| |  Phishing-Mail Link geklickt. Daten retten
 Erstmal hallo an alle hier,
ich habe momentan vielleicht ein Problem. Kurz gefasst, ich habe auf einen Link in einer E-mail geklickt und es öffnete sich zwar ein Fenster, aber mein Antivirusprogramm hat nichts angezeigt.
Ich vermute, dass ich jetzt trotzdem infiziert bin. Darauf habe ich von einem anderen Laptop aus erstmal alle Passwörter geändert und in dem infizierten Laptop ganzen Cache, Chookies, Verlauf etc. in dem Browser gelöscht.
Anschließend habe ich Malewarebytes Antimaleware (MAM) und OTL scannen lassen.
Generell hätte ich jetzt kein Problem, meinen Laptop zu formatieren, würde aber lieber vorher paar Daten retten wollen. Zum Glück habe ich das meiste auf einer externen Festplatte, aber die neusten wichtigen Daten noch nicht.
Da ich kein PC-Experte bin wollte ich fragen, ob es möglich ist die restlichen Daten zu sichern? Ich wäre euch sehr dankbar für hilfreiche Tipps und Möglichkeiten.
mfg. Kohna
Hier mein Bericht von der MAM und OTL Zitat:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 23.10.17
Scan-Zeit: 17:49
Protokolldatei: c8cd9178-b809-11e7-b1a0-00262dc14cb8.json
Administrator: Ja
-Softwaredaten-
Version: 3.2.2.2029
Komponentenversion: 1.0.212
Version des Aktualisierungspakets: 1.0.3076
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: SARBAT-PC\SARBAT
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 296468
Erkannte Bedrohungen: 8
In die Quarantäne verschobene Bedrohungen: 8
Abgelaufene Zeit: 14 Min., 5 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 2
PUP.Optional.StartPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}, In Quarantäne, [1881], [396863],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1733954782-861682868-1594596262-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}, In Quarantäne, [1881], [396863],1.0.3076
Registrierungswert: 4
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1733954782-861682868-1594596262-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|FAVICONURL, In Quarantäne, [1881], [396863],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1733954782-861682868-1594596262-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|URL, In Quarantäne, [1881], [396863],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|FAVICONURL, In Quarantäne, [1881], [396862],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|URL, In Quarantäne, [1881], [396862],1.0.3076
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 2
PUP.Optional.DownloadSponsor, C:\USERS\SARBAT\APPDATA\LOCAL\TEMP\SCOPED_DIR10172_10456\JW PLAYER - CHIP-INSTALLER.EXE, In Quarantäne, [521], [413936],1.0.3076
PUP.Optional.DownloadSponsor, C:\USERS\SARBAT\APPDATA\LOCAL\TEMP\SCOPED_DIR5760_8704\GREENSHOT - CHIP-INSTALLER.EXE, In Quarantäne, [521], [349501],1.0.3076
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
| Zitat:
OTL logfile created on: 10/23/2017 6:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SARBAT\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18816)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.18 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 22.56% Memory free
6.35 Gb Paging File | 2.28 Gb Available in Paging File | 35.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 449.25 Gb Free Space | 79.50% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 1.11 Gb Free Space | 3.68% Space Free | Partition Type: NTFS
Computer Name: SARBAT-PC | User Name: SARBAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\SARBAT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\48.0.2685.50\opera_crashreporter.exe (Opera Software)
PRC - C:\Program Files\Opera\48.0.2685.50\opera.exe (Opera Software)
PRC - C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe ()
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes)
PRC - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Opera\48.0.2685.50\opera_browser.dll ()
MOD - C:\Program Files\Opera\48.0.2685.50\libglesv2.dll ()
MOD - C:\Program Files\Opera\48.0.2685.50\libegl.dll ()
MOD - C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd ()
MOD - C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd ()
MOD - C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd ()
MOD - C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd ()
MOD - C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd ()
MOD - C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd ()
MOD - C:\Program Files\Dropbox\Client\tornado.speedups.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebEngine.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd ()
MOD - C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd ()
MOD - C:\Program Files\Dropbox\Client\libGLESv2.dll ()
MOD - C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd ()
MOD - C:\Program Files\Dropbox\Client\libEGL.DLL ()
MOD - C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL ()
MOD - C:\Program Files\Dropbox\Client\fastpath.pyd ()
MOD - C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd ()
MOD - C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd ()
MOD - C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd ()
MOD - C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd ()
MOD - C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd ()
MOD - C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd ()
MOD - C:\Program Files\Dropbox\Client\dropbox_crashpad.dll ()
MOD - C:\Program Files\Dropbox\Client\dropbox_watchdog.dll ()
MOD - C:\Program Files\Dropbox\Client\pythoncom27.dll ()
MOD - C:\Program Files\Dropbox\Client\pywintypes27.dll ()
MOD - C:\Program Files\Dropbox\Client\librsync.dll ()
MOD - C:\Program Files\Dropbox\Client\unicodedata.pyd ()
MOD - C:\Program Files\Dropbox\Client\winxpgui.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32gui.pyd ()
MOD - C:\Program Files\Dropbox\Client\pyexpat.pyd ()
MOD - C:\Program Files\Dropbox\Client\_cffi_backend.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32file.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32security.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32api.pyd ()
MOD - C:\Program Files\Dropbox\Client\_ctypes.pyd ()
MOD - C:\Program Files\Dropbox\Client\sip.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32print.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32evtlog.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32service.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32process.pyd ()
MOD - C:\Program Files\Dropbox\Client\_multiprocessing.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32pipe.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32ts.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32job.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32event.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32profile.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32clipboard.pyd ()
MOD - C:\Program Files\Dropbox\Client\mmapfile.pyd ()
MOD - C:\Program Files\Dropbox\Client\select.pyd ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e0fb0b9ff53a543385844ca3d4fe0e67\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\b275f3c85451b4712ba4441c8b142cdc\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ae69d98037d3a006441b0ad7601aa550\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a940a59838344f50d68b17da426928ad\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\997ae7ebb28384eb69f1b94c2bb2e170\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\83aa5cbe367dcd5373421de6d20441df\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\287a701747b36a5a96b06722de963801\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\1ad7879eeab04304a3b44fbcaf6b6f69\System.ComponentModel.Composition.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8eac3f49e91c9b6efd2f6278b1215da7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c4a944b009f4f07008b4d8cb6feb62bc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\c0849d317d75be9931df2785a5c75ace\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bcfc8f02ea2e1edbf8b711b542f4b43f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\35511e4186f06439802b46ef18ab4a6a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4a34b8e8ee4dff4d0a60143313c17eb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e0c58e3528d935e36495738dd955ab31\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\083ff8b4b0ffd899249c5e4164870e25\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\126c9e6f7c82efed67b0eb48481b436a\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2a4d9d3dc67b64fc0cd7e1156a358702\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ea9038f9beda902e4335491cef411afe\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ab457dffef5cfdbe2178c1273e09caa7\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\91e2bf8b1304a53f2a1ba3e9e1b0f59c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\d9d9029b3aa498c2a0fbce72cd9095ee\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd9ff1a4363781a57e8f7392f230a203\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\676f0c851cf53544c219c57be442c39e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7be1cefc27160df6de5609225ad8ec81\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2c9042a2e992054f144cee45f567968d\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\47c4ac6b41079edce1e1e2d69eef5535\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\00c2b464e52d4e82c04d61592a12a89d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\264e45d650f68a994571ab6eef563bdb\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5859b21b683c9f7f14622b57a90c63f1\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9bcb1a1906be6210598cfc972748830e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7057023b1bb89e4623a922b311be4dba\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d4d707aec7d81ab0129b80cee05e3cf0\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\574a49391addeea2fa98d2eed823956f\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fec007ea17ac8956cc5d6d4074dada6a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\511c39d1efa06d262a6b2f47e2726c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6d3a5bd42cb7680e678605dbc10f7b90\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\367e5b8a038ac76eba17528bb7b3688e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ad8dd536906e94c4bc9cb9b82285580b\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d042662345d4b8ce4a254833d13f666f\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fb963359e1261ca9fb22c7a02cbfc367\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ad92dab7f418877d6a1e0358ce35658a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
========== Services (SafeList) ==========
SRV - (DbxSvc) -- C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Avira.ServiceHost) -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WCAssistantService) -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe ()
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (NVDisplay.ContainerLocalSystem) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
SRV - (dbupdatem) -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (dbupdate) -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (DiagTrack) -- C:\Windows\System32\diagtrack.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (x10nets) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV - (dbx) -- system32\DRIVERS\dbx.sys File not found
DRV - (MBAMFarflt) -- C:\Windows\System32\drivers\farflt.sys (Malwarebytes)
DRV - (MBAMWebProtection) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes)
DRV - (MBAMProtection) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes)
DRV - (MBAMChameleon) -- C:\Windows\System32\drivers\MbamChameleon.sys (Malwarebytes)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes)
DRV - (ESProtectionDriver) -- C:\Windows\System32\drivers\mbae.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avdevprot) -- C:\Windows\System32\drivers\avdevprot.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (Samsung Electronics Co., Ltd.)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (Samsung Electronics Co., Ltd.)
DRV - (avnetflt) -- C:\Windows\System32\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {22F81F80-1D65-452A-8EC3-762CB85B3173}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 73 84 66 02 D8 0C D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {00F536EB-00FE-49C6-A84F-8F1EBF28F22E}
IE - HKCU\..\SearchScopes\{00F536EB-00FE-49C6-A84F-8F1EBF28F22E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{B916F720-CCBD-4F7C-9DEE-883E50C78BEC}: "URL" = https://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.startup.homepage: "www1.online/?w=RD9898"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.141.2: C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.141.2: C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017/03/10 21:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 56.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 56.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017/03/10 21:13:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 56.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 56.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2016/09/13 11:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Extensions
[2017/09/13 20:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\browser-extension-data
[2017/10/21 03:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\browser-extension-data\abs@avira.com
[2017/09/13 20:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\browser-extension-data\screenshots@mozilla.org
[2017/10/21 03:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\extensions
[2017/10/21 03:38:22 | 001,227,258 | ---- | M] () (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\firefox\profiles\F5yPghi0.default\extensions\abs@avira.com.xpi
[2017/10/21 03:38:21 | 001,243,571 | ---- | M] () (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\firefox\profiles\F5yPghi0.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
[2017/10/12 14:26:51 | 000,132,293 | ---- | M] () (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\firefox\profiles\F5yPghi0.default\features\{44d43f93-3fb7-4478-8359-5418637a38b9}\shield-recipe-client@mozilla.org.xpi
[2017/10/12 14:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dropbox] C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [OpenOffice Updater] C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe ()
O4 - HKCU..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab (Java Plug-in 11.141.2)
O16 - DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab (Java Plug-in 1.8.0_121)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab (Java Plug-in 11.141.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6AFF5B-072D-4B6C-929A-C21954DB165D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2017/10/23 18:35:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SARBAT\Desktop\OTL.exe
[2017/10/23 18:11:40 | 000,091,576 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/10/23 17:48:59 | 000,166,840 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
[2017/10/23 17:48:50 | 000,065,824 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/10/23 17:48:41 | 000,040,384 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/10/23 17:48:31 | 000,221,112 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2017/10/23 17:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/10/23 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/10/23 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/10/23 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\SARBAT\Desktop\Neuer Ordner
[2017/10/19 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017/10/17 17:48:08 | 000,043,336 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\DbxSvc.exe
[2017/10/17 17:48:08 | 000,035,432 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-dev.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-stable.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-canary.sys
[2017/10/12 14:02:58 | 124,059,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2017/10/11 18:14:53 | 004,547,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2017/10/11 18:14:52 | 002,402,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2017/10/11 18:14:52 | 000,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2017/10/11 18:14:51 | 003,945,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2017/10/11 18:14:51 | 001,549,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2017/10/11 18:14:50 | 004,001,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2017/10/11 18:14:50 | 002,058,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2017/10/11 18:14:50 | 000,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2017/10/11 18:14:50 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2017/10/11 18:14:49 | 003,209,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2017/10/11 18:14:49 | 000,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2017/10/11 18:14:49 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2017/10/11 18:14:48 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2017/10/11 18:14:48 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2017/10/11 18:14:48 | 000,392,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2017/10/11 18:14:47 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2017/10/11 18:14:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2017/10/11 18:14:47 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2017/10/11 18:14:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2017/10/11 18:14:47 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2017/10/11 18:14:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2017/10/11 18:14:47 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2017/10/11 18:14:47 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2017/10/11 18:14:47 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2017/10/11 18:14:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2017/10/11 18:14:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2017/10/11 18:14:47 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2017/10/11 18:14:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2017/10/11 18:14:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2017/10/11 18:14:46 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2017/10/11 18:14:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2017/10/11 18:14:46 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2017/10/11 18:14:46 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2017/10/11 18:14:46 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2017/10/11 18:14:46 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2017/10/11 18:14:46 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2017/10/11 18:14:46 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2017/10/11 18:14:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2017/10/11 18:14:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2017/10/11 18:14:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2017/10/11 18:14:46 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2017/10/11 18:14:46 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2017/10/11 18:14:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2017/10/11 18:14:46 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2017/10/11 18:14:46 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2017/10/11 18:14:46 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2017/10/11 18:14:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2017/10/11 18:14:46 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2017/10/11 18:14:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2017/10/11 18:14:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2017/10/11 18:14:46 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2017/10/11 18:14:46 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2017/10/11 18:14:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2017/10/11 18:14:46 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2017/10/11 18:14:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2017/10/11 18:14:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2017/10/11 18:14:46 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2017/10/11 18:14:46 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2017/10/11 18:14:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2017/10/11 18:14:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2017/10/11 18:14:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2017/10/11 18:14:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2017/10/11 18:14:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2017/10/11 18:14:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2017/10/11 18:14:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2017/10/11 18:14:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2017/10/11 18:14:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017/10/23 18:35:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SARBAT\Desktop\OTL.exe
[2017/10/23 18:23:36 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/10/23 18:23:36 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/10/23 18:11:40 | 000,091,576 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/10/23 18:11:40 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/10/23 18:11:40 | 000,040,384 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/10/23 18:08:42 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
[2017/10/23 18:08:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/10/23 18:08:12 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2017/10/23 17:56:19 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
[2017/10/23 17:48:59 | 000,166,840 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
[2017/10/23 17:48:31 | 000,221,112 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2017/10/23 17:47:43 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/10/23 00:29:02 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2017/10/17 17:48:08 | 000,043,336 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\DbxSvc.exe
[2017/10/17 17:48:08 | 000,035,432 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-dev.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-stable.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-canary.sys
[2017/10/16 19:13:12 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2017/10/16 19:13:12 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2017/10/15 16:42:59 | 001,115,458 | ---- | M] () -- C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
[2017/10/13 13:53:39 | 000,699,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2017/10/13 13:53:39 | 000,654,140 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017/10/13 13:53:39 | 000,149,450 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2017/10/13 13:53:39 | 000,122,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017/10/12 18:34:01 | 000,472,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2017/10/12 14:03:00 | 124,059,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2017/10/04 13:15:42 | 000,059,904 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys
[2017/09/23 20:40:21 | 000,130,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017/10/23 17:47:43 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/10/23 17:47:38 | 000,059,904 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017/10/23 00:29:02 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2017/10/15 16:42:16 | 001,115,458 | ---- | C] () -- C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
[2017/09/01 22:57:41 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2017/09/01 22:57:41 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2017/09/01 21:49:44 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2017/03/10 20:55:50 | 000,233,456 | ---- | C] () -- C:\Windows\hpoins47.dat
[2017/02/07 14:33:12 | 000,269,600 | ---- | C] () -- C:\Windows\System32\vulkan-1.dll
[2017/02/07 14:33:12 | 000,110,880 | ---- | C] () -- C:\Windows\System32\vulkaninfo.exe
[2017/01/25 20:13:28 | 035,233,328 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2016/10/13 09:41:29 | 000,233,355 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2016/10/13 09:41:29 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2016/09/09 20:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\System32\vulkan-1-1-0-26-0.dll
[2016/09/09 20:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\System32\vulkaninfo-1-1-0-26-0.exe
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/15 17:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 83 bytes -> C:\Users\SARBAT\Desktop\Projektmanagement:com.dropbox.attributes
< End of report >
| Zitat:
OTL Extras logfile created on: 10/23/2017 6:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SARBAT\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18816)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.18 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 22.56% Memory free
6.35 Gb Paging File | 2.28 Gb Available in Paging File | 35.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 449.25 Gb Free Space | 79.50% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 1.11 Gb Free Space | 3.68% Space Free | Partition Type: NTFS
Computer Name: SARBAT-PC | User Name: SARBAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1060D103-90D8-4B8C-B244-959842EB4B6E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1D6017BE-A550-4709-8D3B-5216FD0D985C}" = lport=137 | protocol=17 | dir=in | app=system |
"{28DBFF41-5648-4552-B3F8-9B617E1CA5EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{41A27EBD-B185-4D78-B53C-84F23D654B3E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\opera\48.0.2685.39\opera.exe |
"{50FE4E62-04E5-4761-891A-86CBDF901D43}" = rport=138 | protocol=17 | dir=out | app=system |
"{51B9CE97-C47C-4107-AEC2-D0FAB9B8F29B}" = rport=445 | protocol=6 | dir=out | app=system |
"{58780FB4-80F9-45F1-9D61-E26AD9DC01FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8390ACE0-49BB-4107-A8BE-FB740D64436B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E4F83AD-41DD-4512-8E15-3C181BB44173}" = lport=138 | protocol=17 | dir=in | app=system |
"{9368977F-51E4-4408-AE6A-FFE387880EA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9513971E-A24D-4700-B60F-6A625D988B34}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\opera\48.0.2685.50\opera.exe |
"{9E1DF86D-E79C-41E4-B5CA-4893302BF4C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9EF866D-5D3B-4E29-A0D8-09AAF11F7B74}" = lport=139 | protocol=6 | dir=in | app=system |
"{C25576EE-60F4-4B42-BF69-6A7ECD4F66D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{D76C0F1E-888D-4289-BD8A-6210885792BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DA139DCA-7E57-4714-A03C-A0D0DDE972E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC5A7F37-4D8A-47FD-91EE-B1FA70382C1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F895F050-B559-4578-98D4-91A07E64AE51}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05916671-9299-46E5-A584-9297D56D0E04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{101694CC-978D-4204-AF2E-84C24C6CE28B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{10D06981-C45F-4DE5-8D99-9029D0DA5894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2B149D1F-1C8C-46FD-8DE4-66E6DF7160D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2C9F2046-15FD-4D51-9091-E6FD67D75874}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3147CA70-0D03-4D61-B979-D53CD904BB81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{36E5E1B5-A087-4A67-BBDE-CC5403A353EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{55CC1B6A-3695-4B99-923E-A0E1843E2430}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{625C91B8-0342-4013-A059-BC58F5ECF94B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6460CEE5-80DC-45F7-A37D-865EE6C3110E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6699CC78-98F9-4B69-8461-8EDF1654F24B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6D5F4FF9-4102-4440-8FBD-AB939941172C}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{71F39BC3-7F61-4FCC-AAD0-E134E016E307}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{723B0637-366C-4656-A5FD-0C7A6C8C38EF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{7DACDA9C-CBCB-4596-8C1B-130D6236D105}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88734459-98E5-4EBA-AFBD-C6102C401C95}" = dir=in | app=e:\setup\hpznui01.exe |
"{90DD7FB5-380E-4D28-A698-9433761F5646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94310E3C-1C04-4165-8B16-1C8EF32D15DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94C6DDB5-5BA0-4C79-8E39-21BB702EEB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94EA3DBD-F490-4B7E-857C-BE6BB7DA2BC5}" = dir=in | app=c:\program files\dropbox\client\dropbox.exe |
"{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{9D409B5F-E51B-468C-92F3-8959F692E1B7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B425E638-1829-4A42-A3CD-37D7FC768DE4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C91C628F-5C05-4027-AF4F-5C8CF2F81613}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C9C499E5-736D-4C19-B3F3-8BD1FF9C1054}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CACB9EE4-9A80-45FA-84E2-FEADE1C2D886}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D1FFAEF3-C6A6-402E-BD60-1CD879664965}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D3741DB1-E99D-492C-8113-28E1BD3626C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{DD83B366-C6ED-4B58-8435-0768E81A1FF1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{EB3B3BC1-FF9D-4248-911B-7F72E1C3D3AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F11403C2-449B-46C1-B54E-2397026A23D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FC60236F-8CEA-4E2F-A91B-2BE85E5E2C9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"TCP Query User{1D625DD7-B346-470B-81D8-A5E128CB3CF7}C:\users\sarbat\documents\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\sarbat\documents\age of empires ii\empires2.exe |
"TCP Query User{28F63C74-5DA3-431B-872F-D1605888B5DE}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{4BD084BC-47E0-4672-A91B-61D760CA3AA5}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"UDP Query User{68C6BB30-61BF-4D95-BC87-FA6F10EE9C6A}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{9D4F346A-B4CB-45B1-9016-4722820BD821}C:\users\sarbat\documents\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\sarbat\documents\age of empires ii\empires2.exe |
"UDP Query User{C9F12131-48AA-4D9E-88FA-3754B59E31D9}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}" = Minecraft
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2297ea72-567b-4acb-9bc8-a965250b5b56}" = Web Companion
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F32180141F0}" = Java 8 Update 141
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A842F3F-CE6D-3DFD-9ECB-9CC3C5150A67}" = Microsoft .NET Framework 4.7
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes Version 3.2.2.2029
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}" = Avira
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D5FCC56-BB9F-4122-923C-71753F50F6F5}" = OpenOffice 4.1.3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{e6e75766-da0f-4ba2-9788-6ea593ce702d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{f5da837f-e932-4f55-995c-7e97c5cbebdd}" = Avira
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 27 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 27 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 27 PPAPI
"Avira Antivirus" = Avira Antivirus
"AviSynth" = AviSynth 2.6
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"Dropbox" = Dropbox
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Mozilla Firefox 56.0 (x86 de)" = Mozilla Firefox 56.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 48.0.2685.50" = Opera Stable 48.0.2685.50
"Recuva" = Recuva
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0
"Websuche" = Websuche
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.40 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! SearchSet" = Yahoo Search Set
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"036a0e4fc6a247ec" = MyHarmony
"OpenOffice Updater" = OpenOffice Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/30/2017 9:05:58 PM | Computer Name = SARBAT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel:
0x4acfa581 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01834ab3 ID des fehlerhaften Prozesses:
0x6ca8 Startzeit der fehlerhaften Anwendung: 0x01d33a5010828cd6 Pfad der fehlerhaften
Anwendung: C:\Program Files\HP\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: aeb71540-a644-11e7-9fa5-00262dc14cb8
Error - 10/9/2017 1:28:51 PM | Computer Name = SARBAT-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 47.0.2631.80 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9430 Startzeit:
01d33e005acb9b1d Endzeit: 3855 Anwendungspfad: C:\Program Files\Opera\47.0.2631.80\opera.exe
Berichts-ID:
0b5f2495-ad17-11e7-9fa5-00262dc14cb8
Error - 10/12/2017 8:19:34 AM | Computer Name = SARBAT-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 10/17/2017 11:27:35 AM | Computer Name = SARBAT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera_autoupdate.exe, Version: 48.0.2685.39,
Zeitstempel: 0x59dbb456 Name des fehlerhaften Moduls: opera_autoupdate.exe, Version:
48.0.2685.39, Zeitstempel: 0x59dbb456 Ausnahmecode: 0x80000003 Fehleroffset: 0x000c2d94
ID
des fehlerhaften Prozesses: 0x2138 Startzeit der fehlerhaften Anwendung: 0x01d3475c6283d73b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Berichtskennung:
b32c094c-b34f-11e7-ad35-00262dc14cb8
Error - 10/21/2017 10:32:37 AM | Computer Name = SARBAT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 56.0.0.6478,
Zeitstempel: 0x59cab8da Name des fehlerhaften Moduls: xul.dll, Version: 56.0.0.6478,
Zeitstempel: 0x59cab8c9 Ausnahmecode: 0x80000003 Fehleroffset: 0x00c47e59 ID des fehlerhaften
Prozesses: 0x31d0 Startzeit der fehlerhaften Anwendung: 0x01d34a104438963d Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung:
ae9a954b-b66c-11e7-9e38-00262dc14cb8
[ System Events ]
Error - 10/21/2017 1:59:25 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =
Error - 10/21/2017 1:59:38 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =
Error - 10/21/2017 2:02:06 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Service Host erreicht.
Error - 10/21/2017 2:11:49 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 10/22/2017 2:15:31 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%5
Error - 10/22/2017 2:16:00 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =
Error - 10/22/2017 6:21:03 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =
Error - 10/22/2017 6:21:10 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%5
Error - 10/23/2017 8:50:56 AM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Avira.ServiceHost erreicht.
Error - 10/23/2017 12:17:05 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
|
|
23.10.2017, 18:08
Baum-Darstellung