| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop/Rechner bootet und arbeitet langsam..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.09.2016, 16:30
| #7 |
 |  Laptop/Rechner bootet und arbeitet langsam.. Fixlog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von NABIL (14-09-2016 15:04:20) Run:1
Gestartet von C:\Users\NABIL\Desktop
Geladene Profile: NABIL (Verfügbare Profile: NABIL & asd & bazet & Gast & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe
Tcpip\..\Interfaces\{F37B658C-DD8B-4CF0-8B0B-6CE9D411B48F}: [NameServer] 208.67.222.222 208.67.220.220
C:\Program Files (x86)\RichMediaViewV1
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-02-11] () [Datei ist nicht signiert]
C:\Windows\KMS-R@1n.exe
Task: {D27BE5C6-A5F6-4031-ABA9-429A3E82A67F} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {D57EF4A8-1624-4244-814F-A2B2F632642C} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
CMD: dir /B "%ProgramFiles%"
CMD: dir /B "%ProgramFiles(x86)%"
CMD: dir /B "%ProgramData%"
CMD: dir /B "%Appdata%"
CMD: dir /B "%LocalAppdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => Schlüssel erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37B658C-DD8B-4CF0-8B0B-6CE9D411B48F}\\NameServer => Wert erfolgreich entfernt
"C:\Program Files (x86)\RichMediaViewV1" => nicht gefunden.
KMS-R@1n => Dienst erfolgreich gestoppt.
KMS-R@1n => Dienst erfolgreich entfernt
C:\Windows\KMS-R@1n.exe => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D27BE5C6-A5F6-4031-ABA9-429A3E82A67F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D27BE5C6-A5F6-4031-ABA9-429A3E82A67F}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D57EF4A8-1624-4244-814F-A2B2F632642C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57EF4A8-1624-4244-814F-A2B2F632642C}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\R@1n-KMS\Office15ProPlus => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office15ProPlus" => Schlüssel erfolgreich entfernt
========= dir /B "%ProgramFiles%" =========
AMD
ASRock Utility
ATI
ATI Technologies
Bitdefender
Bonjour
Canon
CMAK
Common Files
Covus Freemium
DAEMON Tools Lite
DVD Maker
EpsonNet
Intel
Internet Explorer
iPod
iTunes
Java
JDownloader
McAfee Security Scan
MGTEK
Microsoft Office
Microsoft Silverlight
Microsoft Xbox 360 Accessories
MotioninJoy
MSBuild
Realtek
Reference Assemblies
Rockstar Games
Samsung
SiSoftware
Synaptics
TeamSpeak 3 Client
Tracker Software
Windows Defender
Windows Journal
Windows Mail
Windows Media Player
Windows Multimedia Platform
Windows NT
Windows Photo Viewer
Windows Portable Devices
========= Ende von CMD: =========
========= dir /B "%ProgramFiles(x86)%" =========
ABBYY FineReader 12
Adobe
AMD
AMD APP
AMD AVT
Apple Software Update
ASUS
Bonjour
Canon
CDBurnerXP
CMAK
Common Files
CrystalDiskInfo
DVDVideoSoft
Emsisoft Anti-Malware
epson
EPSON Software
EpsonNet
Free Codec Pack
freshney.org
Google
GUMBE68.tmp
Intel
Internet Explorer
IObit
iTunes
Java
Lavalys
Malwarebytes Anti-Exploit
Malwarebytes Anti-Malware
MGTEK
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games for Windows - LIVE
Microsoft Silverlight
Microsoft.NET
Mozilla Firefox
MSBuild
MSI Kombustor 2.5
MSXML 4.0
Naruto Shippuden Ultimate Ninja Storm Revolution
Nero
Nuance
OpenAL
Opera
Origin Games
Panda Security
PSupport
QuickTime
Raptr
Realtek
Reference Assemblies
Rockstar Games
Samsung
ScummVM
Skype
Spybot - Search & Destroy 2
Stardock
Steam
Steamless CounterStrikeSource Pack
Valiant Hearts The Great War
Windows Defender
Windows Mail
Windows Media Player
Windows Multimedia Platform
Windows NT
Windows Photo Viewer
Windows Portable Devices
Wondershare
========= Ende von CMD: =========
========= dir /B "%ProgramData%" =========
ABBYY
Adobe
AMD
Apple
Apple Computer
AVAST Software
AVG
Avira
BDLogging
Canneverbe Limited
Canon IJ Network Tool
CanonIJPLM
CanonIJWSpt
Comms
DAEMON Tools Lite
E1864A66-75E3-486a-BD95-D1B7D99A84A7
Elder Scrolls Online
Electronic Arts
Emsisoft
Epson
FLEXnet
FreeDriverScout
HitmanPro
Intel
Intel(R) Update Manager
IObit
Lexware
Macrovision
Malwarebytes
Malwarebytes Anti-Exploit
McAfee
McAfee Security Scan
MGTEK
Microsoft Help
Microsoft OneDrive
Nero
Nuance
Oracle
Orbit
Origin
Package Cache
Panda Security
regid.1986-12.com.adobe
regid.1991-06.com.microsoft
Riot Games
Samsung
ScanSoft
Skype
SoftwareDistribution
Sony Corporation
Stardock
Steam
TEMP
TuneUp Software
UDL
USOPrivate
USOShared
wondershare
zeon
{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
========= Ende von CMD: =========
========= dir /B "%Appdata%" =========
.minecraft
ABBYY
Adobe
AMD
Apple Computer
ATI
AVG
Awesomium
Axolot Games
becker
Canneverbe Limited
Canon
DAEMON Tools Lite
dlg
dvdcss
DVDVideoSoft
Epson
FLEXnet
GalileoPress
HMYGSetting
Intel Corporation
IObit
Kalypso Media
Lexware
library_dir
LolClient
Macromedia
Media Center Programs
MK10
MotioninJoy
Nero
Nuance
Omerta
Opera Software
Origin
Panda Security
PDAppFlex
ProductData
QuickScan
Raptr
Riot Games
Samsung
Sandra.mdb
ScanSoft
ScummVM
Skype
Sm!thSteamEmu
SolidDocuments
Steam
Sun
TS3Client
TuneUp Software
unav
UseNeXT
vlc
Win Update
WinRAR
Wondershare
Zeon
========= Ende von CMD: =========
========= dir /B "%LocalAppdata%" =========
ABBYY
ActiveSync
Adobe
AMD
Apple
Apple Computer
Apps
ATI
Avg
avgchrome
BANDAI NAMCO Games
cache
CEF
Chromium
Comms
CrashDumps
Daedalic Entertainment GmbH
DayZ
Diagnostics
Disc_Soft_Ltd
Downloaded Installations
Electronic Arts
ElevatedDiagnostics
EmilyWantsToPlay
EMU
GDIPFONTCACHEV1.DAT
gladinet
Google
GWX
JDownloader 2.0
Lexware
Mega Limited
MGTEK
Microsoft
Microsoft Help
MicrosoftEdge
mpress
Nero
Nero_AG
Nuance
Opera Software
Origin
Package Cache
Packages
PeerDistRepub
Programs
Publishers
Rockstar Games
Samsung
ScanSoft
SKIDROW
Skyrim
SquareEnix
Stardock
Steam
Temp
Temp71f478dc03dcd9563705386394b9772c
TileDataLayer
TuneUp Software
Ubisoft Game Launcher
UnrealEngine
VirtualStore
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17324877 B
Java, Flash, Steam htmlcache => 88331695 B
Windows/system/drivers => 39803295 B
Edge => 9728 B
Chrome => 728441214 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6766 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 0 B
LocalService => 73510 B
NetworkService => 441402 B
NABIL => 2758730614 B
asd => 1056913721 B
bazet => 27966 B
Gast => 0 B
DefaultAppPool => 0 B
RecycleBin => 100014 B
EmptyTemp: => 4.4 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:05:11 ====
eset Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von NABIL (14-09-2016 15:04:20) Run:1
Gestartet von C:\Users\NABIL\Desktop
Geladene Profile: NABIL (Verfügbare Profile: NABIL & asd & bazet & Gast & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe
Tcpip\..\Interfaces\{F37B658C-DD8B-4CF0-8B0B-6CE9D411B48F}: [NameServer] 208.67.222.222 208.67.220.220
C:\Program Files (x86)\RichMediaViewV1
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-02-11] () [Datei ist nicht signiert]
C:\Windows\KMS-R@1n.exe
Task: {D27BE5C6-A5F6-4031-ABA9-429A3E82A67F} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {D57EF4A8-1624-4244-814F-A2B2F632642C} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
CMD: dir /B "%ProgramFiles%"
CMD: dir /B "%ProgramFiles(x86)%"
CMD: dir /B "%ProgramData%"
CMD: dir /B "%Appdata%"
CMD: dir /B "%LocalAppdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => Schlüssel erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37B658C-DD8B-4CF0-8B0B-6CE9D411B48F}\\NameServer => Wert erfolgreich entfernt
"C:\Program Files (x86)\RichMediaViewV1" => nicht gefunden.
KMS-R@1n => Dienst erfolgreich gestoppt.
KMS-R@1n => Dienst erfolgreich entfernt
C:\Windows\KMS-R@1n.exe => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D27BE5C6-A5F6-4031-ABA9-429A3E82A67F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D27BE5C6-A5F6-4031-ABA9-429A3E82A67F}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D57EF4A8-1624-4244-814F-A2B2F632642C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57EF4A8-1624-4244-814F-A2B2F632642C}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\R@1n-KMS\Office15ProPlus => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office15ProPlus" => Schlüssel erfolgreich entfernt
========= dir /B "%ProgramFiles%" =========
AMD
ASRock Utility
ATI
ATI Technologies
Bitdefender
Bonjour
Canon
CMAK
Common Files
Covus Freemium
DAEMON Tools Lite
DVD Maker
EpsonNet
Intel
Internet Explorer
iPod
iTunes
Java
JDownloader
McAfee Security Scan
MGTEK
Microsoft Office
Microsoft Silverlight
Microsoft Xbox 360 Accessories
MotioninJoy
MSBuild
Realtek
Reference Assemblies
Rockstar Games
Samsung
SiSoftware
Synaptics
TeamSpeak 3 Client
Tracker Software
Windows Defender
Windows Journal
Windows Mail
Windows Media Player
Windows Multimedia Platform
Windows NT
Windows Photo Viewer
Windows Portable Devices
========= Ende von CMD: =========
========= dir /B "%ProgramFiles(x86)%" =========
ABBYY FineReader 12
Adobe
AMD
AMD APP
AMD AVT
Apple Software Update
ASUS
Bonjour
Canon
CDBurnerXP
CMAK
Common Files
CrystalDiskInfo
DVDVideoSoft
Emsisoft Anti-Malware
epson
EPSON Software
EpsonNet
Free Codec Pack
freshney.org
Google
GUMBE68.tmp
Intel
Internet Explorer
IObit
iTunes
Java
Lavalys
Malwarebytes Anti-Exploit
Malwarebytes Anti-Malware
MGTEK
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games for Windows - LIVE
Microsoft Silverlight
Microsoft.NET
Mozilla Firefox
MSBuild
MSI Kombustor 2.5
MSXML 4.0
Naruto Shippuden Ultimate Ninja Storm Revolution
Nero
Nuance
OpenAL
Opera
Origin Games
Panda Security
PSupport
QuickTime
Raptr
Realtek
Reference Assemblies
Rockstar Games
Samsung
ScummVM
Skype
Spybot - Search & Destroy 2
Stardock
Steam
Steamless CounterStrikeSource Pack
Valiant Hearts The Great War
Windows Defender
Windows Mail
Windows Media Player
Windows Multimedia Platform
Windows NT
Windows Photo Viewer
Windows Portable Devices
Wondershare
========= Ende von CMD: =========
========= dir /B "%ProgramData%" =========
ABBYY
Adobe
AMD
Apple
Apple Computer
AVAST Software
AVG
Avira
BDLogging
Canneverbe Limited
Canon IJ Network Tool
CanonIJPLM
CanonIJWSpt
Comms
DAEMON Tools Lite
E1864A66-75E3-486a-BD95-D1B7D99A84A7
Elder Scrolls Online
Electronic Arts
Emsisoft
Epson
FLEXnet
FreeDriverScout
HitmanPro
Intel
Intel(R) Update Manager
IObit
Lexware
Macrovision
Malwarebytes
Malwarebytes Anti-Exploit
McAfee
McAfee Security Scan
MGTEK
Microsoft Help
Microsoft OneDrive
Nero
Nuance
Oracle
Orbit
Origin
Package Cache
Panda Security
regid.1986-12.com.adobe
regid.1991-06.com.microsoft
Riot Games
Samsung
ScanSoft
Skype
SoftwareDistribution
Sony Corporation
Stardock
Steam
TEMP
TuneUp Software
UDL
USOPrivate
USOShared
wondershare
zeon
{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
========= Ende von CMD: =========
========= dir /B "%Appdata%" =========
.minecraft
ABBYY
Adobe
AMD
Apple Computer
ATI
AVG
Awesomium
Axolot Games
becker
Canneverbe Limited
Canon
DAEMON Tools Lite
dlg
dvdcss
DVDVideoSoft
Epson
FLEXnet
GalileoPress
HMYGSetting
Intel Corporation
IObit
Kalypso Media
Lexware
library_dir
LolClient
Macromedia
Media Center Programs
MK10
MotioninJoy
Nero
Nuance
Omerta
Opera Software
Origin
Panda Security
PDAppFlex
ProductData
QuickScan
Raptr
Riot Games
Samsung
Sandra.mdb
ScanSoft
ScummVM
Skype
Sm!thSteamEmu
SolidDocuments
Steam
Sun
TS3Client
TuneUp Software
unav
UseNeXT
vlc
Win Update
WinRAR
Wondershare
Zeon
========= Ende von CMD: =========
========= dir /B "%LocalAppdata%" =========
ABBYY
ActiveSync
Adobe
AMD
Apple
Apple Computer
Apps
ATI
Avg
avgchrome
BANDAI NAMCO Games
cache
CEF
Chromium
Comms
CrashDumps
Daedalic Entertainment GmbH
DayZ
Diagnostics
Disc_Soft_Ltd
Downloaded Installations
Electronic Arts
ElevatedDiagnostics
EmilyWantsToPlay
EMU
GDIPFONTCACHEV1.DAT
gladinet
Google
GWX
JDownloader 2.0
Lexware
Mega Limited
MGTEK
Microsoft
Microsoft Help
MicrosoftEdge
mpress
Nero
Nero_AG
Nuance
Opera Software
Origin
Package Cache
Packages
PeerDistRepub
Programs
Publishers
Rockstar Games
Samsung
ScanSoft
SKIDROW
Skyrim
SquareEnix
Stardock
Steam
Temp
Temp71f478dc03dcd9563705386394b9772c
TileDataLayer
TuneUp Software
Ubisoft Game Launcher
UnrealEngine
VirtualStore
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17324877 B
Java, Flash, Steam htmlcache => 88331695 B
Windows/system/drivers => 39803295 B
Edge => 9728 B
Chrome => 728441214 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6766 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 0 B
LocalService => 73510 B
NetworkService => 441402 B
NABIL => 2758730614 B
asd => 1056913721 B
bazet => 27966 B
Gast => 0 B
DefaultAppPool => 0 B
RecycleBin => 100014 B
EmptyTemp: => 4.4 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:05:11 ====
Code:
ATTFilter
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von NABIL (Administrator) auf NABIL-PC (14-09-2016 17:24:39)
Gestartet von C:\Users\NABIL\Desktop
Geladene Profile: NABIL & asd & bazet & Gast & DefaultAppPool (Verfügbare Profile: NABIL & asd & bazet & Gast & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start101\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start101\Start10_64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Windows\SysWOW64\ASGT.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate8\PdfCreate8Hook.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16697352 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896 2016-06-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2014-09-22] (ABBYY Production LLC.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage19\OmniPage19.exe [3021528 2014-11-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance OmniPage Ultimate-reminder] => "C:\Program Files (x86)\Nuance\OmniPage19\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage Ultimate\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate8\pdfcreate8hook.exe [1109016 2014-11-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate8\RegistryController.exe [189976 2014-11-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-225648569-1694930765-1264359465-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-225648569-1694930765-1264359465-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-225648569-1694930765-1264359465-1004\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-225648569-1694930765-1264359465-1004\...\RunOnce: [Uninstall C:\Users\asd\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\asd\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"
HKU\S-1-5-21-225648569-1694930765-1264359465-1004\...\RunOnce: [Uninstall C:\Users\asd\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\asd\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1"
HKU\S-1-5-21-225648569-1694930765-1264359465-1008\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-225648569-1694930765-1264359465-501\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-225648569-1694930765-1264359465-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2013-08-08] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2013-08-08] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll [2013-08-08] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll [2013-08-08] (Gladinet, INC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-04-06]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk [2016-02-23]
ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{281f7690-3078-4910-b67d-7743d4eb2a9a}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-225648569-1694930765-1264359465-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll [2013-05-08] (MGTEK)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll [2013-05-08] (MGTEK)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDFCreate8\Bin\GZeonIEFavClient.dll [2013-05-16] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDFCreate8\Bin\GZeonIEFavClient.dll [2013-05-16] (Zeon Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-225648569-1694930765-1264359465-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-16] (Adobe Systems Incorporated)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-25] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-03-18] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-225648569-1694930765-1264359465-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Extension: (Kein Name) - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6352\ff [nicht gefunden]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-02-22] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-06-01]
Chrome:
=======
CHR Profile: C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-01]
CHR Extension: (Google-Suche) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adblock Plus) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fancjlijdfajbmighlldmgmeobfmempn [2015-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (Google Mail) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\NABIL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [961744 2014-07-13] (ABBYY Production LLC)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-24] () [Datei ist nicht signiert]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [Datei ist nicht signiert]
R2 Asus Product Register Service; C:\Program Files (x86)\ASUS\APRP\AsusProductRegisterService.exe [62128 2012-09-11] () [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1145216 2015-05-19] ()
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-11-27] (Digital Wave Ltd.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2013-08-08] (Gladinet, INC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1\RpcAgentSrv.exe [73200 2015-02-15] (SiSoftware) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Start10; C:\Program Files (x86)\Stardock\Start101\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [Datei ist nicht signiert]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [124168 2016-01-19] (Wondershare)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-02-11] (Advanced Micro Devices)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-10] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [531424 2015-12-22] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-08] (REALiX(tm))
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [Datei ist nicht signiert]
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-12-22] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-04-30] ()
U4 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
|
| Themen zu Laptop/Rechner bootet und arbeitet langsam.. |
| allgemein, arbeitet, booten, bootet, bruder, extrem, extrem langsam, hilfe, hoffe, kriege, langsam, laptop, rechner, system, system langsam, öfters |
Baum-Darstellung