Windows 8: Schädlingsbefall installiert eigenständig Programme
Hallo liebes Forum,
meine Schwester hat sich einen Spam-Programm Virus zugezogen.
Könnt ihr mit bitte helfen ihn zu entfernen?
Es wurden um die 16 Schadprogramme vom Virus installiert.
1. Systemscan mit FRST Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
durchgeführt von Malu (Administrator) auf DEEPTHOUGHT (03-02-2016 19:09:46)
Gestartet von C:\Users\Malu\Desktop\Rettung\Schritt 1
Geladene Profile: Malu & UpdatusUser (Verfügbare Profile: Malu & UpdatusUser)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-
tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Users\Malu\AppData\Local\B84FECC0-1450288439-81F6-2975-7054D279E98C\qnsjC995.tmp
() C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\knsu494F.tmp
() C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\hnsc6D5.tmp
() C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\jnsdE244.tmp
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TomorrowGames) C:\ProgramData\TomorrowGames\TomorrowGames.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TomorrowGames) C:\ProgramData\TomorrowGames\TomorrowGames.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Users\Malu\AppData\Local\gmsd_de_005010173\upgmsd_de_005010173.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\RCP\RegCleanPro.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe
(Internet Monitor) C:\Users\Malu\AppData\Roaming\BandwidthStat\bandwidthstat.exe
(Honest Technology) C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe
() C:\Program Files (x86)\gmsd_de_005010171\gmsd_de_005010171.exe
() C:\Program Files (x86)\gmsd_de_005010173\gmsd_de_005010173.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Farbar) C:\Users\Malu\Desktop\Rettung\Schritt 1\1b.FRST64.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei
wird nicht verschoben.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010
-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe
Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft
Corporation)
HKLM-x32\...\Run: [dply_en_015020165] => [X]
HKLM-x32\...\Run: [gmsd_de_005010165] => [X]
HKLM-x32\...\Run: [rec_en_77] => [X]
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe [3225088 2015-10-27] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Malu\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies
Ltd.)
HKLM-x32\...\Run: [gmsd_de_005010171] => C:\Program Files (x86)\gmsd_de_005010171\gmsd_de_005010171.exe [4337840 2015-12-09] ()
HKLM-x32\...\Run: [gmsd_de_005010173] => C:\Program Files (x86)\gmsd_de_005010173\gmsd_de_005010173.exe [3613360 2015-12-11] ()
HKLM-x32\...\RunOnce: [upgmsd_de_005010165.exe] => C:\Users\Malu\AppData\Local\gmsd_de_005010165\upgmsd_de_005010165.exe [3282608 2015
-12-03] ()
HKLM-x32\...\RunOnce: [upgmsd_de_005010171.exe] => C:\Users\Malu\AppData\Local\gmsd_de_005010171\upgmsd_de_005010171.exe [3280560 2015
-12-09] ()
HKLM-x32\...\RunOnce: [updpcc_en_026010171.exe] => C:\Users\Malu\AppData\Local\DailyPcClean Support\updpcc_en_026010171.exe [3281584
2015-12-09] ()
HKLM-x32\...\RunOnce: [upgmsd_de_005010173.exe] => C:\Users\Malu\AppData\Local\gmsd_de_005010173\upgmsd_de_005010173.exe [3276976 2015
-12-11] ()
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [Spotify Web Helper] => C:\Users\Malu\AppData\Roaming\Spotify
\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [Facebook Update] => C:\Users\Malu\AppData\Local\Facebook\Update
\FacebookUpdate.exe [138096 2014-09-30] (Facebook Inc.)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [Google Update] => C:\Users\Malu\AppData\Local\Google\Update
\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6446744
2015-09-08] (Daum Kakao Corp. )
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [Spotify] => C:\Users\Malu\AppData\Roaming\Spotify\Spotify.exe [8270448
2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [CrashService] => "C:\Users\Malu\AppData\Local\BoBrowser\Application
\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [DeskBar] => C:\Users\Malu\AppData\Local\DeskBar\dblaunch.exe [239104 2015-
11-09] ()
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe
[1991600 2015-10-22] (YTDownloader)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver
\1.42.1.2719\jsdrv.exe [3225088 2015-10-27] ()
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Run: [BandwidthStat] => C:\Users\Malu\AppData\Roaming\BandwidthStat
\bandwidthstat.exe [569344 2015-12-10] (Internet Monitor)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\MountPoints2: {4a573795-f4af-11e3-be69-84a6c8ecd6fe} - "G:\WD SmartWare.exe"
autoplay=true
HKU\S-1-5-21-2714434453-329265641-3205536515-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-
29] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\WINDOWS\system32\cmd.exe /C del "C:\ProgramData\Microsoft
Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90120000-006E-0407-0000-0000000FF1CE}] => C:\WINDOWS\system32\cmd.exe /C del "C:\ProgramData\Microsoft
Help\Rgstrtn.lck" /Q /A:H
AppInit_DLLs: C:\ProgramData\TomorrowGames\TomorrowGames64.dll => C:\ProgramData\TomorrowGames\TomorrowGames64.dll [1091072 2015-11-29]
(TomorrowGames)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\ProgramData\TomorrowGames\TomorrowGames32.dll => C:\ProgramData\TomorrowGames\TomorrowGames32.dll [852992 2015-11
-29] (TomorrowGames)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\honestech Audio Recorder 2.0 Deluxe Launcher.lnk [2015-11-15]
ShortcutTarget: honestech Audio Recorder 2.0 Deluxe Launcher.lnk -> C:\Program Files (x86)\honestech Audio Recorder 2.0 Deluxe
\HTARLauncher.exe (Honest Technology)
Startup: C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-06-23]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-20]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Malu\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um
einen Registryeintrag handelt.)
ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50896;https=127.0.0.1:50896
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Sifgaykb.dll [289128 2015-12-05] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Sifgaykb.dll [289128 2015-12-05] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Sifgaykb.dll [289128 2015-12-05] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Sifgaykb.dll [289128 2015-12-05] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Sifgaykb.dll [289128 2015-12-05] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Sifgaykb64.dll [375144 2015-12-05] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Sifgaykb64.dll [375144 2015-12-05] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Sifgaykb64.dll [375144 2015-12-05] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Sifgaykb64.dll [375144 2015-12-05] ()
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Sifgaykb64.dll [375144 2015-12-05] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4888394C-341A-41F0-9844-AEF69CBCD9AD}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{4888394C-341A-41F0-9844-AEF69CBCD9AD}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{67D4C106-85BB-49BE-B90B-B6973394A1EB}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?
type=hp&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?
type=hp&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?
type=hp&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?
type=hp&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-
homes.com/web/?type=ds&ts=1418368428&from=wpm12123&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?
pid=s&s=FCAztutdk0004,825e3d8f-f7e8-4867-92eb-4e885d3d73f7&vp=ch&prd=set
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
hxxp://t.de.msn.com/
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-
plus.com/?type=hp&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-
homes.com/web/?type=ds&ts=1418368428&from=wpm12123&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
URLSearchHook: [S-1-5-21-2714434453-329265641-3205536515-1002] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?
type=ds&ts=1413741698&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB72478&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-
1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://do-
search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-
1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-
search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-
1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-
search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-
1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-
search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-
1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {45252262-A0FB-437B-A8EF-2BA5FECBC96E} URL = hxxp://www-
searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=FCAztutdk0004,825e3d8f-f7e8-4867-92eb-4e885d3d73f7
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449310606&a=1008661&uuid=d721439e-2a5c-45ae-bab6-3357a5b99e4b
SearchScopes: HKU\S-1-5-21-2714434453-329265641-3205536515-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-
search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-
1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-10-27] (Goobzo Ltd.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin
\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft
Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office
\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-10-27] (Goobzo Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin
\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
FireFox:
========
FF ProfilePath: C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FCAztutdk0004,825e3d8f-f7e8-4867-92eb-4e885d3d73f7
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll [2014-06-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-15] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05]
(Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA
Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23]
(NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12
-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12
-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2714434453-329265641-3205536515-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Malu\AppData
\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2714434453-329265641-3205536515-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Malu\AppData\Roaming
\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2714434453-329265641-3205536515-1001: @talk.google.com/O1DPlugin -> C:\Users\Malu\AppData\Roaming\Mozilla
\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2714434453-329265641-3205536515-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Malu\AppData\Local
\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2714434453-329265641-3205536515-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Malu\AppData\Local
\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF user.js: detected! => C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\user.js [2015-12-20]
FF Plugin ProgramFiles/Appdata: C:\Users\Malu\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Malu\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\searchplugins\delta-homes.xml [2015-12-20]
FF SearchPlugin: C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\searchplugins\smod.xml [2015-12-10]
FF SearchPlugin: C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\searchplugins\trovi.xml [2015-05-03]
FF SearchPlugin: C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\searchplugins\V9.xml [2015-05-03]
FF Extension: Default NewTab - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\extensions
\default_newtabff@gmail.com [2015-12-05] [ist nicht signiert]
FF Extension: Super Great 1.0.1 - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\extensions\{cc827a9e-7e07-
47fc-a758-1182eb9e0d1b}.xpi [2015-12-05] [ist nicht signiert]
FF Extension: YahooToolsProtected - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\extensions
\yahooprotected@gmail.com.xpi [2015-12-06] [ist nicht signiert]
FF Extension: Shopper-Pro - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\extensions\{746505DC-0E21-4667-
97F8-72EA6BCF5EEF} [2015-12-05] [ist nicht signiert]
FF Extension: "Extension Logo - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\Extensions
\@4AE12C8DE5EA8475249AB327649DF50C4AE1.xpi [2015-12-05] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default\Extensions\{d10d0bf8-f5b5-c8b4-
a8b2-2b9879e08c5d}.xpi [2015-12-05]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-
4CEB-BF58-E0643994E900}.xpi [2014-12-15] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{36836376-734D-4F52-8C9E-E25250C984C0}] - C:\Program Files\groover051220151319\Firefox\{36836376-
734D-4F52-8C9E-E25250C984C0}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles
\rpfqdotj.default\extensions\quick_searchff@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\rpfqdotj.default
\extensions\sweetsearch@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{36836376-734D-4F52-8C9E-E25250C984C0}] - C:\Program Files\groover051220151319\Firefox\{36836376-
734D-4F52-8C9E-E25250C984C0}.xpi => nicht gefunden
FF HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program
Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-20]
[ist nicht signiert]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!4AE12C8DE5EA8475249AB327649DF50C4AE1.js [2015-12-05] <==== ACHTUNG
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\4AE12C8DE5EA8475249AB327649DF50C4AE1 [2015-12-05] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-
02-03]
CHR Extension: (Google Drive) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
[2016-02-03]
CHR Extension: (YouTube) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
[2016-02-03]
CHR Extension: (Google-Suche) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
[2016-02-03]
CHR Extension: (Security Protection) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions
\noajmlkipclmeolfcnflkjhijkigpfjh [2016-02-03]
CHR Extension: (Quick start) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[2016-02-03]
CHR Extension: (Google Mail) - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
[2016-02-03]
CHR Extension: (Extension Logo) - C:\Users\Malu\AppData\Local\Extension Logo\Component [2016-02-03]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default
\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-12]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default
\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx [2014-10-19]
CHR HKU\S-1-5-21-2714434453-329265641-3205536515-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default
\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Malu\AppData\Local\Google\Chrome\User Data\Default
\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx [2014-10-19]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Malu\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp
[2015-12-05]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht
separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-06-23] (Adobe Systems)
[Datei ist nicht signiert]
S2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] ()
S2 ginoquci; C:\Users\Malu\AppData\Local\Temp\nswD69A.tmp [222208 2015-12-05] () [Datei ist nicht signiert]
R2 hidekoqe; C:\Users\Malu\AppData\Local\B84FECC0-1450288439-81F6-2975-7054D279E98C\qnsjC995.tmp [142336 2015-10-13] () [Datei ist
nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 mebycizi; C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\knsu494F.tmp [642048 2015-12-11] () [Datei ist nicht
signiert]
R2 nyneryxo; C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\hnsc6D5.tmp [134656 2015-12-05] () [Datei ist nicht
signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-25] (Electronic Arts)
R2 roqenufe; C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\jnsdE244.tmp [307200 2015-12-05] () [Datei ist nicht
signiert]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-10-27] (ShopperPro)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
[Datei ist nicht signiert]
R2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-09] (Taiwan Shui Mu Chih Ching Technology Limited)
<==== ACHTUNG
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [X]
S2 Paitd; "C:\Users\Malu\AppData\Roaming\LutgeOgatqe\Caipdiwv.exe" -cms [X]
S2 Wajam Web Enhancer; "C:\Program Files\WajaWebEnhancer\wajam_64.exe" [X] <==== ACHTUNG
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht
separat aufgelistet wird.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2015-12-05] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-10-22] (YTDownloader)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-10-27] ()
R2 SPDRIVER_1.42.1.2719; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.sys [52376 2015-10-27] ()
R1 swsedrvr_vw_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys [57720 2015-09-22] (SS)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R4 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht
separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-03 19:09 - 2016-02-03 19:09 - 00000000 ____D C:\FRST
2016-02-03 19:07 - 2016-02-03 19:07 - 00000000 ____D C:\Users\Malu\Desktop\Rettung
2016-02-03 18:45 - 2016-02-03 18:45 - 00002094 _____ C:\Users\Malu\Desktop\chrome.lnk
2016-01-23 11:32 - 2016-01-23 11:33 - 00000000 ____D C:\Users\Malu\Desktop\23.01.16
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-03 19:09 - 2015-12-11 18:28 - 00000000 ____D C:\Users\Malu\AppData\Local\gmsd_de_005010173
2016-02-03 19:09 - 2015-12-11 17:21 - 00003090 _____ C:\WINDOWS\System32\Tasks\RegClean Pro
2016-02-03 19:06 - 2015-12-11 18:27 - 00000376 _____ C:\WINDOWS\Tasks\BPEOCNXY1.job
2016-02-03 19:06 - 2015-12-11 18:27 - 00000364 ____H C:\WINDOWS\Tasks\CJATHEEUKPPTKHQQ.job
2016-02-03 19:06 - 2015-12-10 19:30 - 00000000 ____D C:\Users\Malu\AppData\Local\DailyPcClean Support
2016-02-03 19:06 - 2015-12-10 18:29 - 00000000 ____D C:\Users\Malu\AppData\Local\gmsd_de_005010171
2016-02-03 19:06 - 2015-12-05 11:30 - 00000000 ____D C:\Users\Malu\AppData\Local\gmsd_de_005010165
2016-02-03 19:06 - 2015-12-05 11:29 - 00000000 ____D C:\Program Files (x86)\Fast-Search
2016-02-03 19:06 - 2014-10-30 21:39 - 00000000 ___RD C:\Users\Malu\OneDrive
2016-02-03 19:06 - 2014-06-15 18:58 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-03 18:47 - 2014-06-15 17:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2714434453-
329265641-3205536515-1001
2016-02-03 18:45 - 2015-12-05 11:18 - 00000000 ____D C:\Users\Malu\AppData\Local\BoBrowser
2016-02-03 18:42 - 2015-05-12 22:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-03 18:42 - 2015-05-12 22:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-03 18:38 - 2014-06-15 18:58 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-03 18:33 - 2014-09-30 20:28 - 00000948 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-
1001UA.job
2016-01-28 19:17 - 2014-08-17 10:27 - 00000000 ____D C:\ProgramData\Origin
2016-01-28 19:17 - 2014-08-16 23:53 - 00000000 ____D C:\Users\Malu
2016-01-28 18:59 - 2014-10-28 20:15 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-
1001UA.job
2016-01-28 18:34 - 2014-03-18 11:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-28 18:34 - 2014-03-18 10:25 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-28 18:34 - 2014-03-18 10:25 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-28 18:34 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-16 12:24 - 2014-06-16 15:20 - 00000000 ____D C:\Users\Malu\AppData\Roaming\vlc
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-12-02 18:32 - 2015-12-02 18:32 - 6420480 _____ () C:\Program Files (x86)\GUT39C5.tmp
2015-12-04 15:22 - 2015-12-04 15:22 - 0000855 _____ () C:\Users\Malu\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\Malu\AppData\Local\Temp\4141.tmp.exe
C:\Users\Malu\AppData\Local\Temp\amisetup0286__15940.exe
C:\Users\Malu\AppData\Local\Temp\amisetup1812__15940.exe
C:\Users\Malu\AppData\Local\Temp\amisetup5783__15940.exe
C:\Users\Malu\AppData\Local\Temp\amisetup7348__15940.exe
C:\Users\Malu\AppData\Local\Temp\amisetup7524__15940.exe
C:\Users\Malu\AppData\Local\Temp\amisetup8850__16165.exe
C:\Users\Malu\AppData\Local\Temp\AzROG7Y9Ay.exe
C:\Users\Malu\AppData\Local\Temp\bitool.dll
C:\Users\Malu\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Malu\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Malu\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Malu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpclf1gj.dll
C:\Users\Malu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnbfy2w.dll
C:\Users\Malu\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmrc3s.dll
C:\Users\Malu\AppData\Local\Temp\fsd65AD.exe
C:\Users\Malu\AppData\Local\Temp\fsdC66A.exe
C:\Users\Malu\AppData\Local\Temp\fsdF460.exe
C:\Users\Malu\AppData\Local\Temp\iDRIVsxNaD.exe
C:\Users\Malu\AppData\Local\Temp\iGKnk5klB0.exe
C:\Users\Malu\AppData\Local\Temp\InstallHelper.exe
C:\Users\Malu\AppData\Local\Temp\L4f23B14GQ.exe
C:\Users\Malu\AppData\Local\Temp\lBnJHiWX3B.exe
C:\Users\Malu\AppData\Local\Temp\oprun17113.exe
C:\Users\Malu\AppData\Local\Temp\oprun29503.exe
C:\Users\Malu\AppData\Local\Temp\prog.exe
C:\Users\Malu\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Malu\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Malu\AppData\Local\Temp\SpOrder.dll
C:\Users\Malu\AppData\Local\Temp\TjMeSHf4iK.exe
C:\Users\Malu\AppData\Local\Temp\Uninstall.exe
C:\Users\Malu\AppData\Local\Temp\UninstallModule.exe
C:\Users\Malu\AppData\Local\Temp\upd.exe
C:\Users\Malu\AppData\Local\Temp\xJK4umZNuQ.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll
[2015-03-12 16:50] - [2015-12-05 11:41] - 0657920 ____A (Microsoft Corporation) 19BD08616862898EEED2990D4E9F9312
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-03-12 16:49] - [2015-12-05 11:41] - 0498688 ____A (Microsoft Corporation) AAF4441E83FA73DDD870EA281509838E
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-01-16 12:35
==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-01-2016
durchgeführt von Malu (2016-02-03 19:11:05)
Gestartet von C:\Users\Malu\Desktop\Rettung\Schritt 1
Windows 8.1 (X64) (2014-08-17 07:13:31)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2714434453-329265641-3205536515-500 - Administrator - Disabled)
Gast (S-1-5-21-2714434453-329265641-3205536515-501 - Limited - Disabled)
Malu (S-1-5-21-2714434453-329265641-3205536515-1001 - Administrator - Enabled) => C:\Users\Malu
UpdatusUser (S-1-5-21-2714434453-329265641-3205536515-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced ScreenSnapshot 1.1 (HKLM\...\{61FFE1F9-137D-4c31-A181-3415FCAA5946}) (Version: 1.1.0.11070 - qiusheng xie) <==== ACHTUNG
AnySend (HKLM-x32\...\ASPackage) (Version: - CMI Limited) <==== ACHTUNG
BandwidthStat (HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\BandwidthStat) (Version: 1.0 - BandwidthStat)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Compatible Web Directory (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Compatible Web Directory) <==== ACHTUNG
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DailyPcClean Support (HKLM-x32\...\dpcc_en_026010171_is1) (Version: - Tuto4PC.Com) <==== ACHTUNG
DailyPCClean v4.1 (HKLM-x32\...\DailyPCClean_is1) (Version: 4.1 - Tuto4PC.Com) <==== ACHTUNG
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Dropbox (HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Extension Logo (HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\{D69E2DF6-6EED-384C-E0F4-DE4F7817D7FE}) (Version: 1.1.7 - Diner Image corp) <==== ACHTUNG
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.59.525 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.59.525 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GamesDesktop 014.005010171 (HKLM-x32\...\gmsd_de_005010171_is1) (Version: - GAMESDESKTOP) <==== ACHTUNG
GamesDesktop 014.005010173 (HKLM-x32\...\gmsd_de_005010173_is1) (Version: - GAMESDESKTOP) <==== ACHTUNG
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
honestech Audio Recorder 2.0 Deluxe (HKLM-x32\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0 - Honest Technology) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.7.935 - Kakao)
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - systweak.com) <==== ACHTUNG
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ACHTUNG
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ACHTUNG
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ACHTUNG
Spotify (HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ACHTUNG
TomorrowGames (HKLM-x32\...\TomorrowGames) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 4.02 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.11 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.129 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ACHTUNG
YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) <==== ACHTUNG
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Malu\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2714434453-329265641-3205536515-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Malu\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {016D3C2D-F9BD-4B86-98C4-C693AE043CA8} - System32\Tasks\CJATHEEUKPPTKHQQ => C:\ProgramData\Service1104\Service1104.exe [2015-12-11] () <==== ACHTUNG
Task: {01EBEC18-A310-4F39-9647-9A0D0858EBE6} - System32\Tasks\avabvbxvh => C:\Users\Malu\AppData\Local\avabvbxvh\avabvbxvh.exe [2015-05-13] () <==== ACHTUNG
Task: {02115097-7A4F-4334-91C1-34BCA7E6430E} - System32\Tasks\kol3015 => C:\Program Files (x86)\Fast-Search\kol3015.exe [2015-11-19] () <==== ACHTUNG
Task: {022F6039-4741-4F94-AA55-AC73E522843D} - System32\Tasks\{63B0AEA8-D408-4567-B18C-401600C921A1} => pcalua.exe -a C:\Users\Malu\AppData\Local\B84FECC0-1449314356-81F6-2975-7054D279E98C\Uninstall.exe
Task: {05C85DE3-D80E-4701-A3E0-800BD6F5AF3C} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RCP\RegCleanPro.exe [2015-11-20] () <==== ACHTUNG
Task: {0A9C9C4C-7F15-4878-B1C8-9DDE25A8CB7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {0BF0C81D-40F6-49A0-9EEC-28FC42F08CE2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-10-22] (YTDownloader) <==== ACHTUNG
Task: {1B0511E6-ABE1-4D4D-8522-E5953D3295E8} - System32\Tasks\avabvbavad => C:\Users\Malu\AppData\Local\avabvbavad\avabvbavad.exe [2015-06-03] () <==== ACHTUNG
Task: {1B289F3E-C4F9-45EF-B3A8-0F3E9092CE37} - System32\Tasks\BPEOCNXY1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe [2015-11-29] (TomorrowGames) <==== ACHTUNG
Task: {1EE5C823-BD4E-46D5-AA7B-8406C5852614} - System32\Tasks\crash_service => C:\Users\Malu\AppData\Local\BoBrowser\Application\crash_service.exe <==== ACHTUNG
Task: {29ABB239-7F81-4B0B-9D49-EE451836F655} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2015-10-27] (Goobzo) <==== ACHTUNG
Task: {38C78724-A4E3-4EAB-98B4-C15BEA26002B} - System32\Tasks\Togva => C:\PROGRA~1\GROOVE~1\Suuigba.bat
Task: {3D495B36-9F99-4086-92BC-9433CD9211D7} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe [2015-10-27] () <==== ACHTUNG
Task: {49E8E062-5E64-4C8E-91E7-990F78399A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {5A54D4EC-FF2B-4917-8462-8D611D31358E} - System32\Tasks\bvxvdxvx => C:\Users\Malu\AppData\Local\bvxvdxvx\bvxvdxvx.exe [2015-09-06] () <==== ACHTUNG
Task: {5ADC16C2-7AB1-4086-9D1A-7C8AB0A75C8F} - System32\Tasks\Run_Bobby_Browser => C:\Users\Malu\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ACHTUNG
Task: {5B4C947D-D6BB-4310-BB0E-4769A5E5DB78} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001UA => C:\Users\Malu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-30] (Facebook Inc.)
Task: {6482CAA0-4306-4A04-83AB-80876E062CAE} - System32\Tasks\AdobeAAMUpdater-1.0-DeepThought-Malu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {79A9CB57-E2B2-43B0-9E51-991C1DC62E11} - System32\Tasks\updateTask => c:\task.vbs [2015-12-11] ()
Task: {828E4E56-EA55-419C-B271-D26C2DE1CBEE} - System32\Tasks\runTask => C:\Users\Malu\AppData\Local\Temp/Updater.exe
Task: {8B522E8B-14ED-4972-9457-B74F0AD1B56F} - System32\Tasks\bvxvgxvyy => C:\Users\Malu\AppData\Local\bvxvgxvyy\bvxvgxvyy.exe [2015-10-25] () <==== ACHTUNG
Task: {8C56D80C-6636-41FA-8A64-4C17FB0DF758} - System32\Tasks\avabvdxvy => C:\Users\Malu\AppData\Local\avabvdxvy\avabvdxvy.exe [2015-06-21] () <==== ACHTUNG
Task: {90342544-10C0-41FC-BE29-BDD91DCAF9AD} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ACHTUNG
Task: {92559844-0CA5-4E51-91AB-CFD6E25E6E83} - System32\Tasks\Extension Logo => Rundll32.exe "C:\Users\Malu\AppData\Local\Extension Logo\{B9200A34-83C8-7E2D-4E22-7153D10C3B5D}\ExtensionLogo.dll",#1 <==== ACHTUNG
Task: {98680B4D-BE40-4306-95CF-A5F769D0187D} - System32\Tasks\avabvbyvyc => C:\Users\Malu\AppData\Local\avabvbyvyc\avabvbyvyc.exe [2015-05-31] () <==== ACHTUNG
Task: {99E82D1B-5659-4844-8F3F-7972ABE117FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001Core => C:\Users\Malu\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {9D4134E9-A7EE-4D32-9973-E222784AD1BA} - System32\Tasks\bvxvexvbg => C:\Users\Malu\AppData\Local\bvxvexvbg\bvxvexvbg.exe [2015-09-21] () <==== ACHTUNG
Task: {A6627E98-6FEF-4F4C-BD67-9B74A1C00AA1} - System32\Tasks\avaavaevy => C:\Users\Malu\AppData\Local\avaavaevy\avaavaevy.exe [2015-04-12] () <==== ACHTUNG
Task: {A72CE455-C2FB-4F42-9843-50D6955DFA86} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2015-11-20] () <==== ACHTUNG
Task: {A7559CBE-B072-40BE-A313-856BC156AEDE} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2015-10-27] (Goobzo LTD) <==== ACHTUNG
Task: {AB04B88F-9713-423E-ADE8-0AB52BE30D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {AD3AE094-53BF-4A53-B655-AD311FD746BE} - System32\Tasks\avaavxvyex => C:\Users\Malu\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ACHTUNG
Task: {AFC8F698-58F6-4E9A-A7E8-F50A4D4C1A67} - System32\Tasks\avayvaxvaa => C:\Users\Malu\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2015-02-19] () <==== ACHTUNG
Task: {B5EF228C-D98D-4BC2-B30B-AA752F5C0DB1} - System32\Tasks\SPBIW_UpdateTask_Time_333636313739323936372d6c555a6c5b5a32572d413434 => C:\WINDOWS\system32\wscript.exe [2014-10-29] (Microsoft Corporation)
Task: {B6821E4C-2403-4C7B-8E1E-D46600CA39EF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {B9148C25-08DF-4044-A183-441CCB1B5F7C} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ACHTUNG
Task: {BA0C0E53-2AE0-4512-964E-29DBDC007D29} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RCP\RegCleanPro.exe [2015-11-20] () <==== ACHTUNG
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C8E45A24-6DE1-4885-87FC-06A92ED6E03F} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-10-22] (Goobzo) <==== ACHTUNG
Task: {CB1BBC10-5CFB-4152-8435-91DA28B965BB} - System32\Tasks\Extension Logo2 => Rundll32.exe "C:\Users\Malu\AppData\Local\Extension Logo\{B9200A34-83C8-7E2D-4E22-7153D10C3B5D}\tydjcl.dll",#1 <==== ACHTUNG
Task: {D4731FEC-1B98-495F-A047-4F17F9D7FB3A} - System32\Tasks\avabvexvac => C:\Users\Malu\AppData\Local\avabvexvac\avabvexvac.exe [2015-07-02] () <==== ACHTUNG
Task: {E13C036C-9386-497A-9056-EFE6B6D3D4C2} - System32\Tasks\bvxvbxvd => C:\Users\Malu\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ACHTUNG
Task: {E348924E-2047-4439-AAC8-6DE60854BD39} - System32\Tasks\DailyPCClean Schedule => C:\Program Files (x86)\DailyPCClean\OSPCSchedule.exe <==== ACHTUNG
Task: {E73B6C69-9649-4849-A849-8B4E69210FBD} - System32\Tasks\avayvaxxvae => C:\Users\Malu\AppData\Local\avayvaxxvae\avayvaxxvae.exe [2015-03-04] () <==== ACHTUNG
Task: {EAD30EAC-679C-4608-82CA-BD8D15578831} - System32\Tasks\avabvyxvdy => C:\Users\Malu\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2015-04-28] () <==== ACHTUNG
Task: {EB35CCAD-16DD-4BD3-9316-E8E3AD3B66A7} - System32\Tasks\{E5F8C96D-E75E-4A58-877F-FB9BFBEC8ED7} => pcalua.exe -a C:\Users\Malu\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ACHTUNG
Task: {EF6B5C49-2BF1-4B7E-9004-FB5FCBF8C5DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001UA => C:\Users\Malu\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {F84178A6-5F54-43DC-9A41-FAF40D2EC6F5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001Core => C:\Users\Malu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-30] (Facebook Inc.)
Task: {F9983384-8ED0-4600-B5A1-AD78B20BE9D5} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2015-12-01] ()
Task: {FB288B01-8263-4409-A2E4-69FD543246F5} - System32\Tasks\bvxvhxvh => C:\Users\Malu\AppData\Local\bvxvhxvh\bvxvhxvh.exe [2015-11-15] () <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\BPEOCNXY1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\CJATHEEUKPPTKHQQ.job => C:\ProgramData\Service1104\Service1104.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001Core.job => C:\Users\Malu\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001UA.job => C:\Users\Malu\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001Core.job => C:\Users\Malu\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2714434453-329265641-3205536515-1001UA.job => C:\Users\Malu\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_333636313739323936372d6c555a6c5b5a32572d413434.job => Wscript.exe S/B C:\ProgramData\ShopperPro\spbihe.js spbiu.exe <==== ACHTUNG
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Malu\Desktop\Chrome App Launcher.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1449310606&a=1008661&src=sh&uuid=d721439e-2a5c-45ae-bab6-3357a5b99e4b" --disable-quic
ShortcutWithArgument: C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC5zftpbl2,786d2b74-bd39-4b90-9b21-f75ece0a0bcc,
ShortcutWithArgument: C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC5zftpbl2,786d2b74-bd39-4b90-9b21-f75ece0a0bcc,
ShortcutWithArgument: C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1449310606&a=1008661&src=sh&uuid=d721439e-2a5c-45ae-bab6-3357a5b99e4b"
ShortcutWithArgument: C:\Users\Malu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC5zftpbl2,786d2b74-bd39-4b90-9b21-f75ece0a0bcc,
ShortcutWithArgument: C:\Users\Malu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1449310606&a=1008661&src=sh&uuid=d721439e-2a5c-45ae-bab6-3357a5b99e4b"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC5zftpbl2,786d2b74-bd39-4b90-9b21-f75ece0a0bcc, --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1449310606&a=1008661&src=sh&uuid=d721439e-2a5c-45ae-bab6-3357a5b99e4b"
ShortcutWithArgument: C:\Users\Public\Desktop\Play Games.lnk -> C:\Windows\System32\OpenWith.exe (Microsoft Corporation) -> hxxp://www.gumigun.com/
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-12-05 11:38 - 2015-12-05 12:21 - 00375144 _____ () C:\WINDOWS\system32\Sifgaykb64.dll
2015-10-13 13:20 - 2015-10-13 13:20 - 00142336 _____ () C:\Users\Malu\AppData\Local\B84FECC0-1450288439-81F6-2975-7054D279E98C\qnsjC995.tmp
2015-12-11 17:23 - 2015-12-11 17:23 - 00642048 _____ () C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\knsu494F.tmp
2015-12-05 11:18 - 2015-12-05 11:18 - 00134656 _____ () C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\hnsc6D5.tmp
2015-12-05 11:18 - 2015-12-05 11:18 - 00307200 _____ () C:\Program Files (x86)\B84FECC0-1449310680-81F6-2975-7054D279E98C\jnsdE244.tmp
2013-10-27 08:03 - 2013-10-27 08:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-16 23:45 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-27 19:21 - 2015-10-27 19:21 - 01684480 _____ () C:\Program Files\Common Files\ShopperPro\spbici64.dll
2015-12-11 18:28 - 2015-12-11 10:41 - 03276976 _____ () C:\Users\Malu\AppData\Local\gmsd_de_005010173\upgmsd_de_005010173.exe
2015-12-11 17:21 - 2015-11-20 19:27 - 09693616 _____ () C:\Program Files (x86)\RCP\RegCleanPro.exe
2015-12-05 11:56 - 2015-10-27 19:23 - 03225088 _____ () C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe
2015-12-10 18:29 - 2015-12-09 12:03 - 04337840 _____ () C:\Program Files (x86)\gmsd_de_005010171\gmsd_de_005010171.exe
2015-12-11 18:28 - 2015-12-11 10:41 - 03613360 _____ () C:\Program Files (x86)\gmsd_de_005010173\gmsd_de_005010173.exe
2015-10-27 19:19 - 2015-10-27 19:19 - 01333760 _____ () C:\Program Files\Common Files\ShopperPro\spbici32.dll
2015-12-05 11:16 - 2015-12-05 11:16 - 00012288 _____ () C:\Users\Malu\AppData\Local\Extension Logo\{B9200A34-83C8-7E2D-4E22-7153D10C3B5D}\tydjcl.dll
2015-12-05 11:16 - 2015-12-05 11:16 - 00010752 _____ () C:\Users\Malu\AppData\Local\Extension Logo\{B9200A34-83C8-7E2D-4E22-7153D10C3B5D}\{946FBB4F-FBF2-0A01-4A5D-F2B1166A5F12}.dat
2015-12-05 11:16 - 2015-12-05 11:16 - 00025600 _____ () C:\Users\Malu\AppData\Local\Extension Logo\{B9200A34-83C8-7E2D-4E22-7153D10C3B5D}\ExtensionLogo.dll
2015-12-10 18:48 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-10 18:48 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2013-10-27 08:03 - 2013-10-27 08:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\adiprbij.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\adovztxo.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\aefckgxo.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\anoftmvm.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atndwzeq.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcgjpgjk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bolcveum.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bupdfcfo.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cavfkzjh.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cgbgqwep.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cgzialpl.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clxdprmy.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ddoyikah.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dvkxatgd.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eflxllug.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\efndckgk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\emqxiqgi.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\enqpvmsi.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\euosaxkk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\evspkswn.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fkhxppdj.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fuvwojte.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fyzwlgnm.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gghxqkuk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gkritwan.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gtohapbd.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\guwrfjde.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gwmreagx.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gxlcvehv.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gyppgfsb.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iewpbaww.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iflxooyg.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iyterdfq.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\jdoqjete.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\jdwnkeeq.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\jvnlofrj.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\klvdqtzz.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksqcxkzz.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lbaiurht.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ldcxgvnz.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ldvsmxvl.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\leemswjk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lyxgqect.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpfjqgiu.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mspjwovt.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mxlaggjl.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mxqxxqnd.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nbfmmwbu.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nckuqdmk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\odqkmoha.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\okswlbnr.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\olrcdlza.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ovfhgxoi.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\owipnvvg.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pllwolbc.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\poojpavr.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pvxzwonk.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qeoizlat.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qnivrdcm.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qujgpnis.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qvpryymy.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qvulyziy.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcrjnwwj.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\roccjcip.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rxzatqqw.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rymgplwa.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rywqulwv.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sghhzdka.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\smmzihdm.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\svkumskz.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\syrxyrxd.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdqykoph.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tikklefv.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tixjjvvn.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tomguehu.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\upukcqfh.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\uqmfiqgx.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vjdutrrr.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wbauwoyw.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsqtsnmf.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wvbfteho.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wvvgsnjs.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xdzislbx.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\yjdnzchn.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ytdmxsuy.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ywcczpzr.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\zbfhyiop.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\zrdcnaql.sys:changelist
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Malu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2714434453-329265641-3205536515-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_92870E185E9362197FE41C781BB1920C"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "InetStat"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "KakaoTalk"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "BoBrowser"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "DeskBar"
HKU\S-1-5-21-2714434453-329265641-3205536515-1001\...\StartupApproved\Run: => "YTDownloader"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{50FA8C1D-58EA-4C79-A480-AD8D25BD8BCA}C:\users\malu\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\malu\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{082645C6-7E58-4D37-9C9A-61E77F8C0125}C:\users\malu\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\malu\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{03801AA7-B0E3-4E58-81DD-389D959583AB}C:\users\malu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\malu\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E6D51A29-35A8-4FFC-98EC-365144D809FC}C:\users\malu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\malu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{184FD9F4-12EB-49C2-9AAD-B3CF105BD5F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{88CC53DF-1A91-4C01-8607-AE5F3BEF17FA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{32EA9A9B-52C8-40FB-92B1-F26E861E2C8C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E266D172-4B10-4A5B-8F02-BFF509DFF67C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7DFDBCB0-7DBE-4254-91AA-96619F00E1DF}] => (Allow) C:\Users\Malu\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{B0787A09-A0D3-44D1-B45A-076B717FEB63}C:\users\malu\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\malu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ED4B0950-7068-4CD2-8BCD-CE27D8BB3F8D}C:\users\malu\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\malu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{64954D39-275D-4465-949D-48B3914F03AF}] => (Allow) C:\Users\Malu\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A5656D67-443D-4680-891D-5CACDF9FA841}] => (Allow) C:\Users\Malu\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FE239783-2B35-4B31-A06A-8537294B2FE3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD5754AD-B99E-4721-988C-A6207F920C4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF6CE842-DA4B-4022-B07D-D68F41B2DE6F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B72AC4CB-F085-4169-98DE-E5C497FAAF1B}] => (Allow) LPort=2869
FirewallRules: [{029C80C3-CA5E-4E9B-9F84-8561E01ECAC7}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{92A05E73-BFBD-4252-9B94-8E2882B81464}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FD8B5D77-A182-4889-A445-4C7BA48D902B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1AD10E71-9EE5-4FAD-9DA2-7A1520695CFC}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{A611CE40-962B-4A13-A206-A122171BFE2F}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{49BA95A8-8BE8-48A5-9F65-C5BE72EB9730}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{7451D37B-7242-48F5-A214-1B3D7B27C356}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{49D12BA6-BBC6-4EEA-A9C6-ACAEF5E76274}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C25D46D0-7EAC-4E8E-9434-DA119A2BAB93}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BC44689B-4C5D-4EE1-BE54-9E7FD8B403ED}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{9AF8D0DB-4A40-48AE-8E61-F83C57DB8586}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{49D6E0F8-F310-4C4E-B94F-707A213C6B7A}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{421D1BD8-0B03-4095-BB35-417A0FDFBD29}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{A9A70D40-2E2E-43CB-A108-706DCFD3813F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
23-12-2015 19:25:37 Geplanter Prüfpunkt
16-01-2016 13:25:28 Geplanter Prüfpunkt
03-02-2016 18:41:17 Removed Microsoft Silverlight
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/03/2016 06:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x13694
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5
Error: (02/03/2016 06:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RegCleanPro.exe, Version 7.2.72.284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 40b90
Startzeit: 01d15ea8facce3d6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\RCP\RegCleanPro.exe
Berichts-ID: d985760e-ca9c-11e5-bec3-7054d279e98c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/03/2016 06:33:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x3c868
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5
Error: (01/28/2016 06:33:05 PM) (Source: Google Update) (EventID: 20) (User: DEEPTHOUGHT)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (01/28/2016 06:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x86178
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5
Error: (01/26/2016 05:16:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x84058
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5
Error: (01/23/2016 12:33:05 PM) (Source: Google Update) (EventID: 20) (User: DEEPTHOUGHT)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (01/23/2016 11:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x7e014
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5
Error: (01/16/2016 12:33:05 PM) (Source: Google Update) (EventID: 20) (User: DEEPTHOUGHT)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
Error: (01/16/2016 12:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x562fc085
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x74e48
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5
Systemfehler:
=============
Error: (02/03/2016 06:45:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BrsHelper" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/03/2016 06:43:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Util Super Great" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/27/2015 02:53:24 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/26/2015 11:05:53 AM) (Source: Ntfs) (EventID: 138) (User: )
Description: Bei "C:\" wurde vom Transaktionsressourcen-Manager ein schwerwiegender Fehler festgestellt, und er wurde heruntergefahren. Der Fehlercode ist in den Daten enthalten.
Error: (12/26/2015 10:31:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Desktop Upload" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/26/2015 10:21:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Web Enhancer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/26/2015 10:21:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Paitd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/26/2015 10:21:06 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Error: (12/26/2015 10:21:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.12.2015 um 18:37:38 unerwartet heruntergefahren.
Error: (12/23/2015 04:57:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Desktop Upload" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2015-12-05 11:41:38.087
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:35:41.868
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:34:52.934
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:34:21.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:33:30.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:29:00.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:29:00.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:26:00.812
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:26:00.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 11:26:00.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 3977.03 MB
Verfügbarer physikalischer RAM: 2607.6 MB
Summe virtueller Speicher: 9097.03 MB
Verfügbarer virtueller Speicher: 7558.43 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:869.02 GB) (Free:536.67 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3E99AF5C)
Partition: GPT.
==================== Ende von Addition.txt ============================
Liebe Grüße Repstef |
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
dann auf 
und dann auf 
. 