| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1: SpyProtectorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.05.2017, 15:59
| #3 |
 |  Windows 8.1: SpyProtector Hallo Rafael,
__________________vielen Dank für deine Hilfe. Hier die Logfiles. MBAM hat nicht gefunden, AdwCleaner hat eine Bedrohung gefunden, die ich gelöscht habe. Das Programm ist immer noch da.. AdwCleaner Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 14/05/2017 um 16:42:49
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-05-13.1 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Katharina - PERLE
# Gestartet von : C:\Users\Katharina\Desktop\AdwCleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1056 Bytes] - [14/05/2017 16:42:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1361 Bytes] - [14/05/2017 16:41:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1202 Bytes] ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 14.05.17
Scan-Zeit: 16:13
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.122
Version des Aktualisierungspakets: 1.0.1938
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Perle\Katharina
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 380197
Erkannte Bedrohungen: 0
(keine bösartigen Elemente erkannt)
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 17 Min., 49 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
durchgeführt von Katharina (Administrator) auf PERLE (14-05-2017 16:50:49)
Gestartet von C:\Users\Katharina\Downloads
Geladene Profile: Katharina (Verfügbare Profile: Katharina)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-09-03] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-05] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-12] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-01-25] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1223168 2016-12-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-04-19] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [Amazon Cloud Player] => C:\Users\Katharina\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [Spotify Web Helper] => C:\Users\Katharina\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [Dropbox Update] => C:\Users\Katharina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [Spotify] => C:\Users\Katharina\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Run: [tubcloud] => C:\Program Files (x86)\tubcloud\tubcloud.exe [35801299 2015-12-16] ()
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\tubcloud\shellext\OCOverlays_x64.dll [2015-07-20] (ownCloud Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-12-24]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk [2014-08-30]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0AC079D9-BE40-4D01-B575-C86BF75BCEDB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72263D22-9827-48C4-9050-CEFE4662E5C9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2875012414-993899522-689580763-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2875012414-993899522-689580763-1001 -> {AEA0A6E8-A9B0-4AA5-901D-3228E78124AD} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-27] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-05] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
IE Session Restore: HKU\S-1-5-21-2875012414-993899522-689580763-1001 -> ist aktiviert.
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\pm2tyanv.default [2017-05-14]
FF Homepage: Mozilla\Firefox\Profiles\pm2tyanv.default -> google.com
FF Session Restore: Mozilla\Firefox\Profiles\pm2tyanv.default -> ist aktiviert.
FF Extension: (Avast SafePrice) - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\pm2tyanv.default\Extensions\sp@avast.com.xpi [2017-05-12]
FF Extension: (Avast Online Security) - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\pm2tyanv.default\Extensions\wrc@avast.com.xpi [2017-05-12]
FF Extension: (Adblock Plus) - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\pm2tyanv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\pm2tyanv.default\searchplugins\leo-eng-deu-v20.xml [2015-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-10-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default [2017-05-12]
CHR Extension: (Google Präsentationen) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google-Suche) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Google Tabellen) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Avast Online Security) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-04]
CHR Extension: (Citavi Picker) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2017-03-21]
CHR Extension: (Google Mail) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Katharina\AppData\Local\Google\Chrome\User Data\default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-12] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-12] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-04-19] (Geek Software GmbH)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-01-25] (Dritek System INC.)
S4 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)
S4 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 apmwinsrv; "C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe" [X]
S4 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-12] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-12] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [78840 2016-09-27] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-12] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-12] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-12] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-12] (AVAST Software)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-14] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-14] (Malwarebytes)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-25] (Dritek System Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [52592 2015-10-23] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-14 16:46 - 2017-05-14 16:46 - 00000000 ____D C:\Users\Katharina\Downloads\FRST-OlderVersion
2017-05-14 16:37 - 2017-05-14 16:42 - 00000000 ____D C:\AdwCleaner
2017-05-14 16:36 - 2017-05-14 16:36 - 00001384 _____ C:\Users\Katharina\Desktop\mbam.txt
2017-05-14 16:12 - 2017-05-14 16:12 - 00001887 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-14 16:10 - 2017-05-14 16:45 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-14 16:10 - 2017-05-14 16:45 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-14 16:10 - 2017-05-14 16:45 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-14 16:10 - 2017-05-14 16:45 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-14 16:10 - 2017-05-14 16:12 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-14 16:09 - 2017-05-14 16:09 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-14 16:09 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-14 16:07 - 2017-05-14 16:07 - 04102600 _____ C:\Users\Katharina\Desktop\AdwCleaner_6.046.exe
2017-05-14 16:05 - 2017-05-14 16:06 - 63035592 _____ (Malwarebytes ) C:\Users\Katharina\Downloads\mb3-setup-consumer-3.1.2.1733.exe
2017-05-13 22:21 - 2017-05-13 22:25 - 00047993 _____ C:\Users\Katharina\Downloads\Addition.txt
2017-05-13 22:19 - 2017-05-14 16:51 - 00026627 _____ C:\Users\Katharina\Downloads\FRST.txt
2017-05-13 22:18 - 2017-05-14 16:50 - 00000000 ____D C:\FRST
2017-05-13 22:18 - 2017-05-14 16:46 - 02429952 _____ (Farbar) C:\Users\Katharina\Downloads\FRST64.exe
2017-05-12 21:36 - 2017-05-12 21:35 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-10 15:20 - 2017-05-10 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2017-05-05 22:53 - 2017-05-06 22:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-02 21:45 - 2017-05-02 21:56 - 00000000 ___HD C:\Users\Katharina\.cduf
2017-05-02 21:45 - 2017-05-02 21:45 - 00000000 ____D C:\Users\Katharina\.oracle_jre_usage
2017-04-29 13:08 - 2017-04-29 13:08 - 02229160 _____ C:\Users\Katharina\Documents\Rossmann 5€.pdf
2017-04-29 13:07 - 2017-04-29 13:07 - 02229222 _____ C:\Users\Katharina\Documents\Rossmann 10€.pdf
2017-04-22 19:19 - 2017-04-22 19:19 - 00000000 ____D C:\Users\Katharina\Documents\Benutzerdefinierte Office-Vorlagen
2017-04-20 19:24 - 2017-04-20 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXnicCenter
2017-04-20 19:24 - 2017-04-20 19:24 - 00000000 ____D C:\Program Files\TeXnicCenter
2017-04-20 17:40 - 2017-04-20 17:40 - 00000000 ____D C:\Users\Katharina\AppData\Roaming\MiKTeX
2017-04-20 17:35 - 2017-04-20 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2017-04-20 17:32 - 2017-04-20 17:32 - 00000000 ____D C:\Users\Katharina\AppData\Local\MiKTeX
2017-04-20 17:32 - 2017-04-20 17:32 - 00000000 ____D C:\ProgramData\MiKTeX
2017-04-20 17:30 - 2017-04-20 17:32 - 00000000 ____D C:\Program Files\MiKTeX 2.9
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-14 16:44 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-14 16:43 - 2013-12-18 13:11 - 00053284 _____ C:\WINDOWS\system32\wpbbin.exe
2017-05-14 16:43 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-05-14 16:32 - 2013-10-15 03:56 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2875012414-993899522-689580763-1001
2017-05-14 16:09 - 2015-03-12 00:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-14 16:08 - 2016-11-16 19:16 - 00000000 ____D C:\Users\Katharina\AppData\LocalLow\Mozilla
2017-05-14 16:02 - 2013-12-19 21:10 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{250BB0F2-30DE-4282-AB37-C1D53EF0485C}
2017-05-13 22:05 - 2013-11-07 22:13 - 00004344 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-13 22:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-13 22:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-13 21:45 - 2015-04-17 19:35 - 00000000 ____D C:\Users\Katharina\Documents\Listen
2017-05-13 21:44 - 2016-10-27 00:00 - 00000000 ____D C:\Users\Katharina\Documents\Citavi 5
2017-05-13 19:30 - 2014-04-20 17:34 - 00000000 ____D C:\Users\Katharina\AppData\Local\Deployment
2017-05-13 19:08 - 2014-11-02 21:15 - 00000000 ____D C:\Users\Katharina\Documents\Budget
2017-05-13 17:55 - 2013-10-15 03:49 - 00000000 ____D C:\Users\Katharina\AppData\Local\Packages
2017-05-12 21:36 - 2017-03-13 19:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-12 21:36 - 2015-03-23 23:08 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 21:35 - 2017-03-13 19:05 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-12 21:35 - 2017-03-13 19:05 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-12 21:35 - 2017-03-13 19:05 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-12 21:35 - 2017-03-13 19:05 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.149461779967102
2017-05-12 21:35 - 2015-03-23 23:08 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-12 21:35 - 2015-03-23 23:08 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-12 20:12 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-11 12:11 - 2017-04-10 17:23 - 00000000 ____D C:\Users\Katharina\Desktop\Literatur
2017-05-11 12:11 - 2017-03-20 17:05 - 00000000 ____D C:\Users\Katharina\Desktop\BA
2017-05-11 10:44 - 2017-03-15 21:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-11 10:44 - 2014-01-07 11:56 - 00000000 ____D C:\ProgramData\Skype
2017-05-10 20:26 - 2013-11-14 09:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-10 20:26 - 2013-11-14 09:11 - 00769864 _____ C:\WINDOWS\system32\perfh007.dat
2017-05-10 20:26 - 2013-11-14 09:11 - 00163456 _____ C:\WINDOWS\system32\perfc007.dat
2017-05-10 15:20 - 2015-10-13 11:40 - 00000000 ____D C:\Program Files (x86)\PDF24
2017-05-10 09:43 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-07 21:39 - 2014-08-26 20:37 - 00000000 ____D C:\Users\Katharina\AppData\Roaming\Spotify
2017-05-07 21:39 - 2014-08-26 20:37 - 00000000 ____D C:\Users\Katharina\AppData\Local\Spotify
2017-05-07 16:17 - 2014-10-30 23:28 - 00000000 ____D C:\Users\Katharina\Documents\Rechnungen
2017-05-06 23:25 - 2015-05-12 23:14 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-06 22:35 - 2013-10-25 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-02 21:45 - 2013-12-18 13:19 - 00000000 ____D C:\Users\Katharina
2017-04-27 20:51 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-27 20:48 - 2015-10-03 14:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-23 22:28 - 2017-02-11 00:06 - 00000000 ____D C:\Users\Katharina\Desktop\Handy
2017-04-19 22:43 - 2015-11-04 19:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 21:20 - 2016-04-18 21:14 - 00000000 ____D C:\Users\Katharina\Documents\Abrechnungen
2017-04-15 13:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-16 19:39 - 2014-04-16 19:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-01-25 03:18 - 2013-01-25 03:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-10 00:36 - 2015-01-10 00:36 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-12 11:28
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-05-2017
durchgeführt von Katharina (14-05-2017 16:52:41)
Gestartet von C:\Users\Katharina\Downloads
Windows 8.1 (Update) (X64) (2013-12-18 11:40:42)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2875012414-993899522-689580763-500 - Administrator - Disabled)
Gast (S-1-5-21-2875012414-993899522-689580763-501 - Limited - Disabled)
Katharina (S-1-5-21-2875012414-993899522-689580763-1001 - Administrator - Enabled) => C:\Users\Katharina
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{F038D9EC-E763-43D0-834A-0C4CA328C0F4}) (Version: 4.4.00243 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.00243 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.4.00243 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.4.0.2 - Swiss Academic Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dropbox (HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{697E8962-7610-4310-BFA9-A0591C65EC21}) (Version: 1.1.4 - Acer Incorporated)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{333E22D7-9F56-4482-A13C-1B9D35B9D641}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8102 - Acer Incorporated)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
PDF24 Creator 8.1.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27028 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
tubCloud (HKLM-x32\...\tubCloud) (Version: 2.1.0.405 - tubIT - IT Service Center Technische Universitt Berlin)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Katharina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2875012414-993899522-689580763-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0E0CD37F-C9A8-4413-9EC1-8BEADC625678} - System32\Tasks\HP AR Program Upload - 2b0b5736f6ed4a308fb146cb2818a4101e34acf6b67f4fb99dd7da67781796d8 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {30643D75-D0A5-4CA9-8D93-37945D12B9BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {310F3883-FDAD-451B-808D-BC4D1FC411E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-17] (AVAST Software)
Task: {32BB9351-4143-4274-98D8-CBDE403F3B17} - System32\Tasks\HP AR Program Upload - c0f27839cbd748cca05fab6dc69c1dec3c0be8720ed04d68b925726228cf7b7d => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {3C3E021E-3A30-4912-80CC-8EF5DD6414BA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2875012414-993899522-689580763-1001Core => C:\Users\Katharina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {43B3E634-5C02-4B36-B749-DACB21D9C77D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {471F0C6E-E072-491B-9719-7F4178221D27} - System32\Tasks\{BE5FFF87-CCA2-4CE1-9A64-EDE1B499E9CE} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {5571FD28-9452-4E6C-A594-1547F584447E} - System32\Tasks\HP AR Program Upload - 4ce6cb42699546b98cc591549a49e2b4576700b69f4846499826fe3e60a48e6f => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {55E479B1-032C-4594-BA35-3AC746FE9229} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {58B80282-DDCD-4703-AD22-BD42D878976A} - System32\Tasks\HP AR Program Upload - 40e05f15d22f42dfa79c4060cda7471b9ff84845d308415abfb39561ec2eef9f => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {72305F28-9172-4485-B29A-C87CA27958DD} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC)
Task: {7312669A-9FD7-4B80-B21D-89A730F165CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-13] (Adobe Systems Incorporated)
Task: {746C9A1C-F613-490D-A296-E0A80DA39A3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2875012414-993899522-689580763-1001UA => C:\Users\Katharina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {8D733A39-6755-4F45-92BE-B86DEAABF5BE} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {91D79939-4E5B-4F21-AE16-668E4BF44483} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {9342641A-D40E-4CEB-97DE-3513C82B4A09} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {9C8D9F6B-904D-4EBA-8420-788BCA2BE195} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {B181A3B8-8335-4F5C-B6B5-D9BC62AF3D59} - System32\Tasks\HP AR Program Upload - e9408b28fd6849cb989409483c0e640306cc56bc64d04902bf8e4ed5a432cec2 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {B314CA81-D1DD-4C12-84D5-6197DBCA808A} - System32\Tasks\HP AR Program Upload - c9596c23ee8041fe8d6015dc0a05440471160c28ec11436d85666e5395fb6acc => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {B5D27E47-83BE-4FDE-9CDB-15CC631835A9} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {BDB8C1E5-7A60-48BF-872E-F7E7CFA0B706} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2016-07-06] ()
Task: {BDCD7827-DDBD-41FB-9456-445F1DB7871D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-27] (Microsoft Corporation)
Task: {C1083D37-762E-4557-8FBF-FF142C738645} - System32\Tasks\Katharina DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)
Task: {C5F7CD87-F179-43F3-8572-EB67D1430FC8} - System32\Tasks\HP AR Program Upload - 5ec7d619eeca44d68d61929f217fd3ddc73b796f1eb64f79947e8a05bd0d4155 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {D9B081BA-98D0-4C15-8949-43BCCA34943F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-12] (AVAST Software)
Task: {DE04452C-6A7C-4446-BAD1-63D4E093F21F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {EB4CA1F1-6F5B-4CAF-BFE5-7DCFC997E629} - System32\Tasks\Katharina => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {F1F384ED-A92F-4542-ABAD-DC13D25C1087} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {F6BBA8BF-47C8-42F5-A654-23F7AFBD2228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {FB6DEDF8-6EF5-4E8D-9E94-4480CFA12A38} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2016-07-06] ()
Task: {FBDADE0D-B053-45DA-843A-E755BBCE9ECB} - System32\Tasks\Katharina Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2875012414-993899522-689580763-1001Core.job => C:\Users\Katharina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2875012414-993899522-689580763-1001UA.job => C:\Users\Katharina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Katharina\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
Shortcut: C:\Users\Katharina\AppData\Local\Microsoft\Windows\FileHistory\Data\327\C\Users\Katharina\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nch.com.au/de/index.htm
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 17:08 - 2017-03-16 17:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-20 14:18 - 2015-07-20 14:18 - 00059392 _____ () C:\Program Files (x86)\tubcloud\shellext\OCUtil_x64.dll
2017-05-14 16:09 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-12-14 03:42 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-23 01:04 - 2012-08-23 01:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 01:04 - 2012-08-23 01:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2016-12-09 18:09 - 2016-12-09 18:09 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2017-05-12 21:35 - 2017-05-12 21:35 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-12 21:35 - 2017-05-12 21:35 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-12 21:35 - 2017-05-12 21:35 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-12 21:35 - 2017-05-12 21:35 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-12 21:35 - 2017-05-12 21:35 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-12 21:35 - 2017-05-12 21:35 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2013-01-25 03:14 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2875012414-993899522-689580763-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katharina\AppData\Local\Microsoft\Windows\Themes\Canada\DesktopBackground\CA-olwp3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: PDF24 => 2
MSCONFIG\Services: Seagate Dashboard Services => 2
MSCONFIG\Services: Seagate MobileBackup Service => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "Acer Backup Manager Tray.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RadioController"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "LManager"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "tubcloud"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-2875012414-993899522-689580763-1001\...\StartupApproved\Run: => "FlashPlayerUpdate"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{280FD272-5A31-443F-82E9-D2A8A8A6F127}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{C713E948-DD1C-4AD6-8A9F-727670184E08}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{3C755175-F5F8-4C8A-A881-4B7E1C82953E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{868F3E15-A0C2-4F31-A621-3EDCE5497E8F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9BCD772D-01FE-46C1-AF79-55D26524EB0E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{066A3A5C-24B1-4DA5-A5E0-7533784DF518}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1389C8BF-F8AF-4F61-81FF-A5A7FA59C535}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{8ADAACE8-4BAC-4F33-B21D-8CCEA03B6508}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{58A6BAB1-5B6E-4FF8-A0F6-04C8916C8901}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ED4977C5-C30A-46F3-AFF6-E93DB3D37F84}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D278272A-69CE-4537-87A9-C321D56F3090}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{2872A5F9-893C-49AE-89B6-CF0DE380DAB6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{518231FA-94F6-4426-BEB9-A72A8EFF6DC1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{EBD6477F-415A-4945-80B8-BBA539FF2A40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{EDD068D4-87A7-40DD-A560-909690BF1220}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{E210700B-863C-45B2-BDF8-40340979606A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{95D5999D-05E2-4627-B733-3EC30478265E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{25E3F37C-1BDB-43BE-9298-F3F147CD5F06}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E21511DE-4919-491A-B6B3-938044EBA201}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A3C0FA9B-6F68-4200-98E1-F660C657BF73}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2DA86D15-21B3-4B39-888D-317D29D134E3}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{A5151C19-880E-4495-B1F5-28EA745D538E}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{DB75D36C-DF17-4907-9150-C76E1827C3DC}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [TCP Query User{F974B859-3C90-4C67-A8F7-C5DF766760C4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8174063F-E6BB-475A-910A-5203AEE64FED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{59066F86-F724-4520-9926-4E06B85CF859}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{6A08D77A-32CA-43B3-BEF6-6FA44A4A04DA}] => (Allow) LPort=5357
FirewallRules: [{EDD922D8-F64D-4FE2-A70E-365F948C358A}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8B4343E4-D318-401A-9499-80B0F5399B43}] => (Allow) C:\Users\Katharina\AppData\Local\Temp\7zS7CA9\HPDiagnosticCoreUI.exe
FirewallRules: [{97B37E4A-3BC7-4861-8164-0EF84083FE2A}] => (Allow) C:\Users\Katharina\AppData\Local\Temp\7zS7CA9\HPDiagnosticCoreUI.exe
FirewallRules: [{5BED5046-4554-412A-A7CA-2E5DE9D27F62}] => (Allow) C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{81F8837C-B2BE-4D2C-8F34-81CD868350F2}] => (Allow) C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C88E2CE0-E8F4-4364-898E-2DE52C8AD4B5}E:\microsoft.office.professional.plus.2013.volume.license.x86.x64.kmsmicro.v3.11.german-mcu\kmsmicrov3.11\qemu\qemu.exe] => (Allow) E:\microsoft.office.professional.plus.2013.volume.license.x86.x64.kmsmicro.v3.11.german-mcu\kmsmicrov3.11\qemu\qemu.exe
FirewallRules: [UDP Query User{693AC832-A70C-4FAB-8076-9F4C0A931522}E:\microsoft.office.professional.plus.2013.volume.license.x86.x64.kmsmicro.v3.11.german-mcu\kmsmicrov3.11\qemu\qemu.exe] => (Allow) E:\microsoft.office.professional.plus.2013.volume.license.x86.x64.kmsmicro.v3.11.german-mcu\kmsmicrov3.11\qemu\qemu.exe
FirewallRules: [{6D86FA9D-C151-4E8C-B22F-17EAC41B8B06}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{96497C63-6BCF-43FB-8230-440E9B6330C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E4F0A7D8-54AD-413D-BD86-E014AE15B76C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE0A2BC3-A2BD-4675-A0C9-28E5191B3438}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B080CBCC-1584-44ED-9088-BC053504331B}C:\users\katharina\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\katharina\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1F3CD3EA-F8FF-432F-B86B-D81C5507AC1F}C:\users\katharina\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\katharina\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CEA9B437-AB38-499A-A4D2-BD7D14AF0100}] => (Block) C:\users\katharina\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CAB37262-DC8C-4716-B608-39DCF940F0DE}] => (Block) C:\users\katharina\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AF7E10B7-94FF-468A-9A1E-D0503BF5D03F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B8C57F02-FAA8-41A3-8412-A8CB66D131A5}] => (Allow) LPort=2869
FirewallRules: [{081F4214-2501-4AC3-AAF2-3EC9E48351C6}] => (Allow) LPort=1900
FirewallRules: [{5840D68F-B3CA-458B-B6B3-12D88CB14182}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4CBFD93-9FC5-46FA-B170-DF969B973E80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8CEBE770-9462-4067-BDD5-AB924A626B31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4A03013C-F34C-4EE1-9979-62C73BDB7B82}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6B8F9021-825E-4325-8DAC-5B2568CF3AD1}] => (Allow) C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0F775B9D-B5F2-4BCB-B30C-8F447EB93BBA}] => (Allow) C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{722F3FF1-64ED-41D2-A822-F59AC5167C82}] => (Allow) C:\Users\Katharina\AppData\Local\Temp\7zS4D42\HPDiagnosticCoreUI.exe
FirewallRules: [{7012AF3C-BC5A-4D18-A549-BE770A2A7980}] => (Allow) C:\Users\Katharina\AppData\Local\Temp\7zS4D42\HPDiagnosticCoreUI.exe
FirewallRules: [{A1E4835E-2EB5-476A-BCD9-80DBF54B1F03}] => (Allow) C:\Users\Katharina\AppData\Local\Temp\7zS4DB1\HPDiagnosticCoreUI.exe
FirewallRules: [{7BDDCF5A-00A6-4225-A6C5-E73913792965}] => (Allow) C:\Users\Katharina\AppData\Local\Temp\7zS4DB1\HPDiagnosticCoreUI.exe
FirewallRules: [{BC791E41-E7AF-4093-92CC-2B95B24DB166}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AA7D835-1935-463A-B0DA-8CF9D48F3E85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E3D5C53D-CAA7-41B0-AA67-1CB0E161B410}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{E4204B5D-E73B-4DF2-85DF-4EC22CA68984}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{5FDADBEA-8B6B-441D-BF36-A17AB0C29034}] => (Allow) LPort=8888
FirewallRules: [{A5B8A3AD-64D1-4D77-89BC-8AE0E51AE6ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1CEFED7-8655-4E7C-929D-77A739267E3E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CCFD390-6366-4C80-A51F-1BADABBCED9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1FE61FB-79CD-4557-9DB1-7C0356026EB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40E92E3B-0B7D-44ED-9E88-3F289E26517C}] => (Allow) LPort=8888
FirewallRules: [{CEC870AF-D288-4AF9-83C6-113B3B06C817}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{9E3F325B-E152-4D33-A587-73324E4923CC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{37D8AF85-8881-4932-9FBC-D251EE6161CA}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{1CBAA448-3E21-4F9A-8861-2B0CD0F9CC44}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2669806-68B9-4D40-9F06-95248084C6AA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A132D67C-47FF-40B6-B1F8-AF3D857E9F08}C:\program files\chemdoodle\jre\bin\javaw.exe] => (Allow) C:\program files\chemdoodle\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D9E09CDF-7F7A-495B-B949-933688B56488}C:\program files\chemdoodle\jre\bin\javaw.exe] => (Allow) C:\program files\chemdoodle\jre\bin\javaw.exe
==================== Wiederherstellungspunkte =========================
23-04-2017 17:21:42 Geplanter Prüfpunkt
01-05-2017 10:34:09 Geplanter Prüfpunkt
09-05-2017 22:20:33 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/14/2017 04:49:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.5.2017.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e68
Startzeit: 01d2ccc0edc637a1
Endzeit: 60000
Anwendungspfad: C:\Users\Katharina\Downloads\FRST64.exe
Berichts-ID: 689e7cfe-38b4-11e7-bf78-206a8af2ea1d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/13/2017 09:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
Error: (05/13/2017 09:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
Error: (05/13/2017 09:34:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/12/2017 11:43:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1265
Error: (05/12/2017 11:43:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1265
Error: (05/12/2017 11:43:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/11/2017 08:08:14 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {157C27F2-767A-4104-9D63-F70929B4FB07}
Error: (05/11/2017 08:08:02 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {157C27F2-767A-4104-9D63-F70929B4FB07}
Error: (05/11/2017 03:45:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13859
Systemfehler:
=============
Error: (05/14/2017 04:42:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/14/2017 04:42:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF24" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-05-14 16:50:57.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:56.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:56.145
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:55.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:54.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:53.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:53.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:52.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:51.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-14 16:50:50.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 3889.6 MB
Verfügbarer physikalischer RAM: 2108.61 MB
Summe virtueller Speicher: 4657.6 MB
Verfügbarer virtueller Speicher: 3035 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:448.98 GB) (Free:210.01 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD954ECF)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
| Themen zu Windows 8.1: SpyProtector |
| antivirus, avira, bonjour, converter, cpu, desktop, device driver, firefox, flash player, homepage, installation, mozilla, mp3, office 365, problem, programm, prozesse, realtek, registry, security, software, svchost.exe, symantec, udp, virus, windows, wlan |
Baum-Darstellung