|
Log-Analyse und Auswertung: Win 7 - Malware - Dateien in .ENC verschluesseltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.09.2016, 19:46 | #1 |
| Win 7 - Malware - Dateien in .ENC verschluesselt Hallo, Seit heute werden Dateien auf meinem Rechner in xxx.ENC umbenannt. Habe vermutlich vor 2 Tagen (7.9) auf ein Spammail mit gefaktem Rechnungsanhang geklickt und mir wohl Malware eingefangen. Was tun ? Wie hochstarten um weitere Schäden zu vermeiden ? DANKE. Scan-Ergebnisse von FRST anbei: |
09.09.2016, 20:07 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt Um was genau gehts dir denn jetzt, willst du hauptsächlich
__________________a) nur die verschlüsselten Dateien recovern? (und dann das System neu aufsetzen) b) nur das System bereinigen weil die Dateien eh unwichtig waren? Hast du denn überhaupt mal an Backups gedacht? Und sei dir bewusst, dass du nur in seltenen Fällen mit einem decrypter an die Daten wieder rankommst. Siehe dazu https://id-ransomware.malwarehuntert...php?lang=de_DE
__________________ Geändert von cosinus (10.09.2016 um 13:49 Uhr) Grund: URL korrigiert |
10.09.2016, 07:58 | #3 |
| Win 7 - Malware - Dateien in .ENC verschluesselt An sich gibt's ein Backup der Dateien, bis auf drei Projekte, insgesamt < 10 files, die in der letzen Woche entstanden sind.
__________________Zuerst möchte ich versuchen, ob die noch unverschlüsselt existieren; wenn ja, retten und weiter mit b) .... daher die Frage -> wie hochstarten, ohne Risiko einer Fortführung der Verschlüsselung (ich poste von einem uninfizierten Rechner) wenn sie verschlüsselt sind, versuchen des Entschlüsselns, falls das geht ... wenn erfolglos, weiter mit b) |
10.09.2016, 13:49 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt Hab den Link korrigiert im letzten Posting
__________________ Logfiles bitte immer in CODE-Tags posten |
10.09.2016, 14:38 | #5 |
| Win 7 - Malware - Dateien in .ENC verschluesselt danke. ursache ist cryptolocker. die benötigten files sind auch schon vershlüsselt. ich lass jetzt bei dr. web prüfen ob die files decryptbar sind. |
10.09.2016, 15:58 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt Die Seite verrät dir doch selbst ob es schon einen decrypter gibt
__________________ --> Win 7 - Malware - Dateien in .ENC verschluesselt |
10.09.2016, 16:12 | #7 |
| Win 7 - Malware - Dateien in .ENC verschluesselt Nein, fand 3 mögliche malware verursacher (2 evtl decryptbar, 1 nicht). verweis auf ein anderes forum ... Crypt0L0cker Support Topic - Ransomware Help & Tech Support die verweisen auf ein service von DrWeb, das kostenlos ist, wenn man DrWeb VirusSW zur zeit der attacke lizensiert hatte - oder ansonsten kostenpflichtig. (DrWeb curit - zu dem das Forum hier verlinkt - ist das aber nicht). - für überprüfung der entschlüsselbarkeit wollen sie ein paar files - dabei hab ich dann auch 'ransom note' von cryptolocker gefunden feedback Dr. Web ist noch ausständig. |
12.09.2016, 08:35 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt Aha, also kannst du jetzt nur abwarten und hoffen, dass man dafür schon was gefunden hat. Machen wir jetzt mal die Analyse. Dazu bitte dei FRST-Logs direkt und in CODE-Tags posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.09.2016, 18:17 | #9 |
| Log Files folgen Hallo, die Entschlüsselung scheint geklappt zu haben. Anbei sind die Log-Files. Vielen Dank im Voraus Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016 durchgeführt von aquarana (09-09-2016 20:26:55) Gestartet von D:\ Windows 7 Professional Service Pack 1 (X64) (2011-10-19 13:38:46) Start-Modus: Normal ========================================================== ==================== Konten: ============================= admin (S-1-5-21-1676539162-533426384-2096430618-1003 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-1676539162-533426384-2096430618-500 - Administrator - Disabled) aquarana (S-1-5-21-1676539162-533426384-2096430618-1000 - Administrator - Enabled) => C:\Users\aquarana Gast (S-1-5-21-1676539162-533426384-2096430618-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1676539162-533426384-2096430618-1002 - Limited - Enabled) Max Muster (S-1-5-21-1676539162-533426384-2096430618-1004 - Limited - Enabled) => C:\Users\Max Muster ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated) Adobe Connect 9 Add-in (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,247,0 - Adobe Systems Incorporated) Adobe Connect Add-in (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Adobe Connect Add-in) (Version: - ) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) AirServer Universal (x64) (Version: 4.1.11 - App Dynamic) Hidden AirServer Universal (x64) 4.1.11 (HKLM-x32\...\{0ff0aa74-97d7-4a67-9da7-9cd5521fc2a8}) (Version: 4.1.11 - AppDynamic ehf) Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - ) Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.23.01 - ) Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies) AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - ) Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) Brother MFL-Pro Suite DCP-9010CN (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 1.0.2.0 - Brother Industries, Ltd.) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.) Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.) Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.) Canon SELPHY CP710 (HKLM\...\Canon SELPHY CP710) (Version: - ) CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - ) Cartoon Story Maker 1.1 (HKLM-x32\...\{0FBC5D89-5237-4FAA-A72F-CB854730EC7A}) (Version: 1.1.0 - DEECD) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix) CodeTwo QR Code Desktop Reader (HKLM-x32\...\{8E03824D-0FCC-4AAE-BBE3-3B544BE3876F}) (Version: 1.0.0 - CodeTwo) Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.) Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Dropbox (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.) Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software) Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse) Firestorm-Beta-Mesh (remove only) (HKLM-x32\...\Firestorm-Beta-Mesh) (Version: - ) Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: - ) FlippingBook Publisher Trial (HKLM-x32\...\FlippingBook Publisher Trial 2.4.16) (Version: 2.4.16 - FlippingBook) FlippingBook Publisher Trial (x32 Version: 2.4.16 - FlippingBook) Hidden FLV to AVI MPEG WMV 3GP MP4 iPod Converter 6.1.0308 (HKLM-x32\...\FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1) (Version: - Aone Software) FMW 1 (Version: 1.123.1 - AVG Technologies) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit PhantomPDF Standard (HKLM-x32\...\{86848256-DF08-4F3D-A32D-37151AA16510}) (Version: 7.3.4.311 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.6.321 - Foxit Software Inc.) Free Convert MPEG WMV to MP4 FLV AVI Converter 5.8 (HKLM-x32\...\Free Convert MPEG WMV to MP4 FLV AVI Converter_is1) (Version: - Xillvideo Software, Inc.) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 4.10 - Philipp Winterberg) FreeFileSync 8.0 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.0 - www.FreeFileSync.org) FTP Commander (HKLM-x32\...\FTP Commander) (Version: - ) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.50.5 - Siber Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline) Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) Hamster Free Audio Convertor (HKLM-x32\...\{F100D4D4-DFAA-4807-8D4F-0CD44E85F4EA}_is1) (Version: 1.0.0.18 - Hamster Soft) HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) HTML Studio (HKLM-x32\...\HTML Studio_is1) (Version: - Michael Elsdörfer) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.43.55 - Huawei Technologies Co.,Ltd) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{D5021BF1-39FF-4550-AB7D-6193A6B38671}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch) Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.340 - Kaspersky Lab) Kaspersky Security Scan (x32 Version: 12.0.1.340 - Kaspersky Lab) Hidden K-Lite Codec Pack 4.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.0.0 - ) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - ) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.06 - Lenovo) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo) LibreOffice 4.0.5.2 (HKLM-x32\...\{5B9C9486-4287-4621-8F9D-EC3EE622A82F}) (Version: 4.0.5.2 - The Document Foundation) LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{56232F31-556D-4ABB-A039-58193778A627}) (Version: 4.2.0.4 - The Document Foundation) MailStore Home 5.0.0.6684 (HKLM-x32\...\MailStore Home_universal1) (Version: 5.0.0.6684 - deepinvent Software GmbH) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Home and Student 2010 - Deutsch (HKLM-x32\...\{90140011-0061-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.01.152 - Huawei Technologies Co.,Ltd) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Opera Stable 39.0.2256.71 (HKLM-x32\...\Opera 39.0.2256.71) (Version: 39.0.2256.71 - Opera Software) PC Manager Pro v3.2 (HKLM-x32\...\PC Manager Pro_is1) (Version: 3.2 - PC Manager Pro) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) pdfforge Toolbar v5.8 (HKLM-x32\...\{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}) (Version: 5.8 - Spigot, Inc.) <==== ACHTUNG Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.) Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest) Pivot Stickfigure Animator version 2.2.7 (HKLM-x32\...\Pivot Stickfigure Animator_is1) (Version: 2.2.7 - ) Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.7 - Vaclav Slavik) Pointofix (HKLM-x32\...\Pointofix_is1) (Version: - Amerigomedia) Prezi Desktop (HKLM-x32\...\{7FAE73A4-F0BC-4B65-81CF-52C417383407}) (Version: 4.7.5 - Ihr Firmenname) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.10 - Lenovo) Reflector 2 (HKLM\...\{389E7BDE-9B6C-4855-AC57-3A5152725640}) (Version: 2.4.0.0 - Squirrels) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.6.0 - SAMSUNG Electronics Co., Ltd.) Screencast-O-Matic (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Screencast-O-Matic) (Version: - Screencast-O-Matic) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype Meetings App (HKLM-x32\...\{C8C92E39-5485-45ED-8BF8-D6ED13F12A75}) (Version: 16.2.0.51 - Microsoft Corporation) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer) Tesseract-OCR 3.01 - open source OCR engine (HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Tesseract-OCR) (Version: - ) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - ) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.23 - ) ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.83 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo) UnHackMe 7.71 release (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.) USB-Modem-Stick (HKLM-x32\...\USB-Modem-Stick_is1) (Version: - ) VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel) Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel) Windows-Treiberpaket - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo) Windows-Treiberpaket - MediaTek (wdf_usb) Modem (12/10/2012 1.0.1250.0) (HKLM\...\109193E5BE35D1873F3B0C1F539D4716499C8131) (Version: 12/10/2012 1.0.1250.0 - MediaTek) Windows-Treiberpaket - MediaTek (wdf_usb) Ports (12/10/2012 1.0.1250.0) (HKLM\...\4C0A5FC4365B283849D4F6C6D4DCCEB7675A25FC) (Version: 12/10/2012 1.0.1250.0 - MediaTek) Windows-Treiberpaket - MediaTek Inc. (mtkmbim) Net (12/14/2012 1.12.50.1) (HKLM\...\828C056ECF03C21200ED05F187788F5D109292A4) (Version: 12/14/2012 1.12.50.1 - MediaTek Inc.) Windows-Treiberpaket - MediaTek Inc. (mtkmbim) Net (12/14/2012 1.12.50.1) (HKLM\...\C578DA937710F3D814F55953CE11CD7CC8D4330E) (Version: 12/14/2012 1.12.50.1 - MediaTek Inc.) Windows-Treiberpaket - MediaTek Inc. (mtkmbim) Net (12/14/2012 1.12.50.1) (HKLM\...\E203C14866DFC39313EC771E058A7D006F255B48) (Version: 12/14/2012 1.12.50.1 - MediaTek Inc.) Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/05/2011 15.3.6.0) (HKLM\...\C63C03BF3BE2B6F6204BB54541690449FFF79F4F) (Version: 05/05/2011 15.3.6.0 - Synaptics) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FF62F03-9468-D082-55BF-87EE85889A47} => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5AD66034-9468-D082-62F0-A7AB85889A47} => Keine Datei CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\aquarana\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.51\GatewayVersion-x64.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1676539162-533426384-2096430618-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0C54946B-DFFA-44D8-A4EB-899D582D70A1} - System32\Tasks\G2MUploadTask-S-1-5-21-1676539162-533426384-2096430618-1000 => C:\Users\aquarana\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-04] (Citrix Online, a division of Citrix Systems, Inc.) Task: {0C963ECA-BDB6-4922-84C0-9B26B261DDC4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core => C:\Users\aquarana\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: {0D2D537A-4AA6-47D5-8220-59470756D868} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] () Task: {1B251670-3AEB-4935-AC22-3F1BB97AAEEC} - System32\Tasks\Google Updater and Installer => C:\Users\aquarana\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1CC425E1-F5A1-4D0F-9940-108EA8F7ECB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA => C:\Users\aquarana\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1D347441-4A55-41A8-919C-BB1923E74A19} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-31] (Adobe Systems Incorporated) Task: {29B6CAF3-9B70-4F0F-B33F-8A37EFBAB0B9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core => C:\Users\aquarana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-03] (Facebook Inc.) Task: {2E47E950-E332-41D8-AFD6-E56EA3B95080} - System32\Tasks\{A1335423-A9C0-403B-976F-2E592FC81CE0} => pcalua.exe -a C:\Users\aquarana\Downloads\irfanview_plugins_437_setup(1).exe -d C:\Users\aquarana\Downloads Task: {31595227-9F0C-455B-A64B-C3DA10A391B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core => C:\Users\aquarana\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {333876BD-11F6-407A-AC6E-24B08FE55938} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] () Task: {3A695D55-09D2-4422-B50A-3B304FFC2A3C} - System32\Tasks\UnHackMe Task Scheduler => C:\programme-ag\UnHackMe\hackmon.exe [2015-03-04] (Greatis Software) Task: {3FCCB962-B3CD-4BB5-8AAF-396C85052AB6} - System32\Tasks\Opera scheduled Autoupdate 1425031998 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-05] (Opera Software) Task: {442DBD7E-636B-49BE-B122-D2782D3509AD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20] (Oracle Corporation) Task: {443259A6-35BB-41CD-AF61-D436B9B407A3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {49535EFF-5B49-4184-B848-0DB49B486BBC} - System32\Tasks\PC Manager Pro Schedule => C:\Program Files (x86)\PC Manager Pro\PCManLauncher.exe [2014-02-13] (PC Manager Pro) Task: {4A43D518-1AA7-4CF5-8D6D-F47E0A62CEED} - System32\Tasks\G2MUpdateTask-S-1-5-21-1676539162-533426384-2096430618-1000 => C:\Users\aquarana\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-04] (Citrix Online, a division of Citrix Systems, Inc.) Task: {4E855384-2BE0-449F-8D30-7319BF77603A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {5342F614-A081-4B13-B157-3F0E5F981898} - System32\Tasks\{F7C849C4-A9B0-4E55-9B45-9291BC110C74} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM Task: {57DEB353-67F7-48C8-A8A4-BA5EACAD2A90} - System32\Tasks\Lenovo\SROptimizer => C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe [2011-03-02] (Lenovo Group Limited) Task: {603AB7DF-473B-4CBC-8012-2338ACD08B9B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA => C:\Users\aquarana\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: {69D4E27A-2BFD-4D5A-BFF5-D381ABAC6FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {6B62BC96-6531-4FA0-8DFA-2BACD168FEF6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {6F2B63C0-4941-4668-8E2E-2EA545BE9E31} - System32\Tasks\{F7F15EA9-4332-4411-8D75-92DE18211D15} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsProgressBar Task: {7BA0AC76-C419-4010-8D83-7F6075688F16} - System32\Tasks\{3DFDE223-5720-4B8A-829D-ADE45E05E183} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation) Task: {88CC9A2C-AC4B-4B5C-84DA-B20ABCB4981E} - System32\Tasks\{07425833-E2B6-408B-8361-C27C9C26746C} => pcalua.exe -a C:\Users\aquarana\Downloads\HOFER-Bestellsoftware-Setup.exe -d C:\Users\aquarana\Downloads Task: {8B285B7D-341F-4F84-B238-A17B88963DD6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA => C:\Users\aquarana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-03] (Facebook Inc.) Task: {8F4636D9-6EB1-4655-9765-CADE7D0AFA60} - System32\Tasks\{4AFE5CE8-6361-438F-92B8-D1F4F9FF9120} => pcalua.exe -a C:\Users\aquarana\Downloads\CartoonStoryMaker_v1_1.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {9CD222F8-815F-4701-BB13-54B36E103E41} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {A18D51C3-C919-4D2B-8D44-3E4916FF319D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {A19BFD88-FEA4-433C-8E3B-2F191A342C40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {AF4E262D-CD67-49F9-8EDC-6ED729925ADC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-31] (Adobe Systems Incorporated) Task: {BBF09C2B-9FF4-4A38-A335-1A869CEF0015} - System32\Tasks\{2936D89E-EB37-4BAE-A956-E9DB4C77D4DE} => pcalua.exe -a C:\Users\aquarana\downloadprogramme\audiocable\setup.exe -d C:\Users\aquarana\downloadprogramme\audiocable Task: {C9F6EAAD-4FC2-420E-A319-006D18F51E0C} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {D3BFBBC5-D5A8-42B6-99B8-8505BDCF046E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {FEBCD8D2-E49E-4046-AA27-0A686E17B19C} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core.job => C:\Users\aquarana\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA.job => C:\Users\aquarana\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core.job => C:\Users\aquarana\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA.job => C:\Users\aquarana\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1676539162-533426384-2096430618-1000.job => C:\Users\aquarana\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1676539162-533426384-2096430618-1000.job => C:\Users\aquarana\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core.job => C:\Users\aquarana\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA.job => C:\Users\aquarana\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) |
13.09.2016, 18:18 | #10 |
| logfile frstCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 durchgeführt von aquarana (Administrator) auf MICKEY-MOUSE (09-09-2016 20:22:48) Gestartet von D:\ Geladene Profile: aquarana (Verfügbare Profile: aquarana & admin & Max Muster) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Greatis Software) C:\programme-ag\UnHackMe\hackmon.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Safer Networking Limited) C:\programme-ag\Spybot - Search & Destroy\TeaTimer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Apple Inc.) C:\programme-ag\iTunesHelper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\programme-ag\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Run: [SpybotSD TeaTimer] => C:\programme-ag\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited) HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Run: [Dropbox Update] => "C:\Users\aquarana\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {0ef7830d-f9ba-11e5-8d57-9439e58f5163} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {281f85a2-b6e2-11e4-99b4-f0def1918371} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {281f85aa-b6e2-11e4-99b4-f0def1918371} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {281f8887-b6e2-11e4-99b4-f0def1918371} - D:\win\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {453f2b01-66a8-11e1-9ea2-9439e58f5163} - D:\Autorun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {9306f86a-bc15-11e4-be5c-f0def1918371} - D:\win\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {96ed6b6a-c814-11e4-9a1c-f0def1918371} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {cc89d9ac-f3cc-11e2-ac4e-9439e58f5163} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {cc89d9af-f3cc-11e2-ac4e-9439e58f5163} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {de837b80-c00b-11e5-88fe-f0def1918371} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {f0ff945f-e8a7-11e2-b448-9439e58f5163} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\MountPoints2: {f0ff9463-e8a7-11e2-b448-9439e58f5163} - D:\AutoRun.exe HKU\S-1-5-21-1676539162-533426384-2096430618-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {002E4698-0465-498E-83AF-97E85A072C3A} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Keine Datei ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {002E4698-0465-498E-83AF-97E85A072C3A} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aquarana\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) Startup: C:\Users\aquarana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-03] ShortcutTarget: Dropbox.lnk -> C:\Users\aquarana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\aquarana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-11] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BootExecute: autocheck autochk * Partizan ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyServer: [S-1-5-21-1676539162-533426384-2096430618-1000] => 10.0.1.1:8080 Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344 2014-05-15] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{22BFDEA1-D962-4D89-AB0F-A4D8A37AFB3C}: [DhcpNameServer] 10.0.1.2 Tcpip\..\Interfaces\{9A8FEFEF-05C9-4A38-A1DD-1953C19A5C0B}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{ECED5743-1753-489A-B587-11CE65483C94}: [DhcpNameServer] 10.0.0.138 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1676539162-533426384-2096430618-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-1676539162-533426384-2096430618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.at/?gws_rd=ssl HKU\S-1-5-21-1676539162-533426384-2096430618-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-1676539162-533426384-2096430618-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {37F4DF39-AF01-4A94-995C-E73B0EC7B30A} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {3D0CB422-DE64-45E2-96BF-50992C26D5AC} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1818049f-983c-43e4-a8a2-7f9e54588040&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {3D772B34-C8BB-4549-9B33-60814BC9C573} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deAT454 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {729A1869-D709-4FD6-9A9E-D3F9D36B9044} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1818049f-983c-43e4-a8a2-7f9e54588040&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {7E2D56B9-7D7E-4636-9A05-0E38A16356E0} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1818049f-983c-43e4-a8a2-7f9e54588040&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {8B3A79DA-D119-4A86-B80E-4DD09289330D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1818049f-983c-43e4-a8a2-7f9e54588040&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {A15BA4CB-CC0A-4D93-B650-253F39152ABC} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1818049f-983c-43e4-a8a2-7f9e54588040&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {C8568A7B-BF0A-494D-BEB9-9CD45B6FBAE6} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1818049f-983c-43e4-a8a2-7f9e54588040&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {C9A7F201-B58A-483B-9C45-4DAB553B36BF} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} SearchScopes: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> {E37A7756-FFAA-4ED2-BCDF-3F0B75C20103} URL = hxxp://www.youtube.com/results?search_query={searchTerms} BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\programme-ag\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-30] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation) BHO-x32: Kein Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> Keine Datei BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-30] (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.) Toolbar: HKU\S-1-5-21-1676539162-533426384-2096430618-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Handler: WSWSVCUchrome - Kein CLSID Wert FireFox: ======== FF ProfilePath: C:\Users\aquarana\AppData\Roaming\Mozilla\Firefox\Profiles\s3ksuc5o.default-1457247739583 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-31] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-31] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\programme-ag\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\programme-ag\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\programme-ag\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\programme-ag\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\programme-ag\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\programme-ag\Picasa3\npPicasa3.dll [2012-12-12] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Users\aquarana\downloadprogramme\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: @citrixonline.com/appdetectorplugin -> C:\Users\aquarana\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-10] (Citrix Online) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\aquarana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\aquarana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: @talk.google.com/O1DPlugin -> C:\Users\aquarana\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: @tools.google.com/Google Update;version=3 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: @tools.google.com/Google Update;version=9 -> C:\Users\aquarana\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\aquarana\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.51\npGatewayNpapi.dll [2016-05-11] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1676539162-533426384-2096430618-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\aquarana\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.51\npGatewayNpapi-x64.dll [2016-05-11] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-07-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-07-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-07-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-07-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-07-15] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\aquarana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\aquarana\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Extension: (Kein Name) - C:\Users\aquarana\AppData\Roaming\Mozilla\Firefox\Profiles\s3ksuc5o.default-1457247739583\Extensions\colorPicker@colorPicker.xpi.enc [2016-09-09] [ist nicht signiert] FF Extension: (Kein Name) - C:\Users\aquarana\AppData\Roaming\Mozilla\Firefox\Profiles\s3ksuc5o.default-1457247739583\Extensions\firefox-hotfix@mozilla.org.xpi.enc [2016-09-09] [ist nicht signiert] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2015-03-24] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF HKU\S-1-5-21-1676539162-533426384-2096430618-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert] Chrome: ======= CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPEB561E41-FCA1-4643-A4B9-63708686A887&SSPV= CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Session Restore: Default -> ist aktiviert. CHR Profile: C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Commons Tab) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbiobjnggllnimnbhddficgaigcfmcp [2015-08-24] CHR Extension: (Duolingo im Web) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-11-15] CHR Extension: (Google Drive) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (Hootsuite Hootlet) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-08-29] CHR Extension: (YouTube) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15] CHR Extension: (Adblock Plus) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-29] CHR Extension: (Google-Suche) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15] CHR Extension: (Custom Hangout Emoticons) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\egaicdjagfbejjeihijpnelohejdhhjd [2016-03-05] CHR Extension: (CHIP Adventskalender 2015) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\eieokkbmdedgencncfbagbcapghlakcg [2015-11-25] CHR Extension: (Video Downloader professional) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-22] CHR Extension: (Readium) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-08-17] CHR Extension: (Avira Browserschutz) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-09] CHR Extension: (Page Analytics (by Google)) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-08] CHR Extension: (Google Docs Offline) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Magisto - Magical Video Editor) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2016-01-25] CHR Extension: („Pin it“-Button) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-22] CHR Extension: (ORF-TVthek - Downloader) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2015-11-15] CHR Extension: (Skype) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-31] CHR Extension: (Delicious Bookmarks) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnapbapmncaacbfijemonkinanfaebhm [2015-11-15] CHR Extension: (Google*Hangouts) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-09-01] CHR Extension: (UberConference) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhfpdlccblfofockeabmalggfhelcgj [2016-08-18] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (HTML5 Reference) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogpkagjdblecmkbacokmckbfollmmomb [2015-11-15] CHR Extension: (Staff Squared - online HR software) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkbpdknelhckjohmilhicfaacnokhgb [2016-02-26] CHR Extension: (WeVideo - Videos bearbeiten & erstellen) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-11-15] CHR Extension: (Picasa) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-11-15] CHR Extension: (Evernote Web Clipper) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-08-29] CHR Extension: (Google Mail) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15] CHR Extension: (Chrome Media Router) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31] CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2015-11-15] CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2016-08-04] CHR Extension: (BodBot Personal Trainer) - C:\Users\aquarana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2016-01-04] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1676539162-533426384-2096430618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\aquarana\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16] CHR HKU\S-1-5-21-1676539162-533426384-2096430618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - <kein Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.CPETAPIYACI5ENVKSV3DOORCFM - C:\Users\aquarana\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [804600 2015-03-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [991536 2015-03-05] (Avira Operations GmbH & Co. KG) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-09-07] (AVG Technologies CZ, s.r.o.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) S4 DirMngr; C:\programme-ag\Neuer Ordner\GnuPG\dirmngr.exe [218112 2013-10-07] () [Datei ist nicht signiert] S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9400032 2016-07-01] () R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2016-02-16] () S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2015-03-16] () S4 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S4 MBAMScheduler; C:\programme-ag\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) S4 MBAMService; C:\programme-ag\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S4 SBSDWSCService; C:\programme-ag\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [443240 2011-03-02] (Lenovo Group Limited) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [Datei ist nicht signiert] S4 uCamMonitor; C:\programme-ag\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2015-03-16] (Bytemobile, Inc.) [Datei ist nicht signiert] R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-03-16] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-02-16] (Huawei Technologies Co., Ltd.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-03-24] (Greatis Software) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-05] () R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2015-03-16] (Bytemobile, Inc.) [Datei ist nicht signiert] S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-09-09 20:22 - 2016-09-09 20:22 - 00000000 ____D C:\FRST 2016-09-09 18:00 - 2016-09-09 18:00 - 06766720 _____ (ESET spol. s r.o.) C:\Users\aquarana\Downloads\ESETOnlineScanner_DEU.exe 2016-09-09 18:00 - 2016-09-09 18:00 - 00000000 ____D C:\Users\aquarana\AppData\Local\ESET 2016-09-09 17:38 - 2016-09-09 17:38 - 00003264 _____ C:\Windows\System32\Tasks\PC Manager Pro Schedule 2016-09-09 17:38 - 2016-09-09 17:38 - 00001040 _____ C:\Users\aquarana\Desktop\PC Manager Pro.lnk 2016-09-09 17:38 - 2016-09-09 17:38 - 00000000 ____D C:\Users\aquarana\Documents\PC Manager Pro 2016-09-09 17:38 - 2016-09-09 17:38 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\PC Manager Pro 2016-09-09 17:38 - 2016-09-09 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Manager Pro 2016-09-09 17:38 - 2016-09-09 17:38 - 00000000 ____D C:\Program Files (x86)\PC Manager Pro 2016-09-09 17:36 - 2016-09-09 17:37 - 03875904 _____ (PC Manager Pro ) C:\Users\aquarana\Downloads\PCManagerPro.exe 2016-09-09 13:47 - 2016-09-09 13:47 - 00002349 _____ C:\Users\aquarana\Desktop\termin-bertelsmann-wo37.ics 2016-09-09 10:22 - 2016-09-09 10:22 - 00003791 _____ C:\Users\aquarana\AppData\Roaming\wie_zum_Wiederherstellen_von_Dateien.html 2016-09-09 10:22 - 2016-09-09 10:22 - 00001248 _____ C:\Users\aquarana\AppData\Roaming\wie_zum_Wiederherstellen_von_Dateien.txt 2016-09-09 10:07 - 2016-09-09 10:07 - 00560048 _____ C:\Users\aquarana\Desktop\74-ueberschriften-fuer-blogs.pdf 2016-09-09 08:56 - 2016-09-09 10:28 - 00003791 _____ C:\Users\aquarana\AppData\Roaming\.html 2016-09-09 08:56 - 2016-09-09 10:28 - 00001248 _____ C:\Users\aquarana\AppData\Roaming\.txt 2016-09-08 18:32 - 2016-09-08 18:32 - 00003791 _____ C:\Users\admin\AppData\Local\wie_zum_Wiederherstellen_von_Dateien.html 2016-09-08 18:32 - 2016-09-08 18:32 - 00001248 _____ C:\Users\admin\AppData\Local\wie_zum_Wiederherstellen_von_Dateien.txt 2016-09-08 18:07 - 2016-09-08 18:07 - 00003791 _____ C:\Users\aquarana\Desktop\wie_zum_Wiederherstellen_von_Dateien.html 2016-09-08 18:07 - 2016-09-08 18:07 - 00001248 _____ C:\Users\aquarana\Desktop\wie_zum_Wiederherstellen_von_Dateien.txt 2016-09-08 17:55 - 2016-09-08 17:56 - 00000000 ____D C:\ProgramData\oronyfoviwyfopyg 2016-09-08 17:55 - 2016-09-08 17:55 - 00427776 _____ C:\ProgramData\ahidyher.exe 2016-09-06 04:48 - 2016-09-06 04:48 - 00121344 _____ (WinSoft SA) C:\Users\aquarana\AppData\Roaming\NsResize.dll 2016-09-05 15:41 - 2016-09-05 15:55 - 268578348 _____ C:\Users\aquarana\Downloads\BarnImages_BestOf2015.zip 2016-09-05 15:25 - 2016-09-05 15:25 - 24842690 _____ C:\Users\aquarana\Desktop\manu-bac4.bmp 2016-09-05 11:45 - 2016-09-05 11:46 - 10449551 _____ C:\Users\aquarana\Downloads\6959258-0-TEMPLATE-Sales-Broch.pptx 2016-09-03 09:38 - 2016-09-03 09:38 - 07314020 _____ C:\Users\aquarana\Downloads\CCI_VirtualConferencePlatform_share(1).pdf 2016-09-03 02:48 - 2016-09-03 02:49 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-09-02 18:54 - 2016-09-02 18:54 - 00000000 ____D C:\Users\Max Muster\AppData\Local\Apple 2016-09-02 15:46 - 2016-09-02 15:46 - 00262144 _____ C:\Windows\Minidump\090216-52400-01.dmp 2016-09-02 15:45 - 2016-09-02 15:45 - 689710749 _____ C:\Windows\MEMORY.DMP 2016-09-02 11:26 - 2016-09-02 11:27 - 01585797 _____ C:\Users\aquarana\Downloads\Erfolgreiche_Methoden_im_Deutschkurs_fuer_Asylbewerber_und_Fluechtlingskinder_1_2016(1).pdf 2016-09-02 11:26 - 2016-09-02 11:26 - 01585797 _____ C:\Users\aquarana\Downloads\Erfolgreiche_Methoden_im_Deutschkurs_fuer_Asylbewerber_und_Fluechtlingskinder_1_2016.pdf 2016-09-01 13:44 - 2016-09-09 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-01 12:13 - 2016-09-01 12:13 - 00025270 _____ C:\Users\aquarana\Downloads\Kontoauszug_easybank_AT831420020010958475_2016_008.pdf 2016-09-01 12:13 - 2016-09-01 12:13 - 00025270 _____ C:\Users\aquarana\Downloads\Kontoauszug_easybank_AT831420020010958475_2016_008 (1).pdf 2016-09-01 12:12 - 2016-09-01 12:13 - 00032033 _____ C:\Users\aquarana\Downloads\Kontoauszug_easybank_AT831420020010958475_2016_007.pdf 2016-08-31 15:10 - 2016-08-31 15:11 - 00000366 _____ C:\Users\aquarana\Downloads\TELEFIT-Show.ics 2016-08-30 07:39 - 2016-09-08 17:59 - 00310056 _____ C:\Users\aquarana\Desktop\Cell-Phone-Rules-for-German-Classes.pdf.enc 2016-08-29 18:38 - 2016-08-29 18:38 - 00047170 _____ C:\Users\aquarana\Downloads\Feedback_Urheberrecht_Gr1.pdf 2016-08-29 11:00 - 2016-08-29 11:00 - 04088471 _____ C:\Users\aquarana\Downloads\gamify_in_3_easy_steps.zip 2016-08-24 17:48 - 2016-09-01 10:39 - 00317360 _____ C:\Users\aquarana\Downloads\DaFWEBKON2015-Programm.pdf 2016-08-21 18:47 - 2016-09-08 18:00 - 00027590 _____ C:\Users\aquarana\Desktop\schreibtisch.jpg.enc 2016-08-17 18:29 - 2016-09-08 17:59 - 02207866 _____ C:\Users\aquarana\Desktop\lernvideo-canvas.pdf.enc 2016-08-17 08:33 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 08:33 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-16 22:09 - 2016-08-16 22:09 - 00000000 ____D C:\Users\aquarana\Documents\IrfanView Sandbox 2016-08-16 14:43 - 2016-09-08 17:59 - 00363192 _____ C:\Users\aquarana\Desktop\HowOERenhanceMOOCs_online.pdf.enc 2016-08-12 13:25 - 2016-08-12 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-08-12 12:32 - 2016-08-12 12:33 - 00262144 _____ C:\Windows\Minidump\081216-36020-01.dmp 2016-08-12 11:21 - 2016-08-12 11:21 - 00262144 _____ C:\Windows\Minidump\081216-24008-01.dmp 2016-08-12 11:04 - 2016-08-12 11:04 - 00262144 _____ C:\Windows\Minidump\081216-30997-01.dmp 2016-08-12 04:18 - 2016-08-12 04:18 - 00000000 _____ C:\Windows\SysWOW64\sho5146.tmp 2016-08-11 08:59 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-11 08:59 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-11 08:59 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-11 08:59 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-11 08:59 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-11 08:59 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-11 08:59 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-11 08:59 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-11 08:59 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-11 08:59 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-11 08:59 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-11 08:59 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-11 08:59 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-11 08:59 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-11 08:58 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-11 08:58 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-11 08:58 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-11 08:58 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-11 08:58 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-11 08:58 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-11 08:58 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-11 08:58 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-11 08:58 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-11 08:58 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-11 08:58 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-11 08:58 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-11 08:58 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-11 08:58 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-11 08:58 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-11 08:58 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-11 08:58 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-11 08:58 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-11 08:58 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-11 08:58 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-11 08:58 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-11 08:58 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-11 08:58 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-11 08:58 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-11 08:58 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-11 08:58 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-11 08:58 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-11 08:58 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-11 08:58 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-11 08:58 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-11 08:58 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-11 08:58 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-11 08:58 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-11 08:58 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-11 08:58 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-11 08:58 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-11 08:58 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-11 08:58 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-11 08:58 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-11 08:58 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-11 08:58 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-11 08:58 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-11 08:58 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-11 08:58 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-11 08:58 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-11 08:58 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-11 08:58 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-11 08:58 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-11 08:58 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-11 08:58 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-11 08:58 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-11 08:58 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-11 08:58 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-11 08:58 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-11 08:58 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-11 08:58 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-11 08:58 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-11 08:58 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-11 08:58 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-11 08:58 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-11 08:58 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-11 08:58 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-11 08:58 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-11 08:58 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-11 08:58 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-11 08:58 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-11 08:56 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-09-09 20:24 - 2011-10-06 03:33 - 00702028 _____ C:\Windows\system32\perfh007.dat 2016-09-09 20:24 - 2011-10-06 03:33 - 00150638 _____ C:\Windows\system32\perfc007.dat 2016-09-09 20:24 - 2009-07-14 07:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-09 20:22 - 2016-04-28 10:47 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E10CBDA6-E219-48FF-BF47-49209F017833} 2016-09-09 20:18 - 2012-04-04 16:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-09 20:18 - 2011-10-05 18:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-09 20:16 - 2015-06-22 08:01 - 00001236 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA.job 2016-09-09 20:16 - 2015-03-26 08:46 - 00000248 _____ C:\Windows\SysWOW64\PARTIZAN.TXT 2016-09-09 20:16 - 2015-02-17 22:32 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-09-09 20:16 - 2011-10-19 15:39 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2016-09-09 20:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-09 18:25 - 2011-10-19 21:33 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Skype 2016-09-09 18:07 - 2015-06-22 08:05 - 00000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1676539162-533426384-2096430618-1000.job 2016-09-09 17:54 - 2015-06-10 10:32 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1676539162-533426384-2096430618-1000.job 2016-09-09 17:53 - 2011-10-05 18:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-09 17:29 - 2011-10-19 21:49 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Windows Live Writer 2016-09-09 17:08 - 2014-06-03 08:03 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000UA.job 2016-09-09 16:00 - 2011-10-19 15:39 - 00003506 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2016-09-09 12:11 - 2015-11-14 11:34 - 00000000 ____D C:\Users\aquarana\.oracle_jre_usage 2016-09-09 12:10 - 2009-07-14 06:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-09 12:10 - 2009-07-14 06:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-09 11:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-09-09 11:44 - 2016-02-25 19:47 - 00003884 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425031998 2016-09-09 11:44 - 2013-02-26 15:33 - 00000000 ____D C:\Program Files (x86)\Opera 2016-09-09 11:36 - 2012-10-05 12:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-09 11:30 - 2011-10-24 08:25 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\SoftGrid Client 2016-09-09 11:29 - 2011-12-20 11:01 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core.job 2016-09-09 11:10 - 2013-07-25 16:20 - 00000000 ____D C:\Users\aquarana\AppData\Local\CrashDumps 2016-09-09 10:42 - 2011-10-21 21:34 - 00000000 ____D C:\Users\aquarana\Documents\webmaster 2016-09-09 10:41 - 2011-10-21 19:16 - 00000000 ____D C:\Users\aquarana\Documents\PRIVAT 2016-09-09 10:34 - 2014-02-06 12:31 - 00000000 ____D C:\Users\aquarana\Documents\neue fonts 2016-09-09 10:33 - 2016-05-17 16:42 - 00018430 _____ C:\Users\aquarana\Documents\jt16-si-bo-v1.doc_0_1.odt.enc 2016-09-09 10:33 - 2016-05-17 16:39 - 00022551 _____ C:\Users\aquarana\Documents\jt16-si-bo-v1.doc_0.odt.enc 2016-09-09 10:33 - 2012-10-12 17:45 - 00000000 ___SD C:\Users\aquarana\Documents\Meine Datenquellen 2016-09-09 10:33 - 2011-10-22 12:20 - 00000000 ____D C:\Users\aquarana\Documents\menu 2016-09-09 10:33 - 2011-10-19 21:31 - 00000000 ____D C:\Users\aquarana\Documents\MailStore Home 2016-09-09 10:33 - 2011-10-19 19:39 - 00000000 ____D C:\Users\aquarana\Documents\iMacros 2016-09-09 10:32 - 2016-04-26 10:24 - 00000926 _____ C:\Users\aquarana\Documents\ChatLog Ad_hoc_Meeting 2016_04_26 10_24.rtf.enc 2016-09-09 10:32 - 2016-04-11 10:27 - 00002288 _____ C:\Users\aquarana\Documents\ChatLog Ad_hoc_Meeting 2016_04_11 10_27.rtf.enc 2016-09-09 10:32 - 2014-01-09 10:06 - 00000000 ____D C:\Users\aquarana\Documents\Camtasia Studio 2016-09-09 10:31 - 2011-10-21 17:34 - 00000000 ____D C:\Users\aquarana\Documents\aktuelle Projekte 2016-09-09 10:24 - 2013-11-22 14:20 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\gnupg 2016-09-09 10:24 - 2012-01-20 12:58 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Audacity 2016-09-09 10:24 - 2011-11-13 10:54 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\L3Talk 2016-09-09 10:21 - 2013-03-04 22:30 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\vlc 2016-09-09 10:21 - 2011-10-19 19:54 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Thunderbird 2016-09-09 10:07 - 2013-04-29 11:42 - 10918912 ___SH C:\Users\aquarana\Desktop\Thumbs.db 2016-09-09 10:01 - 2012-12-13 16:51 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Spotify 2016-09-09 09:55 - 2013-06-20 11:31 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Pamela 2016-09-09 09:55 - 2011-10-19 15:56 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\PwrMgr 2016-09-09 09:52 - 2012-10-12 11:17 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Media Player Classic 2016-09-09 09:51 - 2016-03-16 16:23 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\GoodSync 2016-09-09 09:51 - 2016-01-05 14:24 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\FreeFileSync 2016-09-09 09:51 - 2013-01-14 08:56 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Elluminate 2016-09-09 09:51 - 2011-10-19 21:01 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\FileZilla 2016-09-09 09:51 - 2010-04-01 15:26 - 00000585 _____ C:\Users\aquarana\AppData\Roaming\fullscreen_toolbar.xml.enc 2016-09-09 09:28 - 2005-05-05 01:00 - 00303538 _____ C:\Users\aquarana\AppData\Roaming\Bunch.AFx.enc 2016-09-09 08:28 - 2015-06-22 08:01 - 00001184 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core.job 2016-09-09 08:28 - 2014-06-03 08:03 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676539162-533426384-2096430618-1000Core.job 2016-09-08 18:35 - 2016-04-29 09:46 - 00000000 ____D C:\Users\aquarana\Desktop\Xing-Profil Optimieren Tipps Fürs Perfekte Portfolio _ Karrierebibel.de-Dateien 2016-09-08 18:35 - 2011-10-19 15:38 - 00000000 ____D C:\Users\aquarana\AppData\LocalLow\VeriSign 2016-09-08 18:32 - 2014-07-27 15:17 - 00000000 ____D C:\Users\aquarana\.gimp-2.8 2016-09-08 18:32 - 2014-07-20 12:40 - 00000000 ____D C:\TEMP 2016-09-08 18:32 - 2014-05-07 12:07 - 00000000 ____D C:\Users\aquarana\.android 2016-09-08 18:32 - 2011-10-22 17:54 - 01929088 ____H C:\Users\admin\AppData\Local\IconCache.db.enc 2016-09-08 18:32 - 2011-10-22 16:49 - 00092365 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT.enc 2016-09-08 18:32 - 2011-10-22 16:48 - 00000000 ____D C:\Users\admin\AppData\LocalLow\VeriSign 2016-09-08 18:31 - 2011-02-15 11:42 - 00000000 ____D C:\SWTOOLS 2016-09-08 18:30 - 2011-10-19 19:26 - 00000000 ____D C:\programme-ag 2016-09-08 18:07 - 2016-04-29 09:46 - 00732829 _____ C:\Users\aquarana\Desktop\Xing-Profil Optimieren Tipps Fürs Perfekte Portfolio _ Karrierebibel.de.htm.enc 2016-09-08 18:07 - 2015-11-27 21:58 - 00035118 _____ C:\Users\aquarana\Desktop\ZWISCHENSTAND-upload-dafwebkon.odt.enc 2016-09-08 18:07 - 2015-10-08 16:19 - 00000687 ____H C:\Users\aquarana\Desktop\~$hg-novelle-1-10-15.odt.enc 2016-09-08 18:07 - 2015-07-27 10:08 - 00085841 _____ C:\Users\aquarana\Desktop\––––– - id-firmenkunden-data.pdf.enc 2016-09-08 18:07 - 2015-02-19 19:08 - 00000687 ____H C:\Users\aquarana\Desktop\~$rdedigital-lehrerinnenneu.odt.enc 2016-09-08 18:07 - 2014-09-03 10:14 - 00000687 ____H C:\Users\aquarana\Desktop\~$ee-tanzreisen-choretaki.odt.enc 2016-09-08 18:07 - 2014-09-01 09:56 - 00000687 ____H C:\Users\aquarana\Desktop\~$l-stimmseminar.docx.enc 2016-09-08 18:07 - 2014-09-01 09:55 - 00000687 ____H C:\Users\aquarana\Desktop\~$ogkampagne-neueslernen.doc.enc 2016-09-08 18:07 - 2014-05-07 09:06 - 00000687 ____H C:\Users\aquarana\Desktop\~$tness Gesund bleiben durch Fitness-ergaenzt-salutogenese.odt.enc 2016-09-08 18:07 - 2014-04-08 07:55 - 00000687 ____H C:\Users\aquarana\Desktop\~$edback electures.odt.enc 2016-09-08 18:05 - 2016-01-07 09:25 - 00003326 _____ C:\Users\aquarana\Desktop\verben-dativ-od-akkusativ.pdf.enc 2016-09-08 18:05 - 2015-08-28 15:36 - 04567957 _____ C:\Users\aquarana\Desktop\Whitepaper-20-Helfer-für-perfekte-Bilder-MarketingPow(1).pdf.enc 2016-09-08 18:05 - 2015-08-10 20:04 - 00000000 ____D C:\Users\aquarana\Desktop\wp-lms-crm-plugin-michael 2016-09-08 18:04 - 2016-01-04 22:39 - 00000000 ____D C:\Users\aquarana\Desktop\urheberrecht 2016-09-08 18:03 - 2015-09-23 07:45 - 00378708 _____ C:\Users\aquarana\Desktop\tag-der-lehre-st-pölten.pdf.enc 2016-09-08 18:03 - 2015-09-21 08:45 - 04968140 _____ C:\Users\aquarana\Desktop\sprachsensibler-unterricht-sachu-oesz_praxisreihe24_web.pdf.enc 2016-09-08 18:03 - 2015-09-09 11:40 - 05808614 _____ C:\Users\aquarana\Desktop\Tablets-im-Einsatz-Broschuere-2015.pdf.enc 2016-09-08 18:03 - 2014-02-20 10:25 - 00000000 ____D C:\Users\aquarana\Desktop\schummelzettel 2016-09-08 18:00 - 2016-05-28 17:11 - 00000000 ____D C:\Users\aquarana\Desktop\schottland 2016-09-08 18:00 - 2016-05-17 10:40 - 00349757 _____ C:\Users\aquarana\Desktop\manuel-unirun16.htm.enc 2016-09-08 18:00 - 2016-04-19 14:27 - 16692176 _____ C:\Users\aquarana\Desktop\manu-bp_so16.zip.enc 2016-09-08 18:00 - 2016-03-16 11:07 - 79742671 _____ C:\Users\aquarana\Desktop\making_handbuch_online_final.pdf.enc 2016-09-08 18:00 - 2016-01-04 22:11 - 00000000 ____D C:\Users\aquarana\Desktop\rezept 2016-09-08 18:00 - 2015-11-26 14:30 - 00000000 ____D C:\Users\aquarana\Desktop\schaden 2016-09-08 18:00 - 2015-11-07 18:41 - 00027440 _____ C:\Users\aquarana\Desktop\Mildenberg-DaZ-Broschuere.pdf.enc 2016-09-08 18:00 - 2015-10-26 14:23 - 00237668 _____ C:\Users\aquarana\Desktop\mediatraining-blog-teil1.pdf.enc 2016-09-08 18:00 - 2015-10-26 14:23 - 00000000 ____D C:\Users\aquarana\Desktop\mediatraining 2016-09-08 18:00 - 2015-10-23 16:19 - 02808780 _____ C:\Users\aquarana\Desktop\Neu_in_Oesterreich_-_einen_Meldezettel_ausfuellen.pdf.enc 2016-09-08 18:00 - 2015-09-07 09:58 - 00029709 _____ C:\Users\aquarana\Desktop\Partnerkontakte.xls.enc 2016-09-08 18:00 - 2015-09-02 19:39 - 04980750 _____ C:\Users\aquarana\Desktop\OER-AK-Info_Schulbuch_digital_final.pdf.enc 2016-09-08 18:00 - 2015-07-29 14:58 - 00233311 _____ C:\Users\aquarana\Desktop\MOOC Badging and the Learning Arc - oldsmooc.pdf.enc 2016-09-08 18:00 - 2014-06-23 13:46 - 00082926 _____ C:\Users\aquarana\Desktop\Methodischer Input Nick Antonov Photostory - NMS Tagebuch 2009-11-16.pdf.enc 2016-09-08 18:00 - 2014-02-11 09:48 - 00011705 _____ C:\Users\aquarana\Desktop\live-online-Kosten-20140211.xlsx.enc 2016-09-08 18:00 - 2013-01-28 10:29 - 00000000 ____D C:\Users\aquarana\Desktop\lesen 2016-09-08 17:59 - 2016-06-14 15:31 - 00000000 ____D C:\Users\aquarana\Desktop\DaZ-Onlineseminar 2016-09-08 17:59 - 2016-06-12 21:38 - 00132759 _____ C:\Users\aquarana\Desktop\barcelona-v2.pdf.enc 2016-09-08 17:59 - 2016-06-12 21:10 - 00092502 _____ C:\Users\aquarana\Desktop\barcelona.pdf.enc 2016-09-08 17:59 - 2016-05-12 08:21 - 00232973 _____ C:\Users\aquarana\Desktop\Lebenslauf.doc.enc 2016-09-08 17:59 - 2016-05-12 08:20 - 00235533 _____ C:\Users\aquarana\Desktop\Lebenslauf_Englisch.doc.enc 2016-09-08 17:59 - 2016-04-15 11:19 - 03632184 _____ C:\Users\aquarana\Desktop\key_moocs_small.pdf.enc 2016-09-08 17:59 - 2016-04-10 10:20 - 00177069 _____ C:\Users\aquarana\Desktop\CYB_cyberbullying_im_internationalen_und_lokalen_kontext_lva_endbericht_ger.pdf.enc 2016-09-08 17:59 - 2016-02-23 21:02 - 02553472 _____ C:\Users\aquarana\Desktop\dafcommunity23216-Interaktive-Whiteboards.pdf.enc 2016-09-08 17:59 - 2015-11-18 14:47 - 00052270 _____ C:\Users\aquarana\Desktop\fernstudium-online-kurse-erfolg-moocs-spocs.pdf.enc 2016-09-08 17:59 - 2015-11-07 18:47 - 00363223 _____ C:\Users\aquarana\Desktop\Instagram-Safety-4x4-Checklist_web.pdf.enc 2016-09-08 17:59 - 2015-10-27 19:44 - 07715200 _____ C:\Users\aquarana\Desktop\camera-multimedia-cc0-pexels-photo-12696.jpeg.enc 2016-09-08 17:59 - 2015-09-28 18:23 - 00238151 _____ C:\Users\aquarana\Desktop\HandoutBestofMobileApps.pdf.enc 2016-09-08 17:59 - 2015-09-28 08:33 - 02753338 _____ C:\Users\aquarana\Desktop\Deutschkurs-Level-3.pdf.enc 2016-09-08 17:59 - 2015-09-28 08:13 - 02079464 _____ C:\Users\aquarana\Desktop\bilderwoerterbuch-arabisch-deutsch.pdf.enc 2016-09-08 17:59 - 2015-09-09 08:28 - 00688266 _____ C:\Users\aquarana\Desktop\gutjahr-hardware-empfehlungen.pdf.enc 2016-09-08 17:59 - 2015-08-30 22:03 - 00032097 _____ C:\Users\aquarana\Desktop\Gratis Online Lernen-v2.odt.enc 2016-09-08 17:59 - 2015-08-28 14:21 - 01530907 _____ C:\Users\aquarana\Desktop\interactive-top5-characters-crc.pdf.enc 2016-09-08 17:59 - 2015-08-24 15:11 - 00094437 _____ C:\Users\aquarana\Desktop\Herzliche Einladung.pdf.enc 2016-09-08 17:59 - 2015-08-17 15:13 - 00024070 _____ C:\Users\aquarana\Desktop\dk-im-park1.docx.enc 2016-09-08 17:59 - 2015-04-11 18:59 - 12560730 _____ C:\Users\aquarana\Desktop\Game-Research-Methods_Lankoski-Bjork-etal-web.pdf.enc 2016-09-08 17:59 - 2015-01-27 09:53 - 00456787 _____ C:\Users\aquarana\Desktop\jelinek.andrea.vortrag_oegsr-21-1-2015.pdf.enc 2016-09-08 17:59 - 2015-01-15 08:22 - 03637356 _____ C:\Users\aquarana\Desktop\L165_Suchen_finden_weitergeben3316953099.pdf.enc 2016-09-08 17:59 - 2014-10-15 16:40 - 00000000 ____D C:\OfficeApps 2016-09-08 17:59 - 2012-10-12 11:42 - 00000000 ____D C:\output media 2016-09-08 17:59 - 2011-10-21 19:22 - 00045723 _____ C:\Users\aquarana\Desktop\der schwierige erste Satz.pdf.enc 2016-09-08 17:59 - 2011-10-21 19:22 - 00007997 _____ C:\Users\aquarana\Desktop\der schwierige erste satz_uebung.pdf.enc 2016-09-08 17:59 - 2011-10-21 19:16 - 00086790 _____ C:\Users\aquarana\Desktop\Groß-Kleinschreibung.pdf.enc 2016-09-08 17:59 - 2011-09-03 15:30 - 02537150 _____ C:\Users\aquarana\Desktop\Kadushin-Bearina IUD concept-MR.pdf.enc 2016-09-08 17:59 - 2011-08-27 14:33 - 02410403 _____ C:\Users\aquarana\Desktop\Kadusin-Bearina 5- blue.jpg.enc 2016-09-08 17:58 - 2016-03-28 17:06 - 01828396 _____ C:\Users\aquarana\Desktop\arlberg-2016.JPG.enc 2016-09-08 17:58 - 2015-09-07 08:38 - 03809118 _____ C:\Users\aquarana\Desktop\band10(1).pdf.enc 2016-09-08 17:58 - 2015-08-25 15:03 - 00053355 _____ C:\Users\aquarana\Desktop\azv-entgelte---kommerz-data.pdf.enc 2016-09-08 17:58 - 2015-08-10 10:35 - 00100727 _____ C:\Users\aquarana\Desktop\Badeteich Sonnenuntergang Lotte Elena Angelika.jpg.enc 2016-09-08 17:58 - 2015-07-30 16:17 - 00003182 _____ C:\Users\aquarana\Desktop\Aufnahme in die ÖGSR.eml.enc 2016-09-08 17:58 - 2013-02-18 14:20 - 00000000 ____D C:\HTML Studio 2016-09-08 17:58 - 2011-10-06 03:18 - 00000000 ____D C:\mfg 2016-09-08 17:55 - 2016-06-30 16:26 - 03825086 _____ C:\Users\aquarana\Desktop\2016-06_Interaktive-E-Books_V20(1).epub.enc 2016-09-08 17:55 - 2016-06-29 20:38 - 00018924 _____ C:\Users\aquarana\Desktop\6857672-Zahlungsanweisung-20160629-203803054 (1).pdf.enc 2016-09-08 17:55 - 2016-06-19 22:27 - 00000000 ____D C:\Users\aquarana\Desktop\abschluss 2016-09-08 17:55 - 2016-06-05 11:30 - 00425320 _____ C:\Users\aquarana\Desktop\5 Zeitmanagement-Tipps von Ivan Blatter(1).pdf.enc 2016-09-08 17:55 - 2016-04-15 11:20 - 00801022 _____ C:\Users\aquarana\Desktop\A3_1skype_for_business.pdf.enc 2016-09-08 17:55 - 2016-01-18 10:51 - 00039269 _____ C:\Users\aquarana\Desktop\50vroni_gernot_lied und spieleübersicht _v1.docx.enc 2016-09-08 17:55 - 2015-11-10 18:07 - 10822566 _____ C:\Users\aquarana\Desktop\20151-adobemarketingsuccessstory-nissan.pdf.enc 2016-09-08 17:55 - 2015-11-10 18:02 - 04913328 _____ C:\Users\aquarana\Desktop\20151-adobemarketingcloud.pdf.enc 2016-09-08 17:55 - 2015-07-25 09:56 - 00390219 _____ C:\Users\aquarana\Desktop\5 Reasons Why Game-Based Learning Should Matter to Organizations.pdf.enc 2016-09-08 16:03 - 2011-10-19 15:39 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher 2016-09-05 16:01 - 2015-05-18 09:56 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-09-05 13:33 - 2011-10-19 15:41 - 00100608 _____ C:\Users\aquarana\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-04 12:27 - 2015-06-22 08:05 - 00003716 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1676539162-533426384-2096430618-1000 2016-09-04 12:27 - 2015-06-10 10:32 - 00003620 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1676539162-533426384-2096430618-1000 2016-09-04 09:54 - 2016-04-10 17:18 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-09-03 09:26 - 2014-09-25 11:04 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-09-03 09:26 - 2011-10-19 21:33 - 00000000 ____D C:\ProgramData\Skype 2016-09-03 02:49 - 2011-10-21 23:11 - 00000000 ___RD C:\Users\aquarana\Dropbox 2016-09-03 02:49 - 2011-10-21 23:10 - 00000000 ____D C:\Users\aquarana\AppData\Roaming\Dropbox 2016-09-02 15:56 - 2016-01-20 16:37 - 00000000 ____D C:\Users\Max Muster\.oracle_jre_usage 2016-09-02 15:52 - 2014-11-05 13:57 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-02 15:50 - 2012-01-08 03:22 - 00100608 _____ C:\Users\Max Muster\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-02 15:49 - 2012-01-08 03:21 - 00000000 ___RD C:\Users\Max Muster\Virtual Machines 2016-09-02 15:46 - 2012-05-09 16:03 - 00000000 ____D C:\Windows\Minidump 2016-09-02 15:46 - 2011-10-19 15:39 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2016-08-30 14:01 - 2013-08-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-08-29 13:20 - 2011-10-19 15:39 - 00004246 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2016-08-24 14:03 - 2016-06-27 09:05 - 00000000 ____D C:\Users\aquarana\Desktop\urlaub 2016-08-21 13:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-08-21 10:21 - 2009-07-14 06:45 - 00396408 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-20 09:55 - 2012-06-22 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-19 23:56 - 2011-10-05 18:09 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-17 14:06 - 2012-11-03 20:26 - 00372736 ___SH C:\Users\aquarana\Documents\Thumbs.db 2016-08-12 20:25 - 2012-05-22 12:56 - 00103424 ___SH C:\Users\aquarana\Thumbs.db 2016-08-12 13:25 - 2011-11-13 10:53 - 00000000 ____D C:\Users\aquarana\downloadprogramme 2016-08-12 03:45 - 2013-07-24 03:01 - 00000000 ____D C:\Windows\system32\MRT 2016-08-12 03:08 - 2011-10-22 18:04 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-09-09 08:56 - 2016-09-09 10:28 - 0003791 _____ () C:\Users\aquarana\AppData\Roaming\.html 2016-09-09 08:56 - 2016-09-09 10:28 - 0001248 _____ () C:\Users\aquarana\AppData\Roaming\.txt 2013-12-01 06:30 - 2013-12-01 06:30 - 0000530 _____ () C:\Users\aquarana\AppData\Roaming\ascii.png 2005-05-05 01:00 - 2016-09-09 09:28 - 0303538 _____ () C:\Users\aquarana\AppData\Roaming\Bunch.AFx.enc 2010-04-01 15:26 - 2016-09-09 09:51 - 0000585 _____ () C:\Users\aquarana\AppData\Roaming\fullscreen_toolbar.xml.enc 2016-09-06 04:48 - 2016-09-06 04:48 - 0121344 _____ (WinSoft SA) C:\Users\aquarana\AppData\Roaming\NsResize.dll 2007-11-23 13:33 - 2007-11-23 13:33 - 0000133 _____ () C:\Users\aquarana\AppData\Roaming\queueview.png 2016-09-09 10:22 - 2016-09-09 10:22 - 0003791 _____ () C:\Users\aquarana\AppData\Roaming\wie_zum_Wiederherstellen_von_Dateien.html 2016-09-09 10:22 - 2016-09-09 10:22 - 0001248 _____ () C:\Users\aquarana\AppData\Roaming\wie_zum_Wiederherstellen_von_Dateien.txt 2015-03-24 13:34 - 2015-03-24 13:34 - 0156065 _____ () C:\Users\aquarana\AppData\Local\ars.cache 2015-03-24 13:35 - 2015-03-24 13:35 - 0393688 _____ () C:\Users\aquarana\AppData\Local\census.cache 2012-03-05 09:34 - 2016-01-04 22:32 - 0018944 _____ () C:\Users\aquarana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-11 18:01 - 2014-03-11 18:01 - 0000275 _____ () C:\Users\aquarana\AppData\Local\HamsterAudioConverterSettings.cfg 2015-03-24 13:04 - 2015-03-24 13:04 - 0000036 _____ () C:\Users\aquarana\AppData\Local\housecall.guid.cache 2015-03-29 15:46 - 2015-03-29 15:46 - 0000337 _____ () C:\Users\aquarana\AppData\Local\Perfmon.PerfmonCfg 2014-08-13 14:46 - 2014-08-13 14:46 - 0041717 _____ () C:\Users\aquarana\AppData\Local\recently-used.xbel 2012-06-16 18:35 - 2013-09-17 09:03 - 0007608 _____ () C:\Users\aquarana\AppData\Local\Resmon.ResmonCfg 2015-03-24 13:21 - 2015-03-24 13:21 - 0000010 _____ () C:\Users\aquarana\AppData\Local\sponge.last.runtime.cache 2015-04-16 19:38 - 2015-04-16 19:38 - 0000000 _____ () C:\Users\aquarana\AppData\Local\{B1735633-A938-49F8-A1A3-491970EB1D23} 2015-04-17 20:43 - 2015-04-17 20:43 - 0000000 _____ () C:\Users\aquarana\AppData\Local\{F83C40AF-A731-4C8A-B349-81568689EED3} 2016-09-08 17:55 - 2016-09-08 17:55 - 0427776 _____ () C:\ProgramData\ahidyher.exe Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\ahidyher.exe Einige Dateien in TEMP: ==================== C:\Users\aquarana\AppData\Local\Temp\avgnt.exe C:\Users\aquarana\AppData\Local\Temp\avguirn_08154579858.exe C:\Users\aquarana\AppData\Local\Temp\avguirn_08424267807.exe C:\Users\aquarana\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\aquarana\AppData\Local\Temp\SkypeSetup.exe C:\Users\Max Muster\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert |
13.09.2016, 20:09 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.09.2016, 07:06 | #12 |
| Ergebnis von malwarebytes Danke für die Unterstützung! Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2016.09.13.12 rootkit: v2016.08.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18426 aquarana :: MICKEY-MOUSE [administrator] 13.09.2016 22:21:03 mbar-log-2016-09-13 (22-21-03).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 466451 Time elapsed: 2 hour(s), 12 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\ProgramData\ahidyher.exe (Ransom.Crypt0L0cker.NSIS) -> Delete on reboot. [6c44a6cb861453e35fc49a4ea262d729] C:\Users\aquarana\AppData\Local\Temp\rad4291B.tmp (Ransom.Crypt0L0cker.NSIS) -> Delete on reboot. [d5db135e7525bc7ad3501fc9c83cb54b] C:\Users\aquarana\AppData\Roaming\NsResize.dll (Ransom.Cerber.Generic) -> Delete on reboot. [228ee78ad3c76ec81d92b42ad1336e92] Physical Sectors Detected: 0 (No malicious items detected) (end) |
14.09.2016, 09:17 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt Du möchtest die Logs bitte in CODE-Tags posten, wurde doch ausführlich beschrieben wie das geht. Was sollst du machen wenn MBAR fündig wurde?
__________________ Logfiles bitte immer in CODE-Tags posten |
14.09.2016, 09:55 | #14 |
| Win 7 - Malware - Dateien in .ENC verschluesseltCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2016.09.13.12 rootkit: v2016.08.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18426 aquarana :: MICKEY-MOUSE [administrator] 13.09.2016 22:21:03 mbar-log-2016-09-13 (22-21-03).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 466451 Time elapsed: 2 hour(s), 12 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\ProgramData\ahidyher.exe (Ransom.Crypt0L0cker.NSIS) -> Delete on reboot. [6c44a6cb861453e35fc49a4ea262d729] C:\Users\aquarana\AppData\Local\Temp\rad4291B.tmp (Ransom.Crypt0L0cker.NSIS) -> Delete on reboot. [d5db135e7525bc7ad3501fc9c83cb54b] C:\Users\aquarana\AppData\Roaming\NsResize.dll (Ransom.Cerber.Generic) -> Delete on reboot. [228ee78ad3c76ec81d92b42ad1336e92] Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2016.09.13.12 rootkit: v2016.08.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18426 aquarana :: MICKEY-MOUSE [administrator] 14.09.2016 08:10:16 mbar-log-2016-09-14 (08-10-16).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 465247 Time elapsed: 1 hour(s), 56 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
14.09.2016, 10:29 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Malware - Dateien in .ENC verschluesselt ok Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Win 7 - Malware - Dateien in .ENC verschluesselt |
anbei, arten, dateien, geklickt, heute, hochstarten, malware, meinem, rechner, schäden, spammail, tagen, vermeide, vermutlich, win, win 7 |