.0659 0x1154 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:42:01.0676 0x1154 ============================================================ 16:42:01.0676 0x1154 \Device\Harddisk0\DR0: 16:42:01.0676 0x1154 GPT partitions: 16:42:01.0678 0x1154 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {47C292F1-3DC7-4D8F-9757-DD19AF73B9F5}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000 16:42:01.0678 0x1154 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FA027F16-B37B-4383-AC62-CE169939C995}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000 16:42:01.0678 0x1154 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {65E97C67-0B5A-47AD-9659-AFD4D17118D6}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000 16:42:01.0678 0x1154 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9C553705-B9C3-43D6-B865-07BDEE7ADF77}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x38069800 16:42:01.0678 0x1154 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C11FE4C5-89D8-4908-8813-B0A1C6440898}, Name: Basic data partition, StartLBA 0x381F4000, BlocksNum 0x2192000 16:42:01.0678 0x1154 MBR partitions: 16:42:01.0678 0x1154 ============================================================ 16:42:01.0766 0x1154 C: <-> \Device\Harddisk0\DR0\Partition4 16:42:01.0821 0x1154 D: <-> \Device\Harddisk0\DR0\Partition5 16:42:01.0821 0x1154 ============================================================ 16:42:01.0821 0x1154 Initialize success 16:42:01.0821 0x1154 ============================================================ 16:45:02.0397 0x1dcc ============================================================ 16:45:02.0397 0x1dcc Scan started 16:45:02.0397 0x1dcc Mode: Manual; SigCheck; TDLFS; 16:45:02.0397 0x1dcc ============================================================ 16:45:02.0397 0x1dcc KSN ping started 16:45:02.0951 0x1dcc KSN ping finished: true 16:45:09.0323 0x1dcc ================ Scan system memory ======================== 16:45:09.0323 0x1dcc System memory - ok 16:45:09.0324 0x1dcc ================ Scan services ============================= 16:45:09.0808 0x1dcc 1394ohci - ok 16:45:09.0815 0x1dcc 3ware - ok 16:45:09.0855 0x1dcc [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys 16:45:10.0035 0x1dcc Accelerometer - ok 16:45:10.0070 0x1dcc ACPI - ok 16:45:10.0074 0x1dcc acpiex - ok 16:45:10.0079 0x1dcc acpipagr - ok 16:45:10.0096 0x1dcc AcpiPmi - ok 16:45:10.0100 0x1dcc acpitime - ok 16:45:10.0321 0x1dcc [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:45:10.0370 0x1dcc AdobeARMservice - ok 16:45:10.0599 0x1dcc [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:45:10.0626 0x1dcc AdobeFlashPlayerUpdateSvc - ok 16:45:10.0707 0x1dcc ADP80XX - ok 16:45:10.0717 0x1dcc AFD - ok 16:45:10.0723 0x1dcc agp440 - ok 16:45:10.0750 0x1dcc ahcache - ok 16:45:10.0772 0x1dcc AJRouter - ok 16:45:10.0826 0x1dcc ALG - ok 16:45:10.0871 0x1dcc [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe 16:45:10.0962 0x1dcc AMD External Events Utility - ok 16:45:10.0967 0x1dcc AmdK8 - ok 16:45:11.0012 0x1dcc amdkmdag - ok 16:45:11.0118 0x1dcc [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys 16:45:11.0155 0x1dcc amdkmdap - ok 16:45:11.0259 0x1dcc [ 82D7250133CF669A294AF189910C8744, D6448B86B36FD777084755BB653452ACA72D1D0A41227B27E0073BC4A2DF9C8B ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys 16:45:11.0381 0x1dcc amdkmpfd - ok 16:45:11.0388 0x1dcc AmdPPM - ok 16:45:11.0395 0x1dcc amdsata - ok 16:45:11.0402 0x1dcc amdsbs - ok 16:45:11.0409 0x1dcc amdxata - ok 16:45:11.0517 0x1dcc AppHostSvc - ok 16:45:11.0533 0x1dcc AppID - ok 16:45:11.0550 0x1dcc AppIDSvc - ok 16:45:11.0556 0x1dcc Appinfo - ok 16:45:11.0597 0x1dcc AppReadiness - ok 16:45:11.0694 0x1dcc AppXSvc - ok 16:45:11.0700 0x1dcc arcsas - ok 16:45:11.0853 0x1dcc aspnet_state - ok 16:45:11.0956 0x1dcc [ 1694434F5B9AB16772C7A8E2EF9134CA, B84FA624EB6D438BB01AB886AE85FA42BEA46F2E33454C6C4D9078015813CDB5 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys 16:45:12.0027 0x1dcc aswHwid - ok 16:45:12.0095 0x1dcc [ 786E8BCDFF674068F3C950615FC2E71C, B5803960297F9622F594EC113FF6C89221606FC6B26B02EA6F021BE38AA66794 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys 16:45:12.0193 0x1dcc aswKbd - ok 16:45:12.0212 0x1dcc [ 33D0DD0471FDF449C81338863FC63978, D5898B51B3BCE43E62D459CE808888085D82A4B9B284F90E3301CEF7C33C03E4 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys 16:45:12.0281 0x1dcc aswMonFlt - ok 16:45:12.0378 0x1dcc [ DF190688D993A3DB227BFB0BB40BD7D4, C7EDA64AE84001089AE2085B8336B7572DEDDCC80EAAA05D73C9C675CAD8C511 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys 16:45:12.0420 0x1dcc aswRdr - ok 16:45:12.0487 0x1dcc [ D873455DFA27680585AE238503917DF5, CAD9CBCD24F33FF8E49C77C795F8FE0540243E455A6FC9E3035B8C15C9EEBD6C ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys 16:45:12.0599 0x1dcc aswRvrt - ok 16:45:12.0701 0x1dcc [ A371A06EC8F4830C263D3F5CA5A11B65, 62E55DD439C106184F3AF73198D5CEAB5828A0EE1E30A13C35103B1B57966AB6 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys 16:45:12.0820 0x1dcc aswSnx - ok 16:45:12.0870 0x1dcc [ 6B7F6CE19A16240EE9DE2C528897ED9C, 3B7C24F5B152B408D87DA70B01AD2E744DCB877D46602C0620931FCADB275E17 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys 16:45:12.0948 0x1dcc aswSP - ok 16:45:12.0988 0x1dcc [ 3575F9226251DE48E065ED5C384A21EF, 032F53FEEB0BB43F1AD673EE13F507D3A8AC10F78543EA1294C40BAA918ED323 ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys 16:45:13.0008 0x1dcc aswStm - ok 16:45:13.0069 0x1dcc [ 5C557767CFC14676DFBA5276BED228EB, 5DAEDCE074EC994947CE4B628717D056D2F5DA4EB1ADAA3E9BD62C56B18E2000 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys 16:45:13.0201 0x1dcc aswVmm - ok 16:45:13.0208 0x1dcc AsyncMac - ok 16:45:13.0213 0x1dcc atapi - ok 16:45:13.0291 0x1dcc [ B4BDE3F758A34658A37DFED3D9783CD8, BC9F6B9BDD639457894DE0F596AB3A655374E078796762FE5E8E5414F0481208 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys 16:45:13.0422 0x1dcc atksgt - ok 16:45:13.0477 0x1dcc AudioEndpointBuilder - ok 16:45:13.0555 0x1dcc Audiosrv - ok 16:45:13.0673 0x1dcc [ 3817558D8D5BBC8B0F190CF0D7C4720F, 7CD250DD22BE0E6CF6BEA639EA8220E46158CA7DF33FF803967CEAEA7FBD14E5 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe 16:45:13.0693 0x1dcc Autodesk Content Service - detected UnsignedFile.Multi.Generic ( 1 ) 16:45:13.0948 0x1dcc Detect skipped due to KSN trusted 16:45:13.0949 0x1dcc Autodesk Content Service - ok 16:45:14.0097 0x1dcc [ A24AF1F8186B4B69D54DCC4B059CA695, 882338FEF206231B9FD83787A8685A7B69D76A414923B511A8D6A7619CB86F87 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 16:45:14.0116 0x1dcc avast! Antivirus - ok 16:45:14.0179 0x1dcc AX88772 - ok 16:45:14.0191 0x1dcc AxInstSV - ok 16:45:14.0197 0x1dcc b06bdrv - ok 16:45:14.0210 0x1dcc BasicDisplay - ok 16:45:14.0217 0x1dcc BasicRender - ok 16:45:14.0227 0x1dcc bcmfn - ok 16:45:14.0234 0x1dcc bcmfn2 - ok 16:45:14.0258 0x1dcc BDESVC - ok 16:45:14.0267 0x1dcc Beep - ok 16:45:14.0277 0x1dcc BFE - ok 16:45:14.0330 0x1dcc BITS - ok 16:45:14.0427 0x1dcc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:45:14.0449 0x1dcc Bonjour Service - ok 16:45:14.0452 0x1dcc bowser - ok 16:45:14.0476 0x1dcc BrokerInfrastructure - ok 16:45:14.0479 0x1dcc Browser - ok 16:45:14.0492 0x1dcc BthAvrcpTg - ok 16:45:14.0495 0x1dcc BthHFEnum - ok 16:45:14.0499 0x1dcc bthhfhid - ok 16:45:14.0514 0x1dcc BthHFSrv - ok 16:45:14.0517 0x1dcc BTHMODEM - ok 16:45:14.0566 0x1dcc bthserv - ok 16:45:14.0587 0x1dcc buttonconverter - ok 16:45:14.0593 0x1dcc CapImg - ok 16:45:14.0600 0x1dcc cdfs - ok 16:45:14.0663 0x1dcc CDPSvc - ok 16:45:14.0723 0x1dcc cdrom - ok 16:45:14.0731 0x1dcc CertPropSvc - ok 16:45:14.0778 0x1dcc circlass - ok 16:45:14.0877 0x1dcc [ 10831D30FF7FB1D9963C96AB0CAF925B, 17DCB70D9A7497F77BB3FAEAE6A1309E50930C2857068C6F6DAE54A46341CF64 ] cktSvc C:\Program Files (x86)\Uncheckit\cktSvc.exe 16:45:14.0897 0x1dcc cktSvc - ok 16:45:14.0901 0x1dcc CLFS - ok 16:45:14.0933 0x1dcc ClipSVC - ok 16:45:15.0032 0x1dcc [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys 16:45:15.0087 0x1dcc CLVirtualDrive - ok 16:45:15.0091 0x1dcc CmBatt - ok 16:45:15.0138 0x1dcc CNG - ok 16:45:15.0145 0x1dcc cnghwassist - ok 16:45:15.0368 0x1dcc [ 8B6521F722A6C81333E42BD87FDDB61B, F6E507A0885011B75F0FEE3E324265626A18B01C33D76F6A42F2945A78409DB2 ] CodeMeter.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe 16:45:15.0471 0x1dcc CodeMeter.exe - ok 16:45:15.0655 0x1dcc CompositeBus - ok 16:45:15.0662 0x1dcc COMSysApp - ok 16:45:15.0710 0x1dcc condrv - ok 16:45:15.0765 0x1dcc CoreMessagingRegistrar - ok 16:45:15.0921 0x1dcc [ BB812787B838A74943DEF209350C3883, 2C168F48A68644AA3CB6167BEC2A260E3E9C78D0766A15AA0FAA39CDBD7FA040 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe 16:45:15.0956 0x1dcc cphs - ok 16:45:15.0987 0x1dcc CryptSvc - ok 16:45:15.0990 0x1dcc dam - ok 16:45:16.0172 0x1dcc [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 16:45:16.0194 0x1dcc dbupdate - ok 16:45:16.0204 0x1dcc [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 16:45:16.0218 0x1dcc dbupdatem - ok 16:45:16.0240 0x1dcc DcomLaunch - ok 16:45:16.0251 0x1dcc DcpSvc - ok 16:45:16.0263 0x1dcc defragsvc - ok 16:45:16.0266 0x1dcc DeviceAssociationService - ok 16:45:16.0324 0x1dcc DeviceInstall - ok 16:45:16.0327 0x1dcc DevQueryBroker - ok 16:45:16.0343 0x1dcc Dfsc - ok 16:45:16.0361 0x1dcc Dhcp - ok 16:45:16.0450 0x1dcc diagnosticshub.standardcollector.service - ok 16:45:16.0512 0x1dcc DiagTrack - ok 16:45:16.0531 0x1dcc disk - ok 16:45:16.0552 0x1dcc DmEnrollmentSvc - ok 16:45:16.0560 0x1dcc dmvsc - ok 16:45:16.0575 0x1dcc dmwappushservice - ok 16:45:16.0596 0x1dcc Dnscache - ok 16:45:16.0638 0x1dcc dot3svc - ok 16:45:16.0749 0x1dcc [ C0AA415718DDD13A136E353844628A65, 7E2F2A139E897EAE56038B920BDA9381094BC0AE9E626F6634E6B444B8B0C91F ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys 16:45:16.0841 0x1dcc dot4 - ok 16:45:16.0911 0x1dcc [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\WINDOWS\System32\drivers\Dot4Prt.sys 16:45:17.0129 0x1dcc Dot4Print - ok 16:45:17.0168 0x1dcc [ 292ADB7C57B5457F18F2FC06934B0B40, 12FFDF5F48A79B1B4ADBB88BA2CB6C59DD6719554E8EA6BEEFE99B3E3C66F1AC ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys 16:45:17.0209 0x1dcc dot4usb - ok 16:45:17.0253 0x1dcc DPS - ok 16:45:17.0305 0x1dcc drmkaud - ok 16:45:17.0329 0x1dcc DsmSvc - ok 16:45:17.0345 0x1dcc DsSvc - ok 16:45:17.0357 0x1dcc DXGKrnl - ok 16:45:17.0373 0x1dcc Eaphost - ok 16:45:17.0475 0x1dcc ebdrv - ok 16:45:17.0505 0x1dcc EFS - ok 16:45:17.0513 0x1dcc EhStorClass - ok 16:45:17.0527 0x1dcc EhStorTcgDrv - ok 16:45:17.0532 0x1dcc embeddedmode - ok 16:45:17.0554 0x1dcc EntAppSvc - ok 16:45:17.0558 0x1dcc ErrDev - ok 16:45:17.0613 0x1dcc EventSystem - ok 16:45:17.0618 0x1dcc exfat - ok 16:45:17.0730 0x1dcc fastfat - ok 16:45:17.0741 0x1dcc Fax - ok 16:45:17.0752 0x1dcc fdc - ok 16:45:17.0758 0x1dcc fdPHost - ok 16:45:17.0764 0x1dcc FDResPub - ok 16:45:17.0784 0x1dcc fhsvc - ok 16:45:17.0806 0x1dcc FileCrypt - ok 16:45:17.0813 0x1dcc FileInfo - ok 16:45:17.0820 0x1dcc Filetrace - ok 16:45:18.0056 0x1dcc [ 96A89625E34EC8B5F05A9D01AAD04759, B64B7E7AD5D02D4C91A2A45FB9F523A162482A37F784625233FE4AD8B2601453 ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 16:45:18.0091 0x1dcc FlexNet Licensing Service 64 - ok 16:45:18.0095 0x1dcc flpydisk - ok 16:45:18.0099 0x1dcc FltMgr - ok 16:45:18.0127 0x1dcc FontCache - ok 16:45:18.0364 0x1dcc FontCache3.0.0.0 - ok 16:45:18.0384 0x1dcc FsDepends - ok 16:45:18.0390 0x1dcc Fs_Rec - ok 16:45:18.0407 0x1dcc fvevol - ok 16:45:18.0414 0x1dcc gagp30kx - ok 16:45:18.0432 0x1dcc gencounter - ok 16:45:18.0449 0x1dcc genericusbfn - ok 16:45:18.0455 0x1dcc GPIOClx0101 - ok 16:45:18.0469 0x1dcc gpsvc - ok 16:45:18.0473 0x1dcc GpuEnergyDrv - ok 16:45:18.0636 0x1dcc [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:45:18.0657 0x1dcc gupdate - ok 16:45:18.0667 0x1dcc [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:45:18.0677 0x1dcc gupdatem - ok 16:45:18.0737 0x1dcc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 16:45:18.0746 0x1dcc gusvc - ok 16:45:18.0750 0x1dcc HDAudBus - ok 16:45:18.0753 0x1dcc HidBatt - ok 16:45:18.0756 0x1dcc HidBth - ok 16:45:18.0759 0x1dcc hidi2c - ok 16:45:18.0763 0x1dcc hidinterrupt - ok 16:45:18.0766 0x1dcc HidIr - ok 16:45:18.0817 0x1dcc hidserv - ok 16:45:18.0954 0x1dcc HidUsb - ok 16:45:19.0020 0x1dcc HomeGroupListener - ok 16:45:19.0066 0x1dcc HomeGroupProvider - ok 16:45:19.0112 0x1dcc [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys 16:45:19.0130 0x1dcc hpdskflt - ok 16:45:19.0362 0x1dcc [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 16:45:19.0390 0x1dcc hpqwmiex - ok 16:45:19.0394 0x1dcc HpSAMD - ok 16:45:19.0459 0x1dcc [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv C:\WINDOWS\system32\Hpservice.exe 16:45:19.0482 0x1dcc hpsrv - ok 16:45:19.0588 0x1dcc [ 83B7C57901235297A702348394B460A5, FE47A2C19BD5DFEBC0830944E7F3FB67BAC0F09265DD56C74C2CB8000883ABBF ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe 16:45:19.0612 0x1dcc HPSupportSolutionsFrameworkService - ok 16:45:19.0741 0x1dcc [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 16:45:19.0754 0x1dcc HPWMISVC - ok 16:45:19.0784 0x1dcc HTTP - ok 16:45:19.0902 0x1dcc hwpolicy - ok 16:45:19.0926 0x1dcc hyperkbd - ok 16:45:19.0934 0x1dcc HyperVideo - ok 16:45:19.0941 0x1dcc i8042prt - ok 16:45:19.0948 0x1dcc iai2c - ok 16:45:19.0959 0x1dcc iaLPSS2i_I2C - ok 16:45:19.0964 0x1dcc iaLPSSi_GPIO - ok 16:45:19.0969 0x1dcc iaLPSSi_I2C - ok 16:45:20.0026 0x1dcc [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys 16:45:20.0202 0x1dcc iaStorA - ok 16:45:20.0207 0x1dcc iaStorAV - ok 16:45:20.0213 0x1dcc iaStorV - ok 16:45:20.0217 0x1dcc ibbus - ok 16:45:20.0349 0x1dcc [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 16:45:20.0427 0x1dcc IconMan_R - detected UnsignedFile.Multi.Generic ( 1 ) 16:45:20.0591 0x1dcc Detect skipped due to KSN trusted 16:45:20.0591 0x1dcc IconMan_R - ok 16:45:20.0628 0x1dcc icssvc - ok 16:45:20.0773 0x1dcc [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 16:45:20.0789 0x1dcc IDriverT - detected UnsignedFile.Multi.Generic ( 1 ) 16:45:21.0036 0x1dcc Detect skipped due to KSN trusted 16:45:21.0036 0x1dcc IDriverT - ok 16:45:21.0043 0x1dcc IEEtwCollectorService - ok 16:45:21.0186 0x1dcc [ CEFA6BDB4789F3DA003ACBDCC64F5877, 0FE78AEFA9A75B4A99AD6B73AC3252E4C6DFA9D306FEC02D26C1FD574108BFBA ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys 16:45:21.0261 0x1dcc igfx - ok 16:45:21.0331 0x1dcc [ 75909533EECD0CD9D5974B59474AA6C0, F81D0F949F1F01D09C91735C79288395B82C27B8FB78804752E5A678D7EF3860 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe 16:45:21.0358 0x1dcc igfxCUIService1.0.0.0 - ok 16:45:21.0412 0x1dcc IKEEXT - ok 16:45:21.0448 0x1dcc [ B1F193AB8FB72E9FC34B3A39314ED872, 408E98D9C8ABB928090DD9E5D1BB227EFBC997BF168437BAEF0461EB0D1DAE3D ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys 16:45:21.0579 0x1dcc intaud_WaveExtensible - ok 16:45:21.0637 0x1dcc [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 16:45:21.0672 0x1dcc IntcDAud - ok 16:45:21.0848 0x1dcc [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 16:45:21.0871 0x1dcc Intel(R) Capability Licensing Service Interface - ok 16:45:22.0111 0x1dcc [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 16:45:22.0125 0x1dcc Intel(R) ME Service - ok 16:45:22.0157 0x1dcc intelide - ok 16:45:22.0176 0x1dcc intelpep - ok 16:45:22.0181 0x1dcc intelppm - ok 16:45:22.0187 0x1dcc IoQos - ok 16:45:22.0191 0x1dcc IpFilterDriver - ok 16:45:22.0217 0x1dcc iphlpsvc - ok 16:45:22.0220 0x1dcc IPMIDRV - ok 16:45:22.0265 0x1dcc IPNAT - ok 16:45:22.0269 0x1dcc IRENUM - ok 16:45:22.0303 0x1dcc iSafeKrnl - ok 16:45:22.0422 0x1dcc [ 6010A31C6290AE0C8C6B55FEA74F2D7C, F14CC86E6B52243913F80BAD241D7714610F9EE964850349A15B97984E193A9A ] iSafeKrnlBoot C:\WINDOWS\system32\DRIVERS\iSafeKrnlBoot.sys 16:45:22.0462 0x1dcc iSafeKrnlBoot - ok 16:45:22.0465 0x1dcc iSafeKrnlKit - ok 16:45:22.0513 0x1dcc [ 60BF5D4AC1E6D465A91456DF16191254, CB83849470070356AF68BB93EA9E628EC573128F8FF7AECC2786A726D4796972 ] iSafeKrnlMon C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys 16:45:22.0568 0x1dcc iSafeKrnlMon - ok 16:45:22.0644 0x1dcc [ 9FB02FBA90F6AF59537A30C3DB9777C8, 6597D4994D0D6262B853F64A6E828C5D411225624F137901F6DCF3D3BA81BB80 ] iSafeNetFilter C:\WINDOWS\system32\DRIVERS\iSafeNetFilter.sys 16:45:22.0704 0x1dcc iSafeNetFilter - ok 16:45:22.0708 0x1dcc iSafeService - ok 16:45:22.0723 0x1dcc isapnp - ok 16:45:22.0727 0x1dcc iScsiPrt - ok 16:45:22.0762 0x1dcc [ DD1F43B86AD84E53203F92FD3EF3AEB6, 9DE2BA80B315E56DF2E74EAA65F4ECB8324DFC19E30EB56EDDF08340AB100E87 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys 16:45:22.0817 0x1dcc iwdbus - ok 16:45:22.0874 0x1dcc [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 16:45:22.0901 0x1dcc jhi_service - ok 16:45:22.0905 0x1dcc kbdclass - ok 16:45:22.0909 0x1dcc kbdhid - ok 16:45:22.0913 0x1dcc kdnic - ok 16:45:22.0917 0x1dcc KeyIso - ok 16:45:22.0921 0x1dcc KSecDD - ok 16:45:22.0948 0x1dcc KSecPkg - ok 16:45:22.0951 0x1dcc ksthunk - ok 16:45:22.0960 0x1dcc KtmRm - ok 16:45:22.0966 0x1dcc LanmanServer - ok 16:45:22.0971 0x1dcc LanmanWorkstation - ok 16:45:23.0100 0x1dcc [ 8FB6D64CB42E660C4534D38013D64A03, 11A6A914E8588DDFDE32D12A858BA8A31783B5DDB42C9E7FD0F237D57A437976 ] LavasoftTcpService C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe 16:45:23.0154 0x1dcc LavasoftTcpService - ok 16:45:23.0257 0x1dcc [ 0557D50CC6515EEBEABD6BC9AD3E54FC, 75D67645D5373CBB6EBEBA6B96C20306218528F0F7392D6076BC488655637DDA ] LegpatP C:\ProgramData\Legpat\Legpat.exe 16:45:23.0274 0x1dcc LegpatP - ok 16:45:23.0295 0x1dcc lfsvc - ok 16:45:23.0298 0x1dcc LicenseManager - ok 16:45:23.0324 0x1dcc [ 955982BF4421B77722196552B62E8DC2, 3732449ACDBB78E1ED8436DF153C899C28573F458FDCFE345DFA1B305D085033 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys 16:45:23.0403 0x1dcc lirsgt - ok 16:45:23.0430 0x1dcc lltdio - ok 16:45:23.0437 0x1dcc lltdsvc - ok 16:45:23.0457 0x1dcc lmhosts - ok 16:45:23.0499 0x1dcc [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 16:45:23.0525 0x1dcc LMS - ok 16:45:23.0555 0x1dcc LSI_SAS - ok 16:45:23.0563 0x1dcc LSI_SAS2i - ok 16:45:23.0567 0x1dcc LSI_SAS3i - ok 16:45:23.0571 0x1dcc LSI_SSS - ok 16:45:23.0575 0x1dcc LSM - ok 16:45:23.0580 0x1dcc luafv - ok 16:45:23.0594 0x1dcc MapsBroker - ok 16:45:23.0597 0x1dcc megasas - ok 16:45:23.0600 0x1dcc megasr - ok 16:45:23.0639 0x1dcc [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys 16:45:23.0773 0x1dcc MEIx64 - ok 16:45:24.0083 0x1dcc [ 6F62B8758B0C164E6D9BA7CACF9476C6, 1BBACED2FDB1190E54E2BB6E9281CBD9EB2A1640A3837F7F63D270933421062D ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe 16:45:24.0095 0x1dcc MemeoBackgroundService - ok 16:45:24.0120 0x1dcc MessagingService - ok 16:45:24.0289 0x1dcc Microsoft SharePoint Workspace Audit Service - ok 16:45:24.0321 0x1dcc mlx4_bus - ok 16:45:24.0352 0x1dcc MMCSS - ok 16:45:24.0358 0x1dcc Modem - ok 16:45:24.0365 0x1dcc monitor - ok 16:45:24.0372 0x1dcc mouclass - ok 16:45:24.0379 0x1dcc mouhid - ok 16:45:24.0388 0x1dcc mountmgr - ok 16:45:24.0446 0x1dcc [ 096C5D009C554DBC8F2E2EFEDFE10A47, D72F1286807FE471755D992AAF398D519680A160D71DB6327019F6DC5A9DEFFC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:45:24.0461 0x1dcc MozillaMaintenance - ok 16:45:24.0464 0x1dcc mpsdrv - ok 16:45:24.0487 0x1dcc MpsSvc - ok 16:45:24.0490 0x1dcc MRxDAV - ok 16:45:24.0535 0x1dcc mrxsmb - ok 16:45:24.0550 0x1dcc mrxsmb10 - ok 16:45:24.0553 0x1dcc mrxsmb20 - ok 16:45:24.0568 0x1dcc MsBridge - ok 16:45:24.0579 0x1dcc MSDTC - ok 16:45:24.0584 0x1dcc Msfs - ok 16:45:24.0598 0x1dcc msgpiowin32 - ok 16:45:24.0601 0x1dcc mshidkmdf - ok 16:45:24.0604 0x1dcc mshidumdf - ok 16:45:24.0608 0x1dcc msisadrv - ok 16:45:24.0641 0x1dcc MSiSCSI - ok 16:45:24.0644 0x1dcc msiserver - ok 16:45:24.0647 0x1dcc MSKSSRV - ok 16:45:24.0651 0x1dcc MsLldp - ok 16:45:24.0653 0x1dcc MSPCLOCK - ok 16:45:24.0657 0x1dcc MSPQM - ok 16:45:24.0660 0x1dcc MsRPC - ok 16:45:24.0665 0x1dcc mssmbios - ok 16:45:24.0668 0x1dcc MSTEE - ok 16:45:24.0671 0x1dcc MTConfig - ok 16:45:24.0675 0x1dcc Mup - ok 16:45:24.0678 0x1dcc mvumis - ok 16:45:24.0713 0x1dcc NativeWifiP - ok 16:45:24.0828 0x1dcc [ 988CDC4DAE2186F3A5ED6EE7D3E6B5CA, DB40F7705F0475FF774452E365152EBEDDC77D8ACE48419DABE02DD385C6B725 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 16:45:24.0861 0x1dcc NAUpdate - ok 16:45:24.0887 0x1dcc NcaSvc - ok 16:45:24.0907 0x1dcc NcbService - ok 16:45:24.0909 0x1dcc NcdAutoSetup - ok 16:45:24.0916 0x1dcc ndfltr - ok 16:45:24.0923 0x1dcc NDIS - ok 16:45:24.0929 0x1dcc NdisCap - ok 16:45:24.0937 0x1dcc NdisImPlatform - ok 16:45:24.0942 0x1dcc NdisTapi - ok 16:45:24.0946 0x1dcc Ndisuio - ok 16:45:24.0950 0x1dcc NdisVirtualBus - ok 16:45:24.0954 0x1dcc NdisWan - ok 16:45:24.0958 0x1dcc ndiswanlegacy - ok 16:45:24.0962 0x1dcc ndproxy - ok 16:45:24.0982 0x1dcc Ndu - ok 16:45:25.0008 0x1dcc [ 6D1D9124B78C96CB5B98AAC511D6E853, 6D8082C11454672D37E1389B455B9806B40FC3A71358FE10869065D06EAF494A ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll 16:45:25.0033 0x1dcc Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 16:45:25.0195 0x1dcc Detect skipped due to KSN trusted 16:45:25.0195 0x1dcc Net Driver HPZ12 - ok 16:45:25.0202 0x1dcc NetBIOS - ok 16:45:25.0233 0x1dcc NetBT - ok 16:45:25.0239 0x1dcc Netlogon - ok 16:45:25.0258 0x1dcc Netman - ok 16:45:25.0265 0x1dcc netprofm - ok 16:45:25.0272 0x1dcc netr28x - ok 16:45:25.0316 0x1dcc NetSetupSvc - ok 16:45:25.0477 0x1dcc NetTcpPortSharing - ok 16:45:25.0508 0x1dcc netvsc - ok 16:45:25.0575 0x1dcc NgcCtnrSvc - ok 16:45:25.0582 0x1dcc NgcSvc - ok 16:45:25.0589 0x1dcc NlaSvc - ok 16:45:25.0595 0x1dcc Npfs - ok 16:45:25.0619 0x1dcc npsvctrig - ok 16:45:25.0625 0x1dcc nsi - ok 16:45:25.0633 0x1dcc nsiproxy - ok 16:45:25.0653 0x1dcc NTFS - ok 16:45:25.0661 0x1dcc Null - ok 16:45:25.0666 0x1dcc nvraid - ok 16:45:25.0672 0x1dcc nvstor - ok 16:45:25.0676 0x1dcc nv_agp - ok 16:45:25.0700 0x1dcc OneSyncSvc - ok 16:45:25.0820 0x1dcc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:45:25.0830 0x1dcc ose - ok 16:45:26.0067 0x1dcc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:45:26.0165 0x1dcc osppsvc - ok 16:45:26.0196 0x1dcc p2pimsvc - ok 16:45:26.0204 0x1dcc p2psvc - ok 16:45:26.0264 0x1dcc Parport - ok 16:45:26.0282 0x1dcc partmgr - ok 16:45:26.0289 0x1dcc PcaSvc - ok 16:45:26.0308 0x1dcc pci - ok 16:45:26.0315 0x1dcc pciide - ok 16:45:26.0321 0x1dcc pcmcia - ok 16:45:26.0330 0x1dcc pcw - ok 16:45:26.0337 0x1dcc pdc - ok 16:45:26.0349 0x1dcc PEAUTH - ok 16:45:26.0378 0x1dcc [ 8B028BB7546947C93B5D7DD3C6B39444, AC6C11ED8F23F9B15082A15F5DF1A8A44D14EBDA0F90592B40F8631F970E600A ] pelmouse C:\WINDOWS\system32\DRIVERS\pelmouse.sys 16:45:26.0412 0x1dcc pelmouse - ok 16:45:26.0429 0x1dcc [ B09DF176603C4609BFB370F4F4973300, 0AF4E66557346A99C1AFCA483822BB934CA20076ADDEDBC03F965E79E76CFFFA ] pelusblf C:\WINDOWS\system32\DRIVERS\pelusblf.sys 16:45:26.0490 0x1dcc pelusblf - ok 16:45:26.0514 0x1dcc percsas2i - ok 16:45:26.0520 0x1dcc percsas3i - ok 16:45:26.0601 0x1dcc PerfHost - ok 16:45:26.0616 0x1dcc PhoneSvc - ok 16:45:26.0646 0x1dcc PimIndexMaintenanceSvc - ok 16:45:26.0699 0x1dcc pla - ok 16:45:26.0718 0x1dcc PlugPlay - ok 16:45:26.0746 0x1dcc [ 6A5C18184E4CF60A963BDD9CB67243BA, 78F6FFB4B504E6C138176181F21EE4D775976DDA9CBEE46219459061645B023C ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll 16:45:26.0761 0x1dcc Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 ) 16:45:26.0933 0x1dcc Detect skipped due to KSN trusted 16:45:26.0933 0x1dcc Pml Driver HPZ12 - ok 16:45:26.0941 0x1dcc PNRPAutoReg - ok 16:45:26.0948 0x1dcc PNRPsvc - ok 16:45:26.0983 0x1dcc PolicyAgent - ok 16:45:26.0989 0x1dcc Power - ok 16:45:27.0006 0x1dcc PptpMiniport - ok 16:45:27.0218 0x1dcc [ C9908063F90F5541098BF19EA63E1327, AA6B5E4D01CD8061D5953FDE3025FE4AF01B265C182B8818107A035E4FFAD0DF ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 16:45:27.0391 0x1dcc PrintNotify - ok 16:45:27.0405 0x1dcc Processor - ok 16:45:27.0425 0x1dcc ProfSvc - ok 16:45:27.0435 0x1dcc Psched - ok 16:45:27.0594 0x1dcc [ CA54F472755305BB7261CFFE2639E7E7, 58CADDCDDFAEE2C17D3E021BC4F2510C33B62A542E6EBAAEB8B47EE8910D6734 ] qkseeService C:\Program Files (x86)\qksee\qkseeSvc.exe 16:45:27.0630 0x1dcc qkseeService - detected UnsignedFile.Multi.Generic ( 1 ) 16:45:28.0510 0x1dcc qkseeService ( UnsignedFile.Multi.Generic ) - warning 16:45:28.0730 0x1dcc QWAVE - ok 16:45:28.0737 0x1dcc QWAVEdrv - ok 16:45:28.0745 0x1dcc RasAcd - ok 16:45:28.0778 0x1dcc RasAgileVpn - ok 16:45:28.0797 0x1dcc RasAuto - ok 16:45:28.0814 0x1dcc Rasl2tp - ok 16:45:28.0821 0x1dcc RasMan - ok 16:45:28.0827 0x1dcc RasPppoe - ok 16:45:28.0835 0x1dcc RasSstp - ok 16:45:28.0855 0x1dcc rdbss - ok 16:45:28.0861 0x1dcc rdpbus - ok 16:45:28.0866 0x1dcc RDPDR - ok 16:45:28.0922 0x1dcc RdpVideoMiniport - ok 16:45:28.0926 0x1dcc rdyboost - ok 16:45:28.0936 0x1dcc ReFSv1 - ok 16:45:28.0953 0x1dcc RemoteAccess - ok 16:45:28.0958 0x1dcc RemoteRegistry - ok 16:45:28.0979 0x1dcc RetailDemo - ok 16:45:28.0984 0x1dcc RpcEptMapper - ok 16:45:28.0993 0x1dcc RpcLocator - ok 16:45:28.0998 0x1dcc RpcSs - ok 16:45:29.0036 0x1dcc [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys 16:45:29.0075 0x1dcc RSP2STOR - ok 16:45:29.0079 0x1dcc rspndr - ok 16:45:29.0082 0x1dcc rt640x64 - ok 16:45:29.0112 0x1dcc s3cap - ok 16:45:29.0120 0x1dcc SamSs - ok 16:45:29.0123 0x1dcc sbp2port - ok 16:45:29.0138 0x1dcc SCardSvr - ok 16:45:29.0141 0x1dcc ScDeviceEnum - ok 16:45:29.0144 0x1dcc scfilter - ok 16:45:29.0162 0x1dcc Schedule - ok 16:45:29.0180 0x1dcc SCPolicySvc - ok 16:45:29.0194 0x1dcc sdbus - ok 16:45:29.0197 0x1dcc SDRSVC - ok 16:45:29.0200 0x1dcc sdstor - ok 16:45:29.0276 0x1dcc [ 8658BEDD11B13C56607EE0BE437693E5, E86546071DD68D0F07D0475151D5233CDF1171B01209580FC8EA8A86FC0C2215 ] SearchProtectionService C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 16:45:29.0289 0x1dcc SearchProtectionService - ok 16:45:29.0325 0x1dcc seclogon - ok 16:45:29.0332 0x1dcc SENS - ok 16:45:29.0347 0x1dcc SensorDataService - ok 16:45:29.0375 0x1dcc SensorService - ok 16:45:29.0416 0x1dcc SensrSvc - ok 16:45:29.0423 0x1dcc SerCx - ok 16:45:29.0455 0x1dcc SerCx2 - ok 16:45:29.0503 0x1dcc Serenum - ok 16:45:29.0519 0x1dcc Serial - ok 16:45:29.0528 0x1dcc sermouse - ok 16:45:29.0551 0x1dcc SessionEnv - ok 16:45:29.0556 0x1dcc sfloppy - ok 16:45:29.0569 0x1dcc SharedAccess - ok 16:45:29.0592 0x1dcc ShellHWDetection - ok 16:45:29.0596 0x1dcc SiSRaid2 - ok 16:45:29.0601 0x1dcc SiSRaid4 - ok 16:45:29.0663 0x1dcc [ E00BA977EA507FB19BDD9594AFA13C47, 78A07DD3E9258AC49B815BF5E4CCA1184F8708CC7B96C2A910270608C4D8B153 ] SKYNETU2C C:\WINDOWS\System32\drivers\SkyNetU2C_AMD64.SYS 16:45:29.0739 0x1dcc SKYNETU2C - ok 16:45:29.0813 0x1dcc [ 0229E0BB503D7D58355EE30823CDA701, F19AC8A5F2F5C45D1914DA60C6EE2075145AA72B29E0D8AF77F3647C89AFFA2E ] SkyNetU2CBDA_AMD64 C:\WINDOWS\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys 16:45:29.0867 0x1dcc SkyNetU2CBDA_AMD64 - ok 16:45:29.0887 0x1dcc [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 16:45:29.0895 0x1dcc SmbDrv - ok 16:45:29.0945 0x1dcc [ C67697A38E6D646F97EFF462DED68CF3, C6A8B2BAAC830D59E05949485F77E6803ED0138FEEAB6C2DA58A3D0BF5361A3E ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 16:45:29.0994 0x1dcc SmbDrvI - ok 16:45:30.0043 0x1dcc smphost - ok 16:45:30.0068 0x1dcc SmsRouter - ok 16:45:30.0092 0x1dcc SNMPTRAP - ok 16:45:30.0109 0x1dcc spaceport - ok 16:45:30.0117 0x1dcc SpbCx - ok 16:45:30.0140 0x1dcc Spooler - ok 16:45:30.0151 0x1dcc sppsvc - ok 16:45:30.0168 0x1dcc srv - ok 16:45:30.0172 0x1dcc srv2 - ok 16:45:30.0188 0x1dcc srvnet - ok 16:45:30.0205 0x1dcc SSDPSRV - ok 16:45:30.0209 0x1dcc SstpSvc - ok 16:45:30.0334 0x1dcc [ 098185E9B7C417CF7480BB9F839DB652, 5573CB98057DC2F01E8958780165A32AFD08E4C768F5625250628CB8A4C509D3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 16:45:30.0388 0x1dcc STacSV - ok 16:45:30.0416 0x1dcc StateRepository - ok 16:45:30.0434 0x1dcc stexstor - ok 16:45:30.0488 0x1dcc [ 32BE0B7CCA47A5BE30E7E43DC54B54F3, D4667E88E14393311F93D787C902B993B9451A94D332A65B0E22A8C40C3DFF44 ] STHDA C:\WINDOWS\system32\DRIVERS\stwrt64.sys 16:45:30.0612 0x1dcc STHDA - ok 16:45:30.0633 0x1dcc stisvc - ok 16:45:30.0636 0x1dcc storahci - ok 16:45:30.0642 0x1dcc storflt - ok 16:45:30.0646 0x1dcc stornvme - ok 16:45:30.0650 0x1dcc storqosflt - ok 16:45:30.0665 0x1dcc StorSvc - ok 16:45:30.0669 0x1dcc storufs - ok 16:45:30.0673 0x1dcc storvsc - ok 16:45:30.0687 0x1dcc svsvc - ok 16:45:30.0690 0x1dcc swenum - ok 16:45:30.0694 0x1dcc swprv - ok 16:45:30.0711 0x1dcc Synth3dVsc - ok 16:45:30.0762 0x1dcc [ 46062E452891A8D6D3B96DCAADDCC084, 0A4D4B16B7F8C751D3887FFD9977BAA8B76B321CCA06F024D93E2867D22B4F8D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 16:45:30.0781 0x1dcc SynTP - ok 16:45:30.0805 0x1dcc SysMain - ok 16:45:30.0820 0x1dcc SystemEventsBroker - ok 16:45:30.0828 0x1dcc TabletInputService - ok 16:45:30.0832 0x1dcc TapiSrv - ok 16:45:30.0848 0x1dcc Tcpip - ok 16:45:30.0852 0x1dcc Tcpip6 - ok 16:45:30.0859 0x1dcc tcpipreg - ok 16:45:30.0878 0x1dcc tdx - ok 16:45:30.0882 0x1dcc terminpt - ok 16:45:30.0888 0x1dcc TermService - ok 16:45:30.0893 0x1dcc Themes - ok 16:45:31.0008 0x1dcc [ A2731C202E21BC940F9230FFBD15BD67, 217B1F1720E3DBAF413685294600B5A636C555246962FFA70A29F9A3BBAC3BC4 ] ThnAdpsrv C:\Program Files (x86)\Thunshprerusp\ThnAdpsrv.exe 16:45:31.0042 0x1dcc ThnAdpsrv - ok 16:45:31.0093 0x1dcc TieringEngineService - ok 16:45:31.0115 0x1dcc tiledatamodelsvc - ok 16:45:31.0142 0x1dcc TimeBroker - ok 16:45:31.0189 0x1dcc TPM - ok 16:45:31.0208 0x1dcc TrkWks - ok 16:45:31.0285 0x1dcc TrustedInstaller - ok 16:45:31.0295 0x1dcc tsusbflt - ok 16:45:31.0303 0x1dcc TsUsbGD - ok 16:45:31.0310 0x1dcc tunnel - ok 16:45:31.0344 0x1dcc tzautoupdate - ok 16:45:31.0355 0x1dcc uagp35 - ok 16:45:31.0362 0x1dcc UASPStor - ok 16:45:31.0374 0x1dcc UcmCx0101 - ok 16:45:31.0381 0x1dcc UcmUcsi - ok 16:45:31.0390 0x1dcc Ucx01000 - ok 16:45:31.0395 0x1dcc UdeCx - ok 16:45:31.0400 0x1dcc udfs - ok 16:45:31.0405 0x1dcc UEFI - ok 16:45:31.0415 0x1dcc Ufx01000 - ok 16:45:31.0429 0x1dcc UfxChipidea - ok 16:45:31.0432 0x1dcc ufxsynopsys - ok 16:45:31.0439 0x1dcc UI0Detect - ok 16:45:31.0442 0x1dcc uliagpkx - ok 16:45:31.0445 0x1dcc umbus - ok 16:45:31.0448 0x1dcc UmPass - ok 16:45:31.0457 0x1dcc UmRdpService - ok 16:45:31.0557 0x1dcc [ B57877104D8D30B4538CA6D01E98B825, F124AC9E22F652AE49E67D5F084CFC149BB7BB989401E9AF589650F709438C4B ] UncheckitSvc C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe 16:45:31.0576 0x1dcc UncheckitSvc - ok 16:45:31.0608 0x1dcc UnistoreSvc - ok 16:45:31.0793 0x1dcc [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 16:45:31.0815 0x1dcc UNS - ok 16:45:31.0818 0x1dcc upnphost - ok 16:45:31.0855 0x1dcc UrsChipidea - ok 16:45:31.0858 0x1dcc UrsCx01000 - ok 16:45:31.0861 0x1dcc UrsSynopsys - ok 16:45:31.0877 0x1dcc usbccgp - ok 16:45:31.0880 0x1dcc usbcir - ok 16:45:31.0885 0x1dcc usbehci - ok 16:45:31.0888 0x1dcc usbhub - ok 16:45:31.0896 0x1dcc USBHUB3 - ok 16:45:31.0900 0x1dcc usbohci - ok 16:45:31.0903 0x1dcc usbprint - ok 16:45:31.0908 0x1dcc usbser - ok 16:45:31.0922 0x1dcc USBSTOR - ok 16:45:31.0925 0x1dcc usbuhci - ok 16:45:31.0928 0x1dcc usbvideo - ok 16:45:31.0940 0x1dcc USBXHCI - ok 16:45:31.0964 0x1dcc UserDataSvc - ok 16:45:31.0998 0x1dcc UserManager - ok 16:45:32.0010 0x1dcc UsoSvc - ok 16:45:32.0014 0x1dcc VaultSvc - ok 16:45:32.0019 0x1dcc vdrvroot - ok 16:45:32.0039 0x1dcc vds - ok 16:45:32.0042 0x1dcc VerifierExt - ok 16:45:32.0046 0x1dcc vhdmp - ok 16:45:32.0050 0x1dcc vhf - ok 16:45:32.0053 0x1dcc vmbus - ok 16:45:32.0056 0x1dcc VMBusHID - ok 16:45:32.0066 0x1dcc vmicguestinterface - ok 16:45:32.0069 0x1dcc vmicheartbeat - ok 16:45:32.0074 0x1dcc vmickvpexchange - ok 16:45:32.0077 0x1dcc vmicrdv - ok 16:45:32.0080 0x1dcc vmicshutdown - ok 16:45:32.0084 0x1dcc vmictimesync - ok 16:45:32.0088 0x1dcc vmicvmsession - ok 16:45:32.0092 0x1dcc vmicvss - ok 16:45:32.0095 0x1dcc volmgr - ok 16:45:32.0121 0x1dcc volmgrx - ok 16:45:32.0125 0x1dcc volsnap - ok 16:45:32.0162 0x1dcc vpci - ok 16:45:32.0165 0x1dcc vsmraid - ok 16:45:32.0169 0x1dcc VSS - ok 16:45:32.0172 0x1dcc VSTXRAID - ok 16:45:32.0176 0x1dcc vwifibus - ok 16:45:32.0179 0x1dcc vwififlt - ok 16:45:32.0184 0x1dcc vwifimp - ok 16:45:32.0190 0x1dcc W32Time - ok 16:45:32.0295 0x1dcc w3logsvc - ok 16:45:32.0304 0x1dcc WacomPen - ok 16:45:32.0339 0x1dcc WalletService - ok 16:45:32.0343 0x1dcc wanarp - ok 16:45:32.0349 0x1dcc wanarpv6 - ok 16:45:32.0385 0x1dcc WAS - ok 16:45:32.0407 0x1dcc wbengine - ok 16:45:32.0415 0x1dcc WbioSrvc - ok 16:45:32.0432 0x1dcc Wcmsvc - ok 16:45:32.0439 0x1dcc wcncsvc - ok 16:45:32.0445 0x1dcc WcsPlugInService - ok 16:45:32.0473 0x1dcc WdBoot - ok 16:45:32.0499 0x1dcc Wdf01000 - ok 16:45:32.0504 0x1dcc WdFilter - ok 16:45:32.0515 0x1dcc WdiServiceHost - ok 16:45:32.0527 0x1dcc WdiSystemHost - ok 16:45:32.0538 0x1dcc wdiwifi - ok 16:45:32.0542 0x1dcc WdNisDrv - ok 16:45:32.0570 0x1dcc WdNisSvc - ok 16:45:32.0596 0x1dcc WebClient - ok 16:45:32.0602 0x1dcc Wecsvc - ok 16:45:32.0607 0x1dcc WEPHOSTSVC - ok 16:45:32.0653 0x1dcc wercplsupport - ok 16:45:32.0662 0x1dcc WerSvc - ok 16:45:32.0711 0x1dcc WFPLWFS - ok 16:45:32.0718 0x1dcc WiaRpc - ok 16:45:32.0726 0x1dcc WIMMount - ok 16:45:32.0733 0x1dcc WinDefend - ok 16:45:32.0746 0x1dcc WindowsTrustedRT - ok 16:45:32.0787 0x1dcc WindowsTrustedRTProxy - ok 16:45:32.0802 0x1dcc WinHttpAutoProxySvc - ok 16:45:32.0807 0x1dcc WinMad - ok 16:45:32.0909 0x1dcc Winmgmt - ok 16:45:32.0923 0x1dcc WinRM - ok 16:45:32.0971 0x1dcc WINUSB - ok 16:45:32.0980 0x1dcc WinVerbs - ok 16:45:33.0138 0x1dcc [ 6B14008F9BF49B3B24CBB0A5D8F18D7F, FDC348F881FFD46F070B7E9733758A02C8726D5621314E1B68E1BE4B65A54E5B ] winzipersvc C:\Program Files (x86)\WinZipper\winzipersvc.exe 16:45:33.0171 0x1dcc winzipersvc - ok 16:45:33.0222 0x1dcc [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys 16:45:33.0538 0x1dcc WirelessButtonDriver - ok 16:45:33.0607 0x1dcc WlanSvc - ok 16:45:33.0641 0x1dcc wlidsvc - ok 16:45:33.0648 0x1dcc WmiAcpi - ok 16:45:33.0671 0x1dcc wmiApSrv - ok 16:45:33.0699 0x1dcc WMPNetworkSvc - ok 16:45:33.0763 0x1dcc [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys 16:45:33.0870 0x1dcc Wof - ok 16:45:33.0918 0x1dcc workfolderssvc - ok 16:45:33.0937 0x1dcc wpcfltr - ok 16:45:33.0964 0x1dcc WPDBusEnum - ok 16:45:33.0968 0x1dcc WpdUpFltr - ok 16:45:33.0975 0x1dcc WpnService - ok 16:45:33.0979 0x1dcc ws2ifsl - ok 16:45:33.0986 0x1dcc wscsvc - ok 16:45:33.0990 0x1dcc WSDPrintDevice - ok 16:45:33.0994 0x1dcc WSearch - ok 16:45:34.0021 0x1dcc WSService - ok 16:45:34.0039 0x1dcc wuauserv - ok 16:45:34.0056 0x1dcc WudfPf - ok 16:45:34.0069 0x1dcc WUDFRd - ok 16:45:34.0080 0x1dcc wudfsvc - ok 16:45:34.0083 0x1dcc WUDFWpdFs - ok 16:45:34.0088 0x1dcc WUDFWpdMtp - ok 16:45:34.0092 0x1dcc WwanSvc - ok 16:45:34.0113 0x1dcc XblAuthManager - ok 16:45:34.0131 0x1dcc XblGameSave - ok 16:45:34.0143 0x1dcc xboxgip - ok 16:45:34.0169 0x1dcc XboxNetApiSvc - ok 16:45:34.0187 0x1dcc xinputhid - ok 16:45:34.0192 0x1dcc ================ Scan global =============================== 16:45:34.0291 0x1dcc [ Global ] - ok 16:45:34.0292 0x1dcc ================ Scan MBR ================================== 16:45:34.0318 0x1dcc [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 16:45:34.0397 0x1dcc \Device\Harddisk0\DR0 - ok 16:45:34.0397 0x1dcc ================ Scan VBR ================================== 16:45:34.0425 0x1dcc [ CE3C593D8B9821FE39405DA5E71D6B6F ] \Device\Harddisk0\DR0\Partition1 16:45:34.0426 0x1dcc \Device\Harddisk0\DR0\Partition1 - ok 16:45:34.0439 0x1dcc [ 45DB0828650CFF28AC387F721DA99868 ] \Device\Harddisk0\DR0\Partition2 16:45:34.0440 0x1dcc \Device\Harddisk0\DR0\Partition2 - ok 16:45:34.0447 0x1dcc [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3 16:45:34.0447 0x1dcc \Device\Harddisk0\DR0\Partition3 - ok 16:45:34.0456 0x1dcc [ CE0F7F3F0EC30463376B92DEB1842280 ] \Device\Harddisk0\DR0\Partition4 16:45:34.0457 0x1dcc \Device\Harddisk0\DR0\Partition4 - ok 16:45:34.0496 0x1dcc [ 547DBA75702140C56BFC3BED916F2A63 ] \Device\Harddisk0\DR0\Partition5 16:45:34.0497 0x1dcc \Device\Harddisk0\DR0\Partition5 - ok 16:45:34.0498 0x1dcc ================ Scan generic autorun ====================== 16:45:34.0623 0x1dcc [ 210875E72C45D712120904128F357233, 4998BF27D28D4DDE79F9B06E0562E28A9D433DBFC0D3D4144A7A97EBF5110091 ] C:\Program Files\IDT\WDM\sttray64.exe 16:45:34.0681 0x1dcc SysTrayApp - ok 16:45:34.0683 0x1dcc SynTPEnh - ok 16:45:34.0827 0x1dcc [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe 16:45:34.0843 0x1dcc RemoteControl10 - ok 16:45:35.0024 0x1dcc [ D1C8B0DC04347B6B9B5B3B9204DF6756, DA4D1CC98DCDFDF674F83164843A6B4E8830232700BE13CC755F94638351DA8B ] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe 16:45:35.0053 0x1dcc HP CoolSense - ok 16:45:35.0206 0x1dcc [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe 16:45:35.0231 0x1dcc BCSSync - ok 16:45:35.0345 0x1dcc [ BCBE8AEB8C6014A694062968F21BC0C4, 294D7BAA92121C7F647C0066A4D7E10F75C39C3EF12A0ECD5CAAF99F99A7C64A ] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe 16:45:35.0362 0x1dcc Memeo Instant Backup - ok 16:45:35.0473 0x1dcc [ 6198A9BC15ED77F318D5DDD1918CF1D1, 6C7E619BB053F09021F5867E3A70A3A2890E2318CF1A5CE294A5F894CB3A4890 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe 16:45:35.0495 0x1dcc HP Quick Launch - ok 16:45:35.0793 0x1dcc [ 1E06B301F4FA22A01B8CC314FC7A7E1C, D8E7DC35BF60FD5A1169BA6C127747D7928758071E37043891C24821F8BFFD19 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe 16:45:35.0944 0x1dcc AvastUI.exe - ok 16:45:36.0072 0x1dcc [ 4C6AAABB264526A9C845A39AEBB79B69, B27F869E8B44CC5F1F9ADCA53AA848C16D706587ED9C7F995AE59BF9B0426523 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe 16:45:36.0091 0x1dcc StartCCC - ok 16:45:36.0209 0x1dcc Dropbox - ok 16:45:36.0307 0x1dcc [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 16:45:36.0327 0x1dcc SunJavaUpdateSched - ok 16:45:36.0429 0x1dcc OneDriveSetup - ok 16:45:36.0432 0x1dcc OneDriveSetup - ok 16:45:36.0591 0x1dcc [ A49BDAAE58D3FFFEF42886F9CDA17861, 71CE5FF6F12938E3973A7052851C9645EB6852BC662A5B07A0F75F475E04DC40 ] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe 16:45:36.0627 0x1dcc Power2GoExpress8 - ok 16:45:36.0987 0x1dcc [ 10E89F598469C60D8C87A8218089A87D, BE40B0DAB9F19E325086605A795469FC8A501FA66E05AD4D990E3C1A0326BAEF ] C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe 16:45:37.0073 0x1dcc Akamai NetSession Interface - ok 16:45:37.0235 0x1dcc [ 6C7122316FE67D7EF1C470DBFDEBE65D, 498EA6B8E9F4482FE5FEEC174000FD4EF68287C72EBE1D0D0AFAEF6AD3850F4B ] C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe 16:45:37.0295 0x1dcc safe_url__2 - ok 16:45:37.0457 0x1dcc [ 2AB653E11A18FB6E88A3E8974C2E084D, 8CAAC651B37CA4D31AB436ACED6239C8338F3D692D8ABC851BF99F282215E349 ] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe 16:45:37.0486 0x1dcc Web Companion - ok 16:45:37.0669 0x1dcc [ A5D4129CEA4D3B75839E071C12185BD9, 7DC1A91F9D8AEBD7C684C30AB6D9983E6D3B6F105042FE8D5A21A3FB360C1FD4 ] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 16:45:37.0700 0x1dcc Autodesk Sync - ok 16:45:37.0841 0x1dcc [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Martin\AppData\Local\Microsoft\OneDrive\OneDrive.exe 16:45:37.0870 0x1dcc OneDrive - ok 16:45:37.0971 0x1dcc Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64 - ok 16:45:37.0972 0x1dcc Waiting for KSN requests completion. In queue: 91 16:45:39.0047 0x1dcc AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.494 ), 0x60100 ( disabled : updated ) 16:45:39.0064 0x1dcc AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.2.2738.0 ), 0x41000 ( enabled : updated ) 16:45:39.0072 0x1dcc Win FW state via NFP2: enabled ( trusted ) 16:45:39.0267 0x1dcc ============================================================ 16:45:39.0267 0x1dcc Scan finished 16:45:39.0267 0x1dcc ============================================================ 16:45:39.0280 0x19dc Detected object count: 1 16:45:39.0280 0x19dc Actual detected object count: 1 16:48:45.0501 0x19dc qkseeService ( UnsignedFile.Multi.Generic ) - skipped by user 16:48:45.0501 0x19dc qkseeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:52:14.0682 0x15b8 Deinitialize success |
29.08.2016, 09:04 | #6 |
/// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Servus, du bist ab sofort mein Lieblings-User hier... jede Menge Adware auf dem PC... das wird eine Materialschlacht... Avast während der Schritte bitte deaktivieren, nicht dass es stört. Bitte alle Anleitungen genau lesen. Auf zur 1. Bereinigungswelle: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
29.08.2016, 13:12 | #7 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Sooo.... wenn ich dass so sehe, komme ich mir sau dumm vor. Und schön, wenn du dich über meine Adware freust Hier die Logs: AdwCleaner: Code:
ATTFilter # AdwCleaner v6.010 - Bericht erstellt am 29/08/2016 um 11:20:48 # Aktualisiert am 12/08/2016 von ToolsLib # Datenbank : 2016-08-28.2 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : Martin - LAPTOP-MARTIN # Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe # Modus: Löschen # Unterstützung : https://toolslib.net/forum ***** [ Dienste ] ***** [-] Dienst gelöscht: iSafeKrnl [-] Dienst gelöscht: iSafeKrnlBoot [-] Dienst gelöscht: iSafeKrnlKit [-] Dienst gelöscht: iSafeKrnlMon [-] Dienst gelöscht: iSafeNetFilter [-] Dienst gelöscht: iSafeService [-] Dienst gelöscht: winzipersvc [-] Dienst gelöscht: LavasoftTcpService [-] Dienst gelöscht: qkseeService [-] Dienst gelöscht: SearchProtectionService [-] Dienst gelöscht: LegpatP [-] Dienst gelöscht: UncheckitSvc [-] Dienst gelöscht: cktSvc ***** [ Ordner ] ***** [-] Ordner gelöscht: C:\ProgramData\8winp8 [-] Ordner gelöscht: C:\ProgramData\AwinpA [-] Ordner gelöscht: C:\ProgramData\ewinpe [-] Ordner gelöscht: C:\ProgramData\fwinpf [-] Ordner gelöscht: C:\ProgramData\GwinpG [-] Ordner gelöscht: C:\ProgramData\JwinpJ [-] Ordner gelöscht: C:\ProgramData\KwinpK [-] Ordner gelöscht: C:\ProgramData\WwinpW [-] Ordner gelöscht: C:\Users\Martin\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 [-] Ordner gelöscht: C:\Users\Martin\AppData\Local\Legpat [-] Ordner gelöscht: C:\Users\Martin\AppData\LocalLow\Browser-Security [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Browser-Security [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\DriverCure [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\eCyber [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Elex-tech [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\ParetoLogic [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Solvusoft [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\lavasoft\web companion [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\qksee [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\WinZiper [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\BandwidthStat [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Uncheckit [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat [-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\PConverter_dz [-] Ordner gelöscht: C:\ProgramData\ParetoLogic [-] Ordner gelöscht: C:\ProgramData\lavasoft\web companion [-] Ordner gelöscht: C:\ProgramData\Uncheckit [-] Ordner gelöscht: C:\ProgramData\Legpat [-] Ordner gelöscht: C:\ProgramData\ChelfNotify [#] Ordner mit Neustart gelöscht: C:\ProgramData\uckt [-] Ordner gelöscht: C:\ProgramData\Application Data\lavasoft\web companion [-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaNetworkEnhance [-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee [-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit [-] Ordner gelöscht: C:\Program Files (x86)\Elex-tech [-] Ordner gelöscht: C:\Program Files (x86)\ParetoLogic [-] Ordner gelöscht: C:\Program Files (x86)\PC Speed Maximizer [-] Ordner gelöscht: C:\Program Files (x86)\SFK [-] Ordner gelöscht: C:\Program Files (x86)\Wajam [-] Ordner gelöscht: C:\Program Files (x86)\WaNetworkEnhance [#] Ordner mit Neustart gelöscht: C:\Program Files (x86)\WinZipper [-] Ordner gelöscht: C:\Program Files (x86)\TData [-] Ordner gelöscht: C:\Program Files (x86)\lavasoft\web companion [-] Ordner gelöscht: C:\Program Files (x86)\qksee [-] Ordner gelöscht: C:\Program Files (x86)\QQBrowser [-] Ordner gelöscht: C:\Program Files (x86)\SoftUpgrade [-] Ordner gelöscht: C:\Program Files (x86)\Uncheckit [-] Ordner gelöscht: C:\Program Files (x86)\Legpat [-] Ordner gelöscht: C:\Program Files (x86)\TXQQBrowser [-] Ordner gelöscht: C:\Program Files (x86)\WinSaber [-] Ordner gelöscht: C:\Program Files (x86)\SoEasySvc [#] Ordner mit Neustart gelöscht: C:\Program Files (x86)\winsaber [-] Ordner gelöscht: C:\Program Files (x86)\Common Files\ParetoLogic [-] Ordner gelöscht: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit ***** [ Dateien ] ***** [-] Datei gelöscht: C:\Users\Martin\Desktop\ParetoLogic PC Health Advisor.lnk [-] Datei gelöscht: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log [-] Datei gelöscht: C:\WINDOWS\SysNative\roboot64.exe [!] Datei nicht gelöscht: C:\WINDOWS\SysNative\LavasoftTcpService64.dll [-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini [-] Datei gelöscht: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys [-] Datei gelöscht: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys [-] Datei gelöscht: C:\Users\Public\Desktop\Facebook.lnk [-] Datei gelöscht: C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk [-] Datei gelöscht: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll [-] Datei gelöscht: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.001 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.7z [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.arj [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.bz2 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.bzip2 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.cab [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.cpio [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.deb [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.dmg [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.fat [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.gz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.gzip [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.hfs [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.iso [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.lha [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.lzh [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.lzma [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.ntfs [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.rar [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.rpm [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.squashfs [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.swm [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tar [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.taz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tbz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tbz2 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tgz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tpz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.txz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.vhd [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.wim [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.xar [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.xz [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.z [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.zip [-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc [-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\uus3url-pl [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{E6E66045-E911-4C01-961D-32387BF12768} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC727A8C-7582-483C-A1C2-2B885F099BB5} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E66045-E911-4C01-961D-32387BF12768} [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6E66045-E911-4C01-961D-32387BF12768} [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E6E66045-E911-4C01-961D-32387BF12768} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\WebDiscoverBrowser [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [-] Schlüssel gelöscht: HKU\.DEFAULT\Software\WebDiscoverBrowser [-] Schlüssel gelöscht: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [-] Schlüssel gelöscht: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Mozilla\Extends [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\OCS [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\ParetoLogic [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\PRODUCTSETUP [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Softonic [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\WajIEnhance [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\WaNetworkEnhance [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\WebDiscoverBrowser [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\BandwidthStat [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Uncheckit [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BandwidthStat [#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\WebDiscoverBrowser [#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Mozilla\Extends [#] Schlüssel mit Neustart gelöscht: HKCU\Software\OCS [#] Schlüssel mit Neustart gelöscht: HKCU\Software\ParetoLogic [#] Schlüssel mit Neustart gelöscht: HKCU\Software\PRODUCTSETUP [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Softonic [#] Schlüssel mit Neustart gelöscht: HKCU\Software\WajIEnhance [#] Schlüssel mit Neustart gelöscht: HKCU\Software\WaNetworkEnhance [#] Schlüssel mit Neustart gelöscht: HKCU\Software\WebDiscoverBrowser [#] Schlüssel mit Neustart gelöscht: HKCU\Software\BandwidthStat [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Uncheckit [-] Schlüssel gelöscht: HKLM\SOFTWARE\Elex-tech [-] Schlüssel gelöscht: HKLM\SOFTWARE\hdcode [-] Schlüssel gelöscht: HKLM\SOFTWARE\mystartsearchSoftware [-] Schlüssel gelöscht: HKLM\SOFTWARE\ParetoLogic [-] Schlüssel gelöscht: HKLM\SOFTWARE\WaNetworkEnhance [-] Schlüssel gelöscht: HKLM\SOFTWARE\yessearchesSoftware [-] Schlüssel gelöscht: HKLM\SOFTWARE\qkseeSvc [-] Schlüssel gelöscht: HKLM\SOFTWARE\qksee [-] Schlüssel gelöscht: HKLM\SOFTWARE\Lavasoft\Web Companion [-] Schlüssel gelöscht: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [-] Schlüssel gelöscht: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Uncheckit [-] Schlüssel gelöscht: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BandwidthStat [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaNetworkEnhance [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit [-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] [-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] [-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] [-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] [-] Daten wiederhergestellt: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Daten wiederhergestellt: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] [-] Daten wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Daten wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] [-] Daten wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] [-] Daten wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] [-] Daten wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] [-] Daten wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [-] Daten wiederhergestellt: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [-] Daten wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [-] Daten wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] [-] Daten wiederhergestellt: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default] [-] Daten wiederhergestellt: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [Default] [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com [-] Wert gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Run [safe_url__2] [#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_url__2] [-] Wert gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] [#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion] [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper [-] Schlüssel gelöscht: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} [-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\s [-] Schlüssel gelöscht: HKCU\Software\Classes\Applications\bandwidthstat.exe [-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Browser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: "Prefetch" Dateien gelöscht :: Proxy Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht :: Hosts-Datei wiederhergestellt ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [22358 Bytes] - [29/08/2016 11:20:48] C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [22506 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 29.08.2016 Suchlaufzeit: 11:43 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.08.29.03 Rootkit-Datenbank: v2016.08.15.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Martin Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 409247 Abgelaufene Zeit: 1 Std., 52 Min., 22 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Home x64 Ran by Martin (Administrator) on 29.08.2016 at 13:51:03,50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 7 Successfully deleted: C:\Users\Martin\AppData\Local\{04437A0A-2B4D-4E22-A6D0-DFF33C4B61D3} (Empty Folder) Successfully deleted: C:\Users\Martin\AppData\Local\{209E69BC-ECF4-497C-9533-060317B10B8E} (Empty Folder) Successfully deleted: C:\Users\Martin\AppData\Local\{82E69C8E-BAC8-4EC2-AAC6-D695E0700D07} (Empty Folder) Successfully deleted: C:\Users\Martin\AppData\Local\{989AA551-3E06-4722-BD13-FE54C3D04783} (Empty Folder) Successfully deleted: C:\Users\Martin\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\avast-search.xml (File) Successfully deleted: C:\WINDOWS\SysWOW64\RENAD72.tmp (File) Deleted the following from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\prefs.js user_pref(browser.search.searchengine.alias, mystartsearch); user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/favicon.ico); user_pref(browser.search.searchengine.name, mystartsearch); user_pref(browser.search.searchengine.ptid, cor); user_pref(browser.search.searchengine.uid, ST500LM012XHN-M500MBB_S2SVJ9ECA09668); user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type=ds&ts=1429767349&from=cor&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}); user_pref(extensions.quick_start.enable_search1, false); user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false); user_pref(extensions.toolbar.mindspark._dzMembers_.browser.version.last, 40.0); user_pref(extensions.toolbar.mindspark._dzMembers_.firstKnownVersion, 7.18.7.64289); user_pref(extensions.toolbar.mindspark._dzMembers_.homepage, hxxp://home.tb.ask.com/index.jhtml?ptb=455E3377-B591-472A-9092-E71BA2DBE4C7&n=781bb99a&p2=^BYC^xdm001^YYA^de); user_pref(extensions.toolbar.mindspark._dzMembers_.initialized, true); user_pref(extensions.toolbar.mindspark._dzMembers_.installKeysSource, Cookies); user_pref(extensions.toolbar.mindspark._dzMembers_.installType, XPI); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.contextKey, ); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.dlpCountryCode, DE); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.installDate, 2015082906); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.partnerId, ^BYC^xdm001^YYA^de); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.partnerSubId, ); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.pixelUrl, hxxp://www.pconverter.com/install_pixels.jhtml?partner=^BYC^xdm001^YYA^de&coId=16f3daae47a34b8588a user_pref(extensions.toolbar.mindspark._dzMembers_.installation.success, true); user_pref(extensions.toolbar.mindspark._dzMembers_.installation.toolbarId, 455E3377-B591-472A-9092-E71BA2DBE4C7); user_pref(extensions.toolbar.mindspark._dzMembers_.isCompliantUninstallImplementation, true); user_pref(extensions.toolbar.mindspark._dzMembers_.lastActivePing, 1440865853434); user_pref(extensions.toolbar.mindspark._dzMembers_.lastKnownVersion, 7.18.7.64289); user_pref(extensions.toolbar.mindspark._dzMembers_.options.defaultSearch, false); user_pref(extensions.toolbar.mindspark._dzMembers_.options.homePageEnabled, false); user_pref(extensions.toolbar.mindspark._dzMembers_.options.keywordEnabled, false); user_pref(extensions.toolbar.mindspark._dzMembers_.options.tabEnabled, false); user_pref(extensions.toolbar.mindspark._dzMembers_.partnerPixelFired, true); user_pref(extensions.toolbar.mindspark._dzMembers_.successUrl, hxxp://www.pconverter.com/installComplete.jhtml); user_pref(extensions.toolbar.mindspark._dzMembers_.toolbarCollapsed, false); user_pref(extensions.toolbar.mindspark.lastInstalled, pconverter@mindspark.com); Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.08.2016 at 13:57:13,08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016 durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (29-08-2016 14:00:46) Gestartet von C:\Users\Martin\Desktop Geladene Profile: Martin (Verfügbare Profile: Martin) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64" HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-08-29] ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-08-29] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2016-08-29] ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0 Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1 Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft) FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04] FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert] FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com" CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> nice CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-05-20] CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11] CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11] CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-12] CHR Extension: (Skype) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-22] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12] CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28] StartMenuInternet: Google Chrome - Chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert] S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] () S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] () R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.) R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.) R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.) S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-29 14:00 - 2016-08-29 14:00 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion 2016-08-29 13:57 - 2016-08-29 13:57 - 00004681 _____ C:\Users\Martin\Desktop\JRT.txt 2016-08-29 13:50 - 2016-08-29 13:50 - 01610560 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe 2016-08-29 13:50 - 2016-08-29 13:50 - 00001205 _____ C:\Users\Martin\Desktop\mbam.txt 2016-08-29 13:39 - 2016-08-29 13:40 - 00000004 ____H C:\ProgramData\cm-lock 2016-08-29 11:42 - 2016-08-29 13:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-08-29 11:41 - 2016-08-29 13:43 - 00000738 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ Malwarebytes Anti-Malware 2016-08-29 11:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-08-29 11:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-08-29 11:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-08-29 11:37 - 2016-08-29 11:37 - 22851472 _____ (Malwarebytes ) C:\Users\Martin\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-29 11:34 - 2016-08-29 11:20 - 00022642 _____ C:\Users\Martin\Desktop\AdwCleaner[C0].txt 2016-08-29 11:06 - 2016-08-29 11:20 - 00000000 ____D C:\AdwCleaner 2016-08-29 11:05 - 2016-08-29 11:05 - 03826240 _____ C:\Users\Martin\Desktop\AdwCleaner_6.010.exe 2016-08-28 16:41 - 2016-08-28 16:52 - 00097628 _____ C:\Users\Martin\Desktop\TDSSKiller.3.1.0.11_28.08.2016_16.41.53_log.txt 2016-08-28 16:35 - 2016-08-28 16:37 - 00077710 _____ C:\Users\Martin\Desktop\Addition.txt 2016-08-28 16:33 - 2016-08-29 14:02 - 00031834 _____ C:\Users\Martin\Desktop\FRST.txt 2016-08-28 16:32 - 2016-08-29 14:00 - 00000000 ____D C:\FRST 2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe 2016-08-28 16:31 - 2016-08-29 14:00 - 02396672 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe 2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html 2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html 2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-23 09:39 - 2016-08-29 13:36 - 00000000 ____D C:\Program Files (x86)\_SSpm 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html 2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1 2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-09 15:54 - 2016-08-29 13:43 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk 2016-08-09 15:54 - 2016-08-29 13:43 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk 2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ 2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ 2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ 2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html 2016-08-07 11:50 - 2016-08-07 11:50 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp 2016-08-05 18:50 - 2016-08-05 18:50 - 00003726 _____ C:\WINDOWS\System32\Tasks\UpdaterTask 2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys 2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS 2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS 2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip 2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf 2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls 2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html 2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html 2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-29 13:50 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job 2016-08-29 13:48 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox 2016-08-29 13:48 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai 2016-08-29 13:43 - 2016-04-18 16:17 - 00002048 _____ C:\Users\Public\Desktop\Revit 2016.lnk 2016-08-29 13:43 - 2016-04-18 14:22 - 00002433 _____ C:\Users\Public\Desktop\SOFiCAD-OEM 2014.lnk 2016-08-29 13:43 - 2016-04-18 14:19 - 00002027 _____ C:\Users\Public\Desktop\SOFiSTiK Sonar.lnk 2016-08-29 13:43 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-29 13:43 - 2016-03-26 13:33 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-08-29 13:43 - 2016-03-15 14:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-08-29 13:43 - 2016-03-15 14:16 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-08-29 13:43 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-08-29 13:43 - 2016-01-16 21:48 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-08-29 13:43 - 2015-08-29 18:56 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2016-08-29 13:43 - 2015-04-03 17:17 - 00002913 _____ C:\Users\Public\Desktop\Nero 2015.lnk 2016-08-29 13:43 - 2015-04-03 16:33 - 00001532 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2016-08-29 13:43 - 2014-12-29 13:39 - 00001968 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-08-29 13:43 - 2014-07-21 13:54 - 00000662 _____ C:\Users\Public\Desktop\Cremer Commander.lnk 2016-08-29 13:43 - 2014-07-08 23:02 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk 2016-08-29 13:43 - 2014-04-21 19:55 - 00001162 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2016-08-29 13:43 - 2014-04-20 10:58 - 00000960 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-08-29 13:43 - 2014-01-23 23:58 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013b.lnk 2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card.lnk 2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card (2).lnk 2016-08-29 13:43 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-29 13:43 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-29 13:43 - 2013-02-24 11:50 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2016-08-29 13:43 - 2013-02-24 11:50 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2016-08-29 13:43 - 2013-01-20 16:55 - 00001191 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2.lnk 2016-08-29 13:43 - 2013-01-18 14:11 - 00000291 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk 2016-08-29 13:43 - 2013-01-17 18:30 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk 2016-08-29 13:43 - 2013-01-17 18:30 - 00001251 _____ C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk 2016-08-29 13:43 - 2012-11-15 03:08 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk 2016-08-29 13:43 - 2012-08-31 23:03 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk 2016-08-29 13:43 - 2012-08-31 23:03 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk 2016-08-29 13:43 - 2012-08-31 23:03 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk 2016-08-29 13:43 - 2012-08-31 22:59 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2016-08-29 13:43 - 2012-08-31 22:59 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2016-08-29 13:43 - 2012-08-31 22:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-08-29 13:42 - 2016-04-18 16:27 - 00002003 _____ C:\Users\Martin\Desktop\Autodesk Revit 2016 jetzt installieren.lnk 2016-08-29 13:42 - 2015-12-05 18:05 - 00001314 _____ C:\Users\Martin\Desktop\Easy Audio Cutter.lnk 2016-08-29 13:42 - 2015-12-05 18:05 - 00001298 _____ C:\Users\Martin\Desktop\Free CD Ripper.lnk 2016-08-29 13:42 - 2015-12-05 18:05 - 00001296 _____ C:\Users\Martin\Desktop\Free Mp3 Wma Converter.lnk 2016-08-29 13:42 - 2014-06-11 14:35 - 00001798 _____ C:\Users\Martin\Desktop\Wecker für Windows.lnk 2016-08-29 13:42 - 2013-12-23 17:35 - 00001299 _____ C:\Users\Martin\Desktop\Dropbox.lnk 2016-08-29 13:42 - 2013-08-08 20:10 - 00002265 _____ C:\Users\Martin\Desktop\Carcasonne - Verknüpfung.lnk 2016-08-29 13:41 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles 2016-08-29 13:40 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-29 13:40 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity 2016-08-29 13:40 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity 2016-08-29 13:40 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity 2016-08-29 13:40 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity 2016-08-29 13:40 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity 2016-08-29 13:40 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity 2016-08-29 13:40 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-29 13:39 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-29 13:39 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-29 13:38 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-29 12:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-08-29 12:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-29 11:30 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-08-29 11:20 - 2015-05-13 10:16 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-08-29 11:19 - 2016-05-26 14:04 - 00000000 ____D C:\WINDOWS\system32\log 2016-08-29 11:18 - 2016-06-16 12:44 - 00000000 ____D C:\Program Files (x86)\WinZipper 2016-08-29 11:18 - 2015-12-04 12:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-08-29 11:17 - 2015-12-04 12:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Lavasoft 2016-08-29 11:17 - 2015-12-04 12:36 - 00000000 ____D C:\ProgramData\Lavasoft 2016-08-29 11:02 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien 2016-08-29 07:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin 2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat 2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm 2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied 2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive 2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni 2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2 2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat 2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat 2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-07-30 22:50 - 2013-05-04 15:33 - 00004204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-30 22:50 - 2013-05-04 15:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-30 22:50 - 2013-05-04 15:33 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab 2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi 2014-08-13 10:27 - 2014-08-13 10:27 - 0478720 _____ () C:\Program Files (x86)\setup.exe 2014-08-13 10:27 - 2014-08-13 10:27 - 0000279 _____ () C:\Program Files (x86)\setup.ini 2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS 2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part 2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS 2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part 2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS 2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part 2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-29 13:39 - 2016-08-29 13:40 - 0000004 ____H () C:\ProgramData\cm-lock ZeroAccess: C:\Users\Martin\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Einige Dateien in TEMP: ==================== C:\Users\Martin\AppData\Local\Temp\AcDeltree.exe C:\Users\Martin\AppData\Local\Temp\HPSFUpdater.exe C:\Users\Martin\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Martin\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Martin\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Martin\AppData\Local\Temp\libeay32.dll C:\Users\Martin\AppData\Local\Temp\msvcr120.dll C:\Users\Martin\AppData\Local\Temp\SettingUpdate.exe C:\Users\Martin\AppData\Local\Temp\sphpsa.exe C:\Users\Martin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-08-24 09:30 ==================== Ende von FRST.txt ============================ |
29.08.2016, 13:13 | #8 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden FRST Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-08-2016 durchgeführt von Martin (29-08-2016 14:02:38) Gestartet von C:\Users\Martin\Desktop Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled) Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled) Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - ) Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - ) Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft) Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers) AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk) AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk) Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk) Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk) Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software) AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com) CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH) cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version: - ) <==== ACHTUNG CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG) Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft) Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft) Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - ) Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - ) Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.) G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon) GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - ) Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood) GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.) MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version: - Chronic Logic LLC) Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver) Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - ) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG) SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG) SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG) SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG) Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN) Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft) Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.) Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II" Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation) Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software) Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.) Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] () Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/ ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll 2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-29 11:29 - 2016-08-29 11:29 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082900\algo.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74] AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74] AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74] AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74] AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74] AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2012-07-26 07:26 - 2016-08-29 11:20 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg DNS Servers: 10.156.33.53 - 129.187.5.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server ==================== Wiederherstellungspunkte ========================= 10-08-2016 09:32:46 Geplanter Prüfpunkt 19-08-2016 10:38:33 Geplanter Prüfpunkt 24-08-2016 09:01:40 Windows Update 29-08-2016 13:51:10 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/29/2016 01:51:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (08/29/2016 01:48:43 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/29/2016 01:48:21 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/29/2016 01:46:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin) Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/29/2016 01:35:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin) Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/29/2016 11:44:04 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\autodesk\revit 2016\FaroImporter.exe". Die abhängige Assemblierung "FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.408.2"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (08/29/2016 07:47:08 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/29/2016 07:46:46 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/28/2016 06:22:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/28/2016 06:22:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Systemfehler: ============= Error: (08/29/2016 01:50:14 PM) (Source: DCOM) (EventID: 10016) (User: Laptop-Martin) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Laptop-Martin\Martin" (SID: S-1-5-21-205815100-794779995-1947703700-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (08/29/2016 01:48:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Manager für heruntergeladene Karten" wurde nicht richtig gestartet. Error: (08/29/2016 01:44:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet. Error: (08/29/2016 01:44:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (08/29/2016 01:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (08/29/2016 01:40:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht. Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2016-08-29 11:40:30.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:30.120 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:30.019 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:29.956 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:26.774 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:26.701 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:52.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:52.758 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:49.635 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:49.334 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Prozentuale Nutzung des RAM: 29% Installierter physikalischer RAM: 8084.27 MB Verfügbarer physikalischer RAM: 5717.57 MB Summe virtueller Speicher: 9364.27 MB Verfügbarer virtueller Speicher: 7205.19 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:448.21 GB) (Free:137.87 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10) Partition: GPT. ==================== Ende von Addition.txt ============================ |
29.08.2016, 19:26 | #9 |
/// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Servus, sehr gut gemacht. Deine Logdateien sehen schon VIEL besser aus. AdwCleaner müssen wir allerdings nochmal ausführen, weil du eine Option nicht gesetzt hattest (Chrome Einstellungen). So geht es weiter: Schritt 1
Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden Unlock: C:\Program Files (x86)\WinZipper C:\Program Files (x86)\WinZipper C:\Program Files (x86)\setup.exe C:\Program Files (x86)\setup.ini C:\Users\Martin\AppData\Local\Google\Desktop\Install C:\Program Files (x86)\Google\Desktop\Install Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74] AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74] AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74] AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74] AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74] AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74] HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG Unlock: C:\ProgramData\cm-lock Folder: C:\ProgramData\cm-lock Folder: C:\Program Files (x86)\_SSpm Folder: C:\Program Files (x86)\zffvjegf Folder: C:\WINDOWS\SysWOW64\_SSpm CMD: dir "C:\Program Files (x86)" CMD: dir "C:\ProgramData" RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
30.08.2016, 08:15 | #10 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Leider konnte ich Schritt 2 nicht ausführen, da sich bei mir mit Strg + R nur dieses Fenster öffnet: Wenn ich da versuche den Text einzufügen, dann wird nur die erste Zeile eingefügt. Was mache ich falsch? |
30.08.2016, 09:59 | #11 | |
/// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefundenZitat:
Dann öffnet sich ein leeres Textdokument und dort fügst du alle Zeilen für den FRST-Fix ein. Du schaffst das |
30.08.2016, 12:56 | #12 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Ja.... wer lesen kann ist klar im Vorteil Vielen Dank für deine schnellen Antworten! Es ist echt toll, was ihr hier ehrenamtlich macht! AdwareCleaner[C2] Code:
ATTFilter # AdwCleaner v6.010 - Bericht erstellt am 30/08/2016 um 08:58:16 # Aktualisiert am 12/08/2016 von ToolsLib # Datenbank : 2016-08-30.1 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : Martin - LAPTOP-MARTIN # Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe # Modus: Löschen # Unterstützung : https://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner gelöscht: C:\Program Files (x86)\WinZipper ***** [ Dateien ] ***** [-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpService64.dll ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel gelöscht: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} ***** [ Browser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Winsock Einstellungen zurückgesetzt :: "Prefetch" Dateien gelöscht :: Proxy Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht :: Hosts-Datei wiederhergestellt ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [22642 Bytes] - [29/08/2016 11:20:48] C:\AdwCleaner\AdwCleaner[C2].txt - [1264 Bytes] - [30/08/2016 08:58:16] C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04] C:\AdwCleaner\AdwCleaner[S1].txt - [1569 Bytes] - [30/08/2016 08:55:47] C:\AdwCleaner\AdwCleaner[S2].txt - [1642 Bytes] - [30/08/2016 08:57:17] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1557 Bytes] ########## Code:
ATTFilter # AdwCleaner v6.010 - Bericht erstellt am 30/08/2016 um 08:57:17 # Aktualisiert am 12/08/2016 von ToolsLib # Datenbank : 2016-08-30.1 [Server] # Betriebssystem : Windows 10 Home (X64) # Benutzername : Martin - LAPTOP-MARTIN # Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe # Modus: Suchlauf # Unterstützung : https://toolslib.net/forum ***** [ Dienste ] ***** Keine schädlichen Dienste gefunden. ***** [ Ordner ] ***** Ordner Gefunden: C:\Program Files (x86)\WinZipper ***** [ Dateien ] ***** Datei Gefunden: C:\WINDOWS\SysNative\LavasoftTcpService64.dll ***** [ DLL ] ***** Keine infizierten DLLs gefunden. ***** [ WMI ] ***** Keine schädlichen Schlüssel gefunden. ***** [ Verknüpfungen ] ***** Keine infizierten Verknüpfungen gefunden. ***** [ Aufgabenplanung ] ***** Aufgabe Gefunden: UpdaterTask Aufgabe Gefunden: AVGPCTuneUp_Task_BkGndMaintenance ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} ***** [ Internetbrowser ] ***** Keine schädlichen Elemente in Firefox basierten Browsern gefunden. Keine schädlichen Elemente in Chrome basierten Browsern gefunden. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [22642 Bytes] - [29/08/2016 11:20:48] C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04] C:\AdwCleaner\AdwCleaner[S1].txt - [1569 Bytes] - [30/08/2016 08:55:47] C:\AdwCleaner\AdwCleaner[S2].txt - [1490 Bytes] - [30/08/2016 08:57:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1563 Bytes] ########## Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016 durchgeführt von Martin (30-08-2016 13:15:02) Run:1 Gestartet von C:\Users\Martin\Desktop Geladene Profile: Martin (Verfügbare Profile: Martin) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668 FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden Unlock: C:\Program Files (x86)\WinZipper C:\Program Files (x86)\WinZipper C:\Program Files (x86)\setup.exe C:\Program Files (x86)\setup.ini C:\Users\Martin\AppData\Local\Google\Desktop\Install C:\Program Files (x86)\Google\Desktop\Install Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74] AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74] AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74] AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74] AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74] AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74] HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG Unlock: C:\ProgramData\cm-lock Folder: C:\ProgramData\cm-lock Folder: C:\Program Files (x86)\_SSpm Folder: C:\Program Files (x86)\zffvjegf Folder: C:\WINDOWS\SysWOW64\_SSpm CMD: dir "C:\Program Files (x86)" CMD: dir "C:\ProgramData" RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end ***************** Prozess erfolgreich geschlossen. HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Wert erfolgreich entfernt "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Schlüssel erfolgreich entfernt HKCR\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert erfolgreich entfernt "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Schlüssel erfolgreich entfernt HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wert erfolgreich entfernt HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Wert erfolgreich entfernt HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => Wert erfolgreich entfernt "C:\Program Files (x86)\WinZipper" => nicht gefunden. "C:\Program Files (x86)\WinZipper" => nicht gefunden. C:\Program Files (x86)\setup.exe => erfolgreich verschoben C:\Program Files (x86)\setup.ini => erfolgreich verschoben C:\Users\Martin\AppData\Local\Google\Desktop\Install => erfolgreich verschoben C:\Program Files (x86)\Google\Desktop\Install => erfolgreich verschoben HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C847DC-B226-4C5A-A8AB-184E4A601340} => Schlüssel nicht gefunden. C:\WINDOWS\System32\Tasks\UpdaterTask => nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterTask => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8C2E264-6122-426B-B842-15D6E9E9638C} => Schlüssel nicht gefunden. C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => Schlüssel nicht gefunden. C:\Windows => ":CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8" ADS erfolgreich entfernt. C:\Windows => ":CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77" ADS erfolgreich entfernt. C:\Windows => ":CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83" ADS erfolgreich entfernt. C:\Windows => ":CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302" ADS erfolgreich entfernt. C:\Windows => ":CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4" ADS erfolgreich entfernt. C:\Windows => ":CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8" ADS erfolgreich entfernt. "HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\SOFiCAD-OEMScriptFile" => Schlüssel erfolgreich entfernt "HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr" => Schlüssel erfolgreich entfernt "C:\ProgramData\cm-lock" => nicht gefunden. ========================= Folder: C:\ProgramData\cm-lock ======================== nicht gefunden. ====== Ende von Folder: ====== ========================= Folder: C:\Program Files (x86)\_SSpm ======================== 2016-08-22 12:34 - 2016-06-21 07:25 - 0000484 _____ () C:\Program Files (x86)\_SSpm\39.json 2016-08-22 12:34 - 2016-08-18 10:10 - 0813796 _____ () C:\Program Files (x86)\_SSpm\DataBase 2016-08-22 12:34 - 2014-08-12 18:00 - 0131640 _____ (Tencent Inc.) C:\Program Files (x86)\_SSpm\QQBrowser.exe 2016-08-22 12:34 - 2016-07-06 08:33 - 0100864 _____ (Skytech) C:\Program Files (x86)\_SSpm\QQBrowserFrame.dll 2016-08-22 12:34 - 2016-08-22 08:13 - 0355608 _____ () C:\Program Files (x86)\_SSpm\saber.exe 2016-08-22 12:34 - 2016-06-08 10:22 - 0085504 _____ () C:\Program Files (x86)\_SSpm\UnEverything.exe 2016-08-23 07:45 - 2016-08-23 05:43 - 0160304 _____ () C:\Program Files (x86)\_SSpm\winzipper.exe 2016-08-22 12:34 - 2016-08-18 10:04 - 0541416 _____ (WFini LIMITED) C:\Program Files (x86)\_SSpm\wpm.exe ====== Ende von Folder: ====== ========================= Folder: C:\Program Files (x86)\zffvjegf ======================== ====== Ende von Folder: ====== ========================= Folder: C:\WINDOWS\SysWOW64\_SSpm ======================== 2016-06-21 13:25 - 2016-06-21 13:25 - 0000484 _____ () C:\WINDOWS\SysWOW64\_SSpm\39.json 2016-07-06 14:10 - 2016-07-06 14:10 - 0816132 _____ () C:\WINDOWS\SysWOW64\_SSpm\DataBase 2016-08-08 11:11 - 2016-08-08 11:11 - 0275672 _____ () C:\WINDOWS\SysWOW64\_SSpm\qks.exe 2014-08-13 00:00 - 2014-08-13 00:00 - 0131640 _____ (Tencent Inc.) C:\WINDOWS\SysWOW64\_SSpm\QQBrowser.exe 2016-07-06 14:33 - 2016-07-06 14:33 - 0100864 _____ (Skytech) C:\WINDOWS\SysWOW64\_SSpm\QQBrowserFrame.dll 2016-06-08 16:22 - 2016-06-08 16:22 - 0085504 _____ () C:\WINDOWS\SysWOW64\_SSpm\UnEverything.exe ====== Ende von Folder: ====== ========= dir "C:\Program Files (x86)" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: CC6E-7394 Verzeichnis von C:\Program Files (x86) 30.08.2016 13:15 <DIR> . 30.08.2016 13:15 <DIR> .. 16.01.2016 21:48 <DIR> Adobe 08.07.2014 23:02 <DIR> Adobe Download Assistant 15.11.2012 02:52 <DIR> AMD APP 12.11.2013 15:36 <DIR> ANNO 1404 - K”nigsedition 14.07.2014 15:54 <DIR> Anno 1701 26.03.2016 13:37 <DIR> ATI Technologies 21.10.2013 17:37 <DIR> Autodesk 22.05.2016 15:07 <DIR> AVG 03.02.2016 14:59 <DIR> AX88772C 15.11.2012 02:57 <DIR> Bonjour 28.06.2016 08:42 <DIR> c9ikp9in 26.08.2016 08:43 <DIR> CLIQZ 12.05.2016 09:01 <DIR> CodeMeter 29.08.2016 11:19 <DIR> Common Files 31.08.2012 23:03 <DIR> Connected Music powered by Universal Music Group 18.08.2013 20:21 <DIR> CyberLink 06.12.2015 19:09 <DIR> Deep Silver 24.08.2016 00:34 <DIR> Drecuied 24.08.2016 09:03 <DIR> Dropbox 03.04.2015 16:33 <DIR> DVDVideoSoft 03.04.2015 16:33 <DIR> Free Codec Pack 05.12.2015 18:05 <DIR> Free mp3 Wma Converter 22.05.2013 14:38 <DIR> GameSpy Arcade 20.05.2016 22:42 <DIR> Ghokaphlbeward 20.08.2016 08:46 <DIR> Google 11.04.2015 13:42 <DIR> Gothic II Gold 04.07.2014 17:05 <DIR> Handbuch und FAQ 29.03.2016 09:45 <DIR> Hewlett-Packard 27.10.2013 11:55 <DIR> HP 31.08.2012 23:03 <DIR> HPConnectedMusic 26.03.2016 15:40 <DIR> Intel 10.08.2016 17:11 <DIR> Internet Explorer 13.10.2015 16:43 <DIR> Java 29.08.2016 11:18 <DIR> Lavasoft 29.08.2015 18:53 <DIR> licenses 18.01.2013 14:16 <DIR> MainConcept 26.09.2013 10:36 <DIR> Maxis 24.02.2013 11:49 <DIR> MEDION 24.02.2013 11:50 <DIR> Memeo 19.01.2013 11:33 <DIR> Microsoft Analysis Services 09.01.2016 13:06 <DIR> Microsoft Games 19.01.2013 11:37 <DIR> Microsoft Office 18.04.2016 12:45 <DIR> Microsoft SDKs 26.06.2016 01:48 <DIR> Microsoft Silverlight 18.04.2016 12:45 <DIR> Microsoft SQL Server 19.01.2013 11:37 <DIR> Microsoft SQL Server Compact Edition 19.01.2013 11:37 <DIR> Microsoft Sync Framework 19.01.2013 11:37 <DIR> Microsoft Synchronization Services 19.01.2013 11:35 <DIR> Microsoft Visual Studio 8 26.03.2016 13:24 <DIR> Microsoft.NET 26.03.2016 13:37 <DIR> MSBuild 27.06.2016 12:42 <DIR> nc0gtqtf 03.04.2015 17:17 <DIR> Nero 06.12.2015 19:26 <DIR> NVIDIA Corporation 17.01.2013 15:23 <DIR> Online Services 29.08.2015 18:55 <DIR> OpenOffice 4 13.08.2014 10:29 154.565.521 openoffice1.cab 13.08.2014 10:27 2.314.240 openoffice411.msi 08.09.2013 12:31 <DIR> PiranhaBytes 12.11.2014 12:35 <DIR> Pontifex Demo 29.08.2015 18:53 <DIR> readmes 15.11.2012 02:56 <DIR> Realtek 29.08.2015 18:53 <DIR> redist 26.03.2016 12:58 <DIR> Reference Assemblies 26.09.2013 10:34 <DIR> SimCity 4 Deluxe 18.04.2016 14:19 <DIR> SOFiSTiK 07.04.2016 10:36 <DIR> Software Treiber SkyStar 12.04.2016 15:24 <DIR> Star Wars Battlefront II 15.11.2012 03:20 <DIR> SymSilent 21.04.2014 19:55 <DIR> TeamSpeak 3 Client 29.03.2016 09:45 <DIR> TechniSat DVB 10.05.2013 18:49 <DIR> Ubi Soft 16.04.2016 18:13 <DIR> Ubisoft 08.10.2014 18:34 <DIR> VideoLAN 11.06.2014 14:35 <DIR> Wecker6 13.07.2016 08:58 <DIR> Windows Defender 31.08.2012 23:00 <DIR> Windows Live 13.07.2016 08:58 <DIR> Windows Mail 13.02.2016 18:58 <DIR> Windows Media Player 26.03.2016 21:04 <DIR> Windows Multimedia Platform 30.10.2015 09:24 <DIR> Windows NT 13.07.2016 08:58 <DIR> Windows Photo Viewer 26.03.2016 21:04 <DIR> Windows Portable Devices 24.12.2014 17:06 <DIR> Worms 4 Mayhem 12.02.2013 17:23 <DIR> YOUTUBE Downloader 01.08.2016 10:42 <DIR> zffvjegf 29.08.2016 13:36 <DIR> _SSpm 2 Datei(en), 156.879.761 Bytes 87 Verzeichnis(se), 147.889.700.864 Bytes frei ========= Ende von CMD: ========= ========= dir "C:\ProgramData" ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: CC6E-7394 Verzeichnis von C:\ProgramData 16.01.2016 21:48 <DIR> Adobe 15.11.2012 02:57 <DIR> Apple 26.03.2016 15:22 <DIR> Application Data 26.03.2016 18:08 <DIR> ATI 18.04.2016 17:16 <DIR> Autodesk 15.03.2016 14:12 <DIR> AVAST Software 22.05.2016 15:07 <DIR> Avg 18.01.2013 14:32 <DIR> CMUV 18.04.2016 12:41 <DIR> CodeMeter 30.10.2015 09:24 <DIR> Comms 23.03.2013 16:29 <DIR> CyberLink 13.06.2015 09:25 <DIR> Dropbox 18.06.2016 11:30 <DIR> F-Secure 21.10.2013 18:48 <DIR> FARO 18.04.2016 13:14 <DIR> FLEXnet 04.05.2013 15:33 <DIR> Google 11.05.2016 16:43 <DIR> Hewlett-Packard 15.11.2012 03:09 <DIR> install_clap 15.11.2012 02:54 <DIR> Intel 29.08.2016 11:17 <DIR> Lavasoft 29.08.2016 11:41 <DIR> Malwarebytes 13.06.2015 09:32 <DIR> McAfee 26.08.2013 11:10 <DIR> Media Center Programs 24.08.2016 09:07 <DIR> Microsoft Help 13.02.2016 19:31 <DIR> Microsoft OneDrive 26.03.2016 10:10 <DIR> Nero 19.01.2013 12:28 <DIR> Norton 15.11.2012 03:18 <DIR> NortonInstaller 21.07.2016 10:13 <DIR> Oracle 18.04.2016 15:26 <DIR> Package Cache 29.07.2014 13:09 <DIR> PDF Writer 26.03.2016 13:25 <DIR> PRICache 15.11.2012 02:57 <DIR> Ralink Driver 13.02.2016 19:12 <DIR> regid.1991-06.com.microsoft 20.06.2016 11:50 <DIR> Skype 29.04.2016 18:22 <DIR> SoftwareDistribution 26.09.2013 16:45 <DIR> Solidshield 21.10.2013 18:18 <DIR> Sun 15.11.2012 03:30 <DIR> Synaptics 26.08.2013 10:48 <DIR> Tages 18.01.2013 14:16 <DIR> Technisat 15.11.2012 03:14 <DIR> Temp 13.02.2016 19:26 <DIR> USOPrivate 13.02.2016 19:26 <DIR> USOShared 30.06.2016 12:47 <DIR> W 05.05.2013 12:27 <DIR> {9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 0 Datei(en), 0 Bytes 46 Verzeichnis(se), 147.889.696.768 Bytes frei ========= Ende von CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt HKU\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt ========= Ende von RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. ========= Ende von CMD: ========= ========= netsh winsock reset ========= Der Winsock-Katalog wurde zurckgesetzt. Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen. ========= Ende von CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 583648 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13150391 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 2614108685 B Edge => 71975986 B Chrome => 749582 B Firefox => 11443176 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 9777 B LocalService => 7309528 B NetworkService => 15876 B Martin => 2830533315 B RecycleBin => 24592564588 B EmptyTemp: => 28.1 GB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 13:22:40 ==== Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 29-08-2016 durchgeführt von Martin (30-08-2016 13:36:03) Gestartet von C:\Users\Martin\Desktop Start-Modus: Normal ================== Registry-Suche: "iSafe;winziper;qksee;Legpat;Uncheckit;Browser-Security;DriverCure;Elex-tech;ParetoLogic;Solvusoft;web companion;BandwidthStat;ChelfNotify;WaNetworkEnhance;PC Speed Maximizer;Wajam;QQBrowser;SoftUpgrade;TXQQBrowser;WinSaber;SoEasySvc;mindspark" =========== ===================== Suchergebnis für "iSafe" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}] ""="ISafeReportItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}] ""="ISafeMailItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}] ""="ISafeContactItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}] ""="ISafeMAPIFolder" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}] ""="ISafeAppointmentItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4}] ""="ISafeSaveHandleManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}] ""="ISafeRecipient" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}] ""="ISafePostItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}] ""="ISafeInspector" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B}] ""="ISafeSaveHandleManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}] ""="ISafeRecipients" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}] ""="ISafeTable" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}] ""="ISafeCurrentUser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}] ""="ISafeItems" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}] ""="_ISafeItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}] ""="ISafeJournalItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}] ""="ISafeDistList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}] ""="ISafeMeetingItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}] ""="ISafeTaskItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}] ""="ISafeReportItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}] ""="ISafeMailItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}] ""="ISafeContactItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}] ""="ISafeMAPIFolder" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}] ""="ISafeAppointmentItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4}] ""="ISafeSaveHandleManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}] ""="ISafeRecipient" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}] ""="ISafePostItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}] ""="ISafeInspector" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B}] ""="ISafeSaveHandleManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}] ""="ISafeRecipients" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}] ""="ISafeTable" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}] ""="ISafeCurrentUser" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}] ""="ISafeItems" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}] ""="_ISafeItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}] ""="ISafeJournalItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}] ""="ISafeDistList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7919641-3978-4668-8388-7310329C800E}] ""="ISafeMeetingItem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}] ""="ISafeTaskItem" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "iSafeTray.exe"="0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058350000000000000200000002000000" ===================== Suchergebnis für "winziper" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed] "1d1fd987501f7d0"=" C:\Users\Martin\AppData\Roaming\WinZiper\update\wzp_update_v2.2.1.exe >tools\unck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed] "1d1fd98755ef4b7"=" C:\Users\Martin\AppData\Roaming\WinZiper\update\wzp_update_v2.2.25.exe >tools\chr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip] "DisplayIcon"="C:\Program Files (x86)\WinZipper\winziper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper] "svc"="winzipersvc" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper] "softuid"="Global\Winziper{78CA2E40-5C38-48EE-BB7F-599F29A6A13A}Winziper" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\WinZipper\winzipersvc.exe"="0x5341435001000000000000000700000028000000786A11004497110001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000064190000000000000100000001000000" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\WinZipper\winziper.exe"="0x534143500100000000000000070000002800000098BE15003F9A160001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CF7A0300000000000900000009000000" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\WinZipper\winziper.exe.FriendlyAppName"="Winziper application" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\WinZipper\winziper.exe.ApplicationCompany"="Winziper Pvt Ltd." ===================== Suchergebnis für "qksee" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\PUB-Removed] "1d1fd23c42f7e53"=" C:\Program Files (x86)\qksee\qkdup.exe" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\qksee\qkseeSvc.exe"="0x5341435001000000000000000700000028000000009E0B000000000001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007C080000000000000100000001000000" ===================== Suchergebnis für "Legpat" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat] "path"="C:\Program Files (x86)\Legpat\" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat] "publicdirectroy_dump"="C:\Program Files (x86)\Legpat\Reports\Dump" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo] "HideIconsCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-HideIconsCommand"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo] "ReinstallCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-ReinstallCommand"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo] "ShowIconsCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-ShowIconsCommand"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\shell\open\command] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Legpat] [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\34db7675_0] ""="{2}.\\?\hdaudio#func_01&ven_8086&dev_2806&subsys_80860101&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\intcdaudtopo_2_48_24_d0/00010001 \Device\HarddiskVolume4\Program Files (x86)\Legpat\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Legpat\Application\chrome.exe"="0x534143500100000000000000070000002800000098BF0F008C85100001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000D1B82801000000003D0000003D000000" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\Application] "ApplicationIcon"="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ftp\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ftp\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\http\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\http\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\https\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\https\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\irc\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\irc\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\mms\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\mms\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\news\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\news\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\nntp\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\nntp\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\sms\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\sms\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\smsto\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\smsto\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\urn\DefaultIcon] ""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\urn\shell\open\command] ""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1"" ===================== Suchergebnis für "Uncheckit" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed] "1d1c8d34bd520cf"=" C:\Program Files (x86)\Uncheckit\InjectEx.dll" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Uncheckit\UncheckitHelper.exe"="0x5341435001000000000000000700000028000000000707007A7E070001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000086090000000000000300000003000000" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Uncheckit\cktSvc.exe"="0x5341435001000000000000000700000028000000002F0400FD12050001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D3040000000000000100000001000000" ===================== Suchergebnis für "Elex-tech" ========== [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058350000000000000200000002000000" ===================== Suchergebnis für "ParetoLogic" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command] ""="C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1" ===================== Suchergebnis für "web companion" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}] "DisplayName"="Web Companion" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}] "DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}] "UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall" [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC] "73"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe " ===================== Suchergebnis für "BandwidthStat" ========== [HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Martin\AppData\Roaming\BandwidthStat\bandwidthstat.exe"="0x5341435001000000000000000700000028000000007C33000000000001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000049010000000000000100000001000000" ===================== Suchergebnis für "WinSaber" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed] "1d1fd92f82071ae"=" C:\Program Files (x86)\WinSaber\WinSaber.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc] "svcpath"="C:\Program Files (x86)\WinSaber\" ===================== Suchergebnis für "SoEasySvc" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed] "1d1fd90f045472d"=" C:\Program Files (x86)\SoEasySvc\SoEasySvc.exe" ====== Ende von Suche ====== Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016 durchgeführt von Martin (30-08-2016 13:50:08) Gestartet von C:\Users\Martin\Desktop Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled) Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled) Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - ) Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - ) Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft) Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers) AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk) AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk) Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk) Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk) Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software) AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com) CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH) cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version: - ) <==== ACHTUNG CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG) Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft) Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft) Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - ) Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - ) Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.) G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon) GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - ) Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood) GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.) MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version: - Chronic Logic LLC) Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver) Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - ) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG) SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG) SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG) SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG) Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN) Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft) Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.) Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II" Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation) Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software) Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.) Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] () Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/ Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/ ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll 2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll 2014-08-28 06:09 - 2014-08-28 06:09 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll 2011-09-16 01:16 - 2011-09-16 01:16 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe 2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-30 13:14 - 2016-08-30 13:14 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083000\algo.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 08:18 - 2016-04-19 08:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2013-08-18 20:22 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-08-18 20:22 - 2013-01-27 16:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll 2013-08-18 20:22 - 2012-09-25 10:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll 2013-08-18 20:22 - 2013-01-27 16:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll 2016-08-23 13:57 - 2016-08-23 13:57 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-23 13:57 - 2016-08-23 13:57 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-08-24 09:02 - 2016-07-12 04:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-08-24 09:02 - 2016-07-12 04:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-08-24 09:02 - 2016-07-12 04:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-08-24 09:02 - 2016-07-12 04:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-08-24 09:02 - 2016-08-24 01:17 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-08-24 09:02 - 2016-08-24 01:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-08-24 09:02 - 2016-08-24 01:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-08-24 09:02 - 2016-08-24 01:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-08-24 09:02 - 2016-07-12 04:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd 2016-08-24 09:02 - 2016-07-12 04:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2016-08-24 09:02 - 2016-08-24 01:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2011-09-16 01:17 - 2011-09-16 01:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll 2011-09-16 01:17 - 2011-09-16 01:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2011-09-16 01:18 - 2011-09-16 01:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll 2010-04-05 20:52 - 2010-04-05 20:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL 2010-04-05 20:52 - 2010-04-05 20:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll 2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74] AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74] AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74] AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74] AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74] AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2012-07-26 07:26 - 2016-08-30 08:58 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg DNS Servers: 10.156.33.53 - 129.187.5.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server ==================== Wiederherstellungspunkte ========================= 10-08-2016 09:32:46 Geplanter Prüfpunkt 19-08-2016 10:38:33 Geplanter Prüfpunkt 24-08-2016 09:01:40 Windows Update 29-08-2016 13:51:10 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/30/2016 11:58:36 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/30/2016 11:58:21 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/30/2016 08:59:48 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (08/30/2016 07:48:06 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/30/2016 07:47:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1207968 Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1207968 Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/29/2016 04:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2500 Error: (08/29/2016 04:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2500 Systemfehler: ============= Error: (08/30/2016 01:24:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (08/30/2016 01:24:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht. Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/30/2016 01:21:20 PM) (Source: disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (08/30/2016 01:21:18 PM) (Source: disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (08/30/2016 01:21:16 PM) (Source: disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (08/30/2016 01:21:14 PM) (Source: disk) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. CodeIntegrity: =================================== Date: 2016-08-29 11:40:30.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:30.120 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:30.019 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:29.956 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:26.774 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:40:26.701 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:52.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:52.758 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:49.635 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-29 11:39:49.334 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Prozentuale Nutzung des RAM: 30% Installierter physikalischer RAM: 8084.27 MB Verfügbarer physikalischer RAM: 5579.82 MB Summe virtueller Speicher: 9364.27 MB Verfügbarer virtueller Speicher: 6971.23 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:448.21 GB) (Free:166.01 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10) Partition: GPT. ==================== Ende von Addition.txt ============================ |
30.08.2016, 12:57 | #13 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016 durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (30-08-2016 13:49:37) Gestartet von C:\Users\Martin\Desktop Geladene Profile: Martin (Verfügbare Profile: Martin) Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Christoph Bünger Software) C:\Program Files (x86)\Wecker6\Wecker.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe (Mozilla Corporation) C:\Program Files (x86)\CLIQZ\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.) HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64" HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-08-29] ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-08-29] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2016-08-29] ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0 Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1 Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1 Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01 HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft) FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04] FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert] FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com" CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> nice CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-08-30] CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11] CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11] CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-30] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12] CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11] CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28] StartMenuInternet: Google Chrome - Chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert] S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] () S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] () R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.) R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.) R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.) S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-30 13:36 - 2016-08-30 13:36 - 00018538 _____ C:\Users\Martin\Desktop\SearchReg.txt 2016-08-30 13:23 - 2016-08-30 13:32 - 00000004 ____H C:\ProgramData\cm-lock 2016-08-30 13:15 - 2016-08-30 13:22 - 00017204 _____ C:\Users\Martin\Desktop\Fixlog.txt 2016-08-30 09:07 - 2016-08-30 08:58 - 00001636 _____ C:\Users\Martin\Desktop\AdwCleaner[C2].txt 2016-08-30 09:07 - 2016-08-30 08:57 - 00001642 _____ C:\Users\Martin\Desktop\AdwCleaner[S2].txt 2016-08-29 20:26 - 2016-08-29 20:26 - 00000878 _____ C:\Users\Martin\Desktop\Wohnheim.lnk 2016-08-29 20:26 - 2016-08-29 20:26 - 00000823 _____ C:\Users\Martin\Desktop\Uni.lnk 2016-08-29 14:31 - 2016-08-30 12:02 - 00000000 ____D C:\Users\Martin\Desktop\Bereinigung 2016-08-29 14:05 - 2016-08-29 14:05 - 00067071 _____ C:\Users\Martin\Desktop\FRST2.txt 2016-08-29 14:05 - 2016-08-29 14:05 - 00055015 _____ C:\Users\Martin\Desktop\Addition2.txt 2016-08-29 14:00 - 2016-08-30 12:05 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion 2016-08-29 13:57 - 2016-08-29 13:57 - 00004681 _____ C:\Users\Martin\Desktop\JRT.txt 2016-08-29 13:50 - 2016-08-29 13:50 - 01610560 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe 2016-08-29 13:50 - 2016-08-29 13:50 - 00001205 _____ C:\Users\Martin\Desktop\mbam.txt 2016-08-29 11:42 - 2016-08-29 13:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-08-29 11:41 - 2016-08-29 13:43 - 00000738 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ Malwarebytes Anti-Malware 2016-08-29 11:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-08-29 11:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-08-29 11:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-08-29 11:37 - 2016-08-29 11:37 - 22851472 _____ (Malwarebytes ) C:\Users\Martin\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-29 11:34 - 2016-08-29 11:20 - 00022642 _____ C:\Users\Martin\Desktop\AdwCleaner[C0].txt 2016-08-29 11:06 - 2016-08-30 08:58 - 00000000 ____D C:\AdwCleaner 2016-08-29 11:05 - 2016-08-29 11:05 - 03826240 _____ C:\Users\Martin\Desktop\AdwCleaner_6.010.exe 2016-08-28 16:41 - 2016-08-28 16:52 - 00097628 _____ C:\Users\Martin\Desktop\TDSSKiller.3.1.0.11_28.08.2016_16.41.53_log.txt 2016-08-28 16:35 - 2016-08-30 13:42 - 00064027 _____ C:\Users\Martin\Desktop\Addition.txt 2016-08-28 16:33 - 2016-08-30 13:49 - 00033040 _____ C:\Users\Martin\Desktop\FRST.txt 2016-08-28 16:32 - 2016-08-30 13:49 - 00000000 ____D C:\FRST 2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe 2016-08-28 16:31 - 2016-08-30 12:05 - 02397696 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe 2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html 2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html 2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-23 09:39 - 2016-08-29 13:36 - 00000000 ____D C:\Program Files (x86)\_SSpm 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html 2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html 2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1 2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-09 15:54 - 2016-08-29 13:43 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk 2016-08-09 15:54 - 2016-08-29 13:43 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk 2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ 2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ 2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ 2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html 2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html 2016-08-07 11:50 - 2016-08-30 13:16 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp 2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys 2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS 2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS 2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip 2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf 2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls 2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html 2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html 2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html 2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html 2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-08-30 13:46 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity 2016-08-30 13:46 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity 2016-08-30 13:46 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity 2016-08-30 13:33 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job 2016-08-30 13:29 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox 2016-08-30 13:27 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-08-30 13:24 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-30 13:24 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity 2016-08-30 13:24 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity 2016-08-30 13:24 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity 2016-08-30 13:24 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles 2016-08-30 13:23 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-30 13:23 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-08-30 13:23 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-30 13:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-08-30 12:09 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien 2016-08-30 12:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-30 11:58 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai 2016-08-30 10:11 - 2016-05-12 12:00 - 00000000 ____D C:\Users\Martin\Documents\Wohnheim 2016-08-30 08:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-08-29 13:43 - 2016-04-18 16:17 - 00002048 _____ C:\Users\Public\Desktop\Revit 2016.lnk 2016-08-29 13:43 - 2016-04-18 14:22 - 00002433 _____ C:\Users\Public\Desktop\SOFiCAD-OEM 2014.lnk 2016-08-29 13:43 - 2016-04-18 14:19 - 00002027 _____ C:\Users\Public\Desktop\SOFiSTiK Sonar.lnk 2016-08-29 13:43 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-29 13:43 - 2016-03-26 13:33 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-08-29 13:43 - 2016-03-15 14:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-08-29 13:43 - 2016-03-15 14:16 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-08-29 13:43 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-08-29 13:43 - 2016-01-16 21:48 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-08-29 13:43 - 2015-08-29 18:56 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2016-08-29 13:43 - 2015-04-03 17:17 - 00002913 _____ C:\Users\Public\Desktop\Nero 2015.lnk 2016-08-29 13:43 - 2015-04-03 16:33 - 00001532 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2016-08-29 13:43 - 2014-12-29 13:39 - 00001968 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-08-29 13:43 - 2014-07-21 13:54 - 00000662 _____ C:\Users\Public\Desktop\Cremer Commander.lnk 2016-08-29 13:43 - 2014-07-08 23:02 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk 2016-08-29 13:43 - 2014-04-21 19:55 - 00001162 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2016-08-29 13:43 - 2014-04-20 10:58 - 00000960 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-08-29 13:43 - 2014-01-23 23:58 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013b.lnk 2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card.lnk 2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card (2).lnk 2016-08-29 13:43 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-29 13:43 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-29 13:43 - 2013-02-24 11:50 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2016-08-29 13:43 - 2013-02-24 11:50 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2016-08-29 13:43 - 2013-01-20 16:55 - 00001191 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2.lnk 2016-08-29 13:43 - 2013-01-18 14:11 - 00000291 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk 2016-08-29 13:43 - 2013-01-17 18:30 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk 2016-08-29 13:43 - 2013-01-17 18:30 - 00001251 _____ C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk 2016-08-29 13:43 - 2012-11-15 03:08 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk 2016-08-29 13:43 - 2012-08-31 23:03 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk 2016-08-29 13:43 - 2012-08-31 23:03 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk 2016-08-29 13:43 - 2012-08-31 23:03 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk 2016-08-29 13:43 - 2012-08-31 22:59 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2016-08-29 13:43 - 2012-08-31 22:59 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2016-08-29 13:43 - 2012-08-31 22:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-08-29 13:42 - 2016-04-18 16:27 - 00002003 _____ C:\Users\Martin\Desktop\Autodesk Revit 2016 jetzt installieren.lnk 2016-08-29 13:42 - 2015-12-05 18:05 - 00001314 _____ C:\Users\Martin\Desktop\Easy Audio Cutter.lnk 2016-08-29 13:42 - 2015-12-05 18:05 - 00001298 _____ C:\Users\Martin\Desktop\Free CD Ripper.lnk 2016-08-29 13:42 - 2015-12-05 18:05 - 00001296 _____ C:\Users\Martin\Desktop\Free Mp3 Wma Converter.lnk 2016-08-29 13:42 - 2014-06-11 14:35 - 00001798 _____ C:\Users\Martin\Desktop\Wecker für Windows.lnk 2016-08-29 13:42 - 2013-12-23 17:35 - 00001299 _____ C:\Users\Martin\Desktop\Dropbox.lnk 2016-08-29 13:42 - 2013-08-08 20:10 - 00002265 _____ C:\Users\Martin\Desktop\Carcasonne - Verknüpfung.lnk 2016-08-29 13:39 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-29 11:20 - 2015-05-13 10:16 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-08-29 11:19 - 2016-05-26 14:04 - 00000000 ____D C:\WINDOWS\system32\log 2016-08-29 11:18 - 2015-12-04 12:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-08-29 11:17 - 2015-12-04 12:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Lavasoft 2016-08-29 11:17 - 2015-12-04 12:36 - 00000000 ____D C:\ProgramData\Lavasoft 2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin 2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat 2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm 2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied 2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive 2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni 2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2 2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat 2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat 2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab 2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi 2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS 2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part 2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS 2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part 2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS 2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part 2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-30 13:23 - 2016-08-30 13:32 - 0000004 ____H () C:\ProgramData\cm-lock ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-08-24 09:30 ==================== Ende von FRST.txt ============================ |
30.08.2016, 13:21 | #14 |
/// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Servus, gut gemacht , aber du musst lernen, noch genauer zu lesen. Die "Chrome Einstellungen" hast du bei AdwCleaner wieder nicht gesetzt gehabt... Dann machen wir das halt anders... wir entfernen die letzten Reste und kontrollieren nochmal alles. Zuerst bitte Chrome zurücksetzen: Setze Google Chrome nach dieser Anleitung zurück. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: C:\WINDOWS\SysWOW64\_SSpm C:\Program Files (x86)\_SSpm C:\Program Files (x86)\zffvjegf C:\Program Files (x86)\c9ikp9in C:\Program Files (x86)\nc0gtqtf CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com" CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> nice DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da} CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54C3021D-55CA-44E8-899F-C102D92DD517}" /s DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54C3021D-55CA-44E8-899F-C102D92DD517} DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat File: C:\ProgramData\cm-lock CMD: type "C:\ProgramData\cm-lock" RemoveProxy: CMD: ipconfig /flushdns CMD: netsh winsock reset EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
30.08.2016, 14:17 | #15 |
| Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Mir kam das beim ersten Mal schon komisch vor, aber dieses mal bin ich mir ganz sicher, dass der Haken gesetzt war. Trotzdem bin ich gerade dabei deinen neuen Anweisungen zu Folgen. Vielen Dank! |
Themen zu Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden |
aktion, avast, bedrohung, dropper, entferne, entfernen, festgestellt, files, hoffe, konnte, löschen, maleware, manuell, ordner, schwere, suche, troja, trojaner, unterstützt, versucht, viren, weiterhelfen, win, win 32, win32, windows, überprüfung |