| losprimeros | 15.10.2017 08:49 |
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2017
durchgeführt von Cosmas (Administrator) auf NIETZSCHE (15-10-2017 09:45:05)
Gestartet von C:\Users\Cosmas\Desktop
Geladene Profile: Cosmas (Verfügbare Profile: Cosmas)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
konnte nicht auf den Prozess zugreifen -> openvpn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\Cosmas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163776 2017-08-12] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Run: [HP ENVY 5530 series (NET) #2] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Run: [Spotify Web Helper] => C:\Users\Cosmas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1449584 2017-05-14] (Spotify Ltd)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Run: [Spotify] => C:\Users\Cosmas\AppData\Roaming\Spotify\Spotify.exe [6997104 2017-05-14] (Spotify Ltd)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\MountPoints2: {5a2f1231-4bfc-11e7-bebb-b4b52fcbceb0} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\MountPoints2: {6a3de5e0-a2e7-11e6-be97-b4b52fcbceb0} - "H:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\MountPoints2: {7a00a858-a549-11e7-bec9-b4b52fcbceb0} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4D97C0BD-B79F-4AE5-8717-33A3FED7D427}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4DADFBF7-BA92-445F-9E8C-C86CCAC64971}: [DhcpNameServer] 185.156.172.178 185.93.180.131 83.143.245.42
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {261017D3-9F82-472E-AA6F-54D79A522AF7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {261017D3-9F82-472E-AA6F-54D79A522AF7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2930019164-631451584-1442057302-1001 -> {261017D3-9F82-472E-AA6F-54D79A522AF7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2930019164-631451584-1442057302-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2930019164-631451584-1442057302-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-31] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-31] (Oracle Corporation)
BHO-x32: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: m2sjsvdk.default
FF ProfilePath: C:\Users\Cosmas\AppData\Roaming\Mozilla\Firefox\Profiles\m2sjsvdk.default [2017-09-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2930019164-631451584-1442057302-1001: @phonostar.de/Deutschlandradio-Recorder -> C:\Program Files (x86)\Deutschlandradio-Recorder\npphonostarDetectNP.dll [Keine Datei]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.de/
CHR StartupUrls: Default -> "hxxps://www.google.de/","hxxp://www.mystartsearch.com/?type=hp&ts=1429435474&from=cor&uid=ST31000524AS_9VPFPKH3"
CHR NewTab: Default -> Active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.0.3
CHR DefaultSearchKeyword: Default -> ecosia
CHR DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=de
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default [2017-10-15]
CHR Extension: (ProxFlow) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-07-14]
CHR Extension: (Google Präsentationen) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-14]
CHR Extension: (Google Docs) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-14]
CHR Extension: (Google Drive) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-14]
CHR Extension: (Open with Microsoft Office Online Viewer) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld [2017-07-14]
CHR Extension: (YouTube) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (Ecosia) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2017-07-14]
CHR Extension: (Google Tabellen) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-14]
CHR Extension: (AdBlock) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-23]
CHR Extension: (Auto-HD für YouTube™) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2017-07-14]
CHR Extension: (Top Eleven) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2017-07-14]
CHR Extension: (Ghostery) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Google Mail) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15]
CHR Profile: C:\Users\Cosmas\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-09-10] (Overwolf LTD)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-02-03] (Power Admin LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 MpKslde08972d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0E7FD55A-417A-4BED-8606-77DCDA7E6D0C}\MpKslde08972d.sys [58120 2017-10-01] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-11-14] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U0 aswVmm; kein ImagePath
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-15 09:45 - 2017-10-15 09:45 - 000022125 _____ C:\Users\Cosmas\Desktop\FRST.txt
2017-10-15 09:43 - 2017-10-15 09:45 - 000000000 ____D C:\FRST
2017-10-15 09:42 - 2017-10-15 09:42 - 002402304 _____ (Farbar) C:\Users\Cosmas\Desktop\FRST64.exe
2017-10-15 09:32 - 2017-10-15 09:32 - 000899584 _____ (Farbar) C:\Users\Cosmas\Desktop\FSS.exe
2017-10-13 21:14 - 2017-10-13 21:18 - 000000000 ____D C:\Users\Cosmas\Desktop\Hainbach
2017-10-07 00:11 - 2017-10-07 00:12 - 000000034 _____ C:\Users\Cosmas\Desktop\Neues Textdokument.txt
2017-09-29 19:51 - 2017-09-29 19:51 - 000000000 ____D C:\Users\Cosmas\Documents\Aufnahmen
2017-09-28 12:15 - 2017-09-28 12:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-28 11:29 - 2017-09-28 11:29 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-25 11:24 - 2017-09-25 11:24 - 000000032 _____ C:\Users\Cosmas\Desktop\google_key.txt
2017-09-20 10:04 - 2017-08-13 21:48 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-20 10:04 - 2017-08-13 19:52 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-20 10:04 - 2017-08-13 19:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-20 10:04 - 2017-08-13 18:33 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-20 10:04 - 2017-08-11 04:54 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-20 10:04 - 2017-08-11 04:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-20 10:04 - 2017-08-11 04:20 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-20 10:04 - 2017-08-11 04:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-20 10:04 - 2017-08-11 03:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-20 10:04 - 2017-08-06 23:50 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-09-20 10:04 - 2017-08-06 23:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-20 10:04 - 2017-08-06 23:13 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-20 10:04 - 2017-08-06 09:08 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-20 10:04 - 2017-08-02 04:19 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-09-20 10:04 - 2017-08-01 10:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-09-18 11:34 - 2017-09-18 11:34 - 000000570 _____ C:\Users\Cosmas\Desktop\start_windows.exe.lnk
2017-09-17 11:30 - 2017-09-17 11:30 - 000002250 _____ C:\Users\Cosmas\AppData\Local\recently-used.xbel
2017-09-17 10:48 - 2017-09-17 10:48 - 000000784 _____ C:\Users\Public\Desktop\Windows Repair Toolbox.lnk
2017-09-15 22:23 - 2017-09-15 22:23 - 000000810 _____ C:\Users\Cosmas\Desktop\Tor.lnk
2017-09-15 09:12 - 2017-09-15 09:12 - 000000000 ____D C:\Users\Cosmas\AppData\Local\{5332B1D2-C7B4-45C3-822D-CF211C6CAA69}
2017-09-15 07:23 - 2017-09-15 07:23 - 000000000 ____D C:\ProgramData\MB3Migration
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-15 09:03 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-15 08:41 - 2016-10-25 17:51 - 000000000 ____D C:\Users\Cosmas\AppData\Local\ClassicShell
2017-10-15 08:35 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2017-10-15 07:55 - 2016-10-25 17:45 - 000000000 ___RD C:\Users\Cosmas\OneDrive
2017-10-14 11:28 - 2016-10-24 11:28 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2930019164-631451584-1442057302-1001
2017-10-13 21:18 - 2016-10-24 14:28 - 000000000 ____D C:\Users\Cosmas\AppData\Roaming\Mp3tag
2017-10-13 21:14 - 2014-11-21 05:35 - 001973344 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-13 21:14 - 2014-11-21 04:45 - 000835122 _____ C:\WINDOWS\system32\perfh007.dat
2017-10-13 21:14 - 2014-11-21 04:45 - 000188796 _____ C:\WINDOWS\system32\perfc007.dat
2017-10-06 16:03 - 2016-10-26 11:59 - 000000000 ____D C:\Users\Cosmas\AppData\Local\ElevatedDiagnostics
2017-10-02 17:18 - 2016-12-06 22:34 - 000000000 ____D C:\Users\Cosmas\AppData\LocalLow\Mozilla
2017-10-02 07:00 - 2016-10-24 13:49 - 010091008 ___SH C:\Users\Cosmas\Desktop\Thumbs.db
2017-09-30 09:49 - 2017-08-01 08:20 - 000000000 ____D C:\PatchMyPCUpdates
2017-09-29 22:29 - 2016-10-26 14:22 - 000000000 ____D C:\Program Files (x86)\Riot Games
2017-09-29 22:01 - 2017-09-10 08:43 - 000000000 ____D C:\Users\Cosmas\AppData\Local\Overwolf
2017-09-29 21:46 - 2016-11-15 17:52 - 000000000 ____D C:\Users\Cosmas\AppData\Local\Battle.net
2017-09-29 21:46 - 2016-11-15 17:49 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-29 18:35 - 2017-05-14 12:25 - 000000000 ____D C:\Users\Cosmas\AppData\Local\Spotify
2017-09-29 18:35 - 2017-05-14 12:24 - 000000000 ____D C:\Users\Cosmas\AppData\Roaming\Spotify
2017-09-29 18:29 - 2017-02-16 15:38 - 000000000 ____D C:\Users\Cosmas\Desktop\tumblr backup
2017-09-28 12:15 - 2016-11-28 20:14 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-28 12:11 - 2016-10-24 13:42 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-28 12:09 - 2017-01-18 08:40 - 000000887 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2017-09-28 12:09 - 2016-10-24 11:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-28 11:30 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-28 11:29 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-28 11:28 - 2016-10-26 08:36 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-27 07:50 - 2016-10-24 11:25 - 000002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-23 16:43 - 2016-10-30 08:17 - 001260032 ___SH C:\Users\Cosmas\Downloads\Thumbs.db
2017-09-23 12:37 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-23 12:37 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-20 12:21 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2017-09-20 11:50 - 2017-02-05 10:38 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-20 11:50 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-20 11:49 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-09-20 10:13 - 2016-10-26 12:10 - 000000000 ____D C:\Users\Cosmas\AppData\Local\CrashDumps
2017-09-20 10:12 - 2017-09-10 08:43 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-20 09:57 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-17 17:42 - 2016-10-24 14:24 - 000000000 ____D C:\Users\Cosmas\AppData\Local\gtk-2.0
2017-09-17 14:21 - 2016-11-15 17:49 - 000000000 ____D C:\Users\Cosmas\AppData\Roaming\Battle.net
2017-09-17 10:48 - 2016-10-24 11:29 - 000000000 ____D C:\Windows_Repair_Toolbox
2017-09-17 10:48 - 2016-10-24 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox
2017-09-17 10:44 - 2016-10-27 06:02 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-17 10:44 - 2016-10-24 11:00 - 000258489 ____N C:\WINDOWS\Minidump\091717-39937-01.dmp
2017-09-15 07:23 - 2016-10-24 11:59 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-09-17 11:30 - 2017-09-17 11:30 - 000002250 _____ () C:\Users\Cosmas\AppData\Local\recently-used.xbel
2016-11-14 15:11 - 2017-01-21 14:20 - 000007605 _____ () C:\Users\Cosmas\AppData\Local\resmon.resmoncfg
2016-10-28 07:31 - 2016-10-28 07:31 - 000000057 _____ () C:\ProgramData\Ament.ini
Einige Dateien in TEMP:
====================
2017-07-19 13:19 - 2017-03-31 10:26 - 003698888 _____ (Foxit Corporation) C:\Users\Cosmas\AppData\Local\Temp\FoxitUpdater.exe
2017-07-06 08:02 - 2017-07-06 08:02 - 019047848 _____ (Ellora Assets Corporation ) C:\Users\Cosmas\AppData\Local\Temp\FreemakeAudioConverterFull.exe
2017-07-19 13:11 - 2017-07-19 13:11 - 000739904 _____ (Oracle Corporation) C:\Users\Cosmas\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-07-25 13:25 - 2017-07-25 13:25 - 000065280 _____ () C:\Users\Cosmas\AppData\Local\Temp\utils.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-06 09:35
==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-10-2017
durchgeführt von Cosmas (15-10-2017 09:45:56)
Gestartet von C:\Users\Cosmas\Desktop
Windows 8.1 (Update) (X64) (2016-10-25 15:41:31)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2930019164-631451584-1442057302-500 - Administrator - Disabled)
Cosmas (S-1-5-21-2930019164-631451584-1442057302-1001 - Administrator - Enabled) => C:\Users\Cosmas
Gast (S-1-5-21-2930019164-631451584-1442057302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2930019164-631451584-1442057302-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Bitcoin Core (64-bit)) (Version: 0.14.1 - Bitcoin Core project)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CPUID CPU-Z 1.81 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81 - )
CrystalDiskInfo 7.1.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.1.1 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Freemake Audio Converter Version 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP ENVY 5530 series - Grundlegende Software für das Gerät (HKLM\...\{08CB8BF7-0CCE-4FC2-A475-A985EB11B159}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{F480B3E6-F1CB-426D-AB8F-20D3F819D231}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
League of Legends (HKLM-x32\...\{7C6B1560-A8B1-4AED-BF77-A43713C7726D}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 en-US)) (Version: 52.3.0 - Mozilla)
Mp3tag v2.84a (HKLM-x32\...\Mp3tag) (Version: 2.84a - Florian Heidenreich)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA Grafiktreiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.36.0 - Overwolf Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\Spotify) (Version: 1.0.54.1079.g3809528e - Spotify AB)
Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader HD (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.0000 - Firefly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
TumblRipper (HKLM-x32\...\{39CCA8F3-19C1-4246-B4BA-8174D665407C}_is1) (Version: 2.17 - TumblRipper)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Repair Toolbox version 2.0.0.1 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 2.0.0.1 - Alexandre Coelho)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-07-11] (NVIDIA Corporation)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2017-08-12] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {011792AE-D3A3-48FA-B0BE-20A13E621A22} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-09-10] (Overwolf LTD)
Task: {0465D8D6-1EF9-4763-B5F2-466F2986A747} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {051144FC-F9D5-4CDA-8644-E95ABA6250CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-28] (Microsoft Corporation)
Task: {0B24E985-E1A5-4CFB-9062-BEE174455A52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {10024395-85E2-4CA7-A72E-2B0A83E2F862} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-28] (Microsoft Corporation)
Task: {1BE84D67-5601-448C-AD47-F5B097577DEE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {2B887563-FE31-4D58-80E5-8B3975B57E26} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {2FF3954F-19A6-4DCF-AC0C-CB5AED7D4576} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {340A5844-3F0E-4061-99D0-E9A4C13EE14C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {37FC3D76-CA9D-4C3E-8E73-01AD6B05A92F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {419D2C10-E9EB-42EF-8DAC-1581C1DA953A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {5B7C7FB6-8961-48A0-AC93-B512D00A88DE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {64F44BE8-24DD-4ADA-8E4C-ED3E00704F47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {667E6793-09FD-4B22-9260-4DD49323A741} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {88D0AC68-DC62-488D-A8AF-0A4543D6B129} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {8A291B34-2336-4A80-8345-4564C8B3982B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-28] (Microsoft Corporation)
Task: {8D8CDB19-A939-499C-808C-1F73AAEE41E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-24] (Google Inc.)
Task: {968EAD10-F60F-4D71-B706-566F20318E0E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {99B30D85-9B50-4575-8183-DF5BDDF0BDBB} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe
Task: {BB8B1F83-135A-4DB6-BEC8-A3BF850C991E} - System32\Tasks\HP AR Program Upload - a40567b5d7514292b86d6cab3340aa0203b49d63cf3e429cafeb1457572820e1 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {CFBF5409-B8FE-434D-81B9-F78D770A48A0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {D9422FA6-5FCE-4BF8-BC28-A41D7339A09E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DDF9ABA5-6D44-4D44-9420-FA7AD2801732} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {E076334A-3DC2-4DAF-9216-CF217583D6C5} - System32\Tasks\HP AR Program Upload - 8dcc19d81a1e47ab984056a87af3dfd341409147bba347c989c772f92ea6dec1 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {F865FABA-C195-4869-967B-034B15A5292E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-02-05 10:38 - 2016-07-11 01:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-27 04:19 - 2012-07-18 10:50 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7936 mehr Seiten.
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7936 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2017-06-12 08:58 - 000454512 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15600 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\Control Panel\Desktop\\Wallpaper -> G:\foto\image-1113062-galleryV9-jlex-1113062.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET) #2"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\StartupApproved\Run: => "NetLimiter"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2930019164-631451584-1442057302-1001\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{6FF94DBD-3A26-4D63-B0BD-B8EE050FB487}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3D27E4B-01AA-4E1B-ABC7-5097C2A61F7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{946803F9-583A-4380-A249-B506C7131CE8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4600677A-5638-4E57-9E02-EEFAF1321123}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B05EC1F2-F93D-4824-AC6F-A9EF8C666C73}] => (Allow) LPort=1900
FirewallRules: [{D6F774C1-8248-4E19-9A50-B78D484FE29A}] => (Allow) LPort=2869
FirewallRules: [{5C4F5055-DACA-413A-BB56-7B9E4BA282E1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0180FC42-23DC-4BE3-AD55-5F51A98D35C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81E4A2B2-E204-420B-959D-B1202EB1D5D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9B9ACF-A1E6-4A30-A6FC-261C4E1AD8A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9AB50D8C-0A6E-4D22-A13B-5A19D786D695}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{699B4FCC-8053-4845-8A53-DC0528A05DDE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3A13C450-2316-4A29-998E-4636F00DD290}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{47585041-2044-4304-A8FB-5BBB4F9D4F3C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CB545278-61A5-4CB0-BA6D-4E6A473F14B4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{80684A00-D0F4-4803-AF88-4172CB3C217D}] => (Allow) LPort=5357
FirewallRules: [TCP Query User{E83A30BF-E61B-4DEB-AE19-784842FF0B1F}C:\windows_repair_toolbox\downloads\snappy\sdi_r513\sdi_x64_r513.exe] => (Allow) C:\windows_repair_toolbox\downloads\snappy\sdi_r513\sdi_x64_r513.exe
FirewallRules: [UDP Query User{9DE27AEE-6F69-48F3-92AB-57575606AF19}C:\windows_repair_toolbox\downloads\snappy\sdi_r513\sdi_x64_r513.exe] => (Allow) C:\windows_repair_toolbox\downloads\snappy\sdi_r513\sdi_x64_r513.exe
FirewallRules: [{DAC6C00C-112F-4CB4-9769-52381C8411BB}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{86FAACB8-C842-417D-A6D2-16F9901EE649}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AB7857A3-0AF2-4323-A038-C53C90838BF9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{033CEC4C-4E0D-4D6C-B641-F3B7AB948079}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F1536818-84EF-42E0-AF3D-6E4E6B04BB1C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C2410873-24FC-41C4-B4D4-B4283EAB3659}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [{B321638D-954F-4055-847E-42838A2DDCA8}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe
FirewallRules: [TCP Query User{857769D1-7176-4CF1-9127-DC89B3EE9801}C:\users\cosmas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\cosmas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8DF62943-9AD0-497F-ABCA-262A72BD003C}C:\users\cosmas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\cosmas\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5C989A1E-2F16-4EA9-8A23-CAAFAF7B02F0}C:\program files\bitcoin\bitcoin-qt.exe] => (Block) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{9D2F8476-F6D0-4643-BBF9-A55F361AFB0D}C:\program files\bitcoin\bitcoin-qt.exe] => (Block) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{D05F7E47-F086-49FB-AA9E-0B37F1E3097B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{387683C0-C1CA-47CB-9B24-9E448ED9BCB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B98EC84-B8F8-4E0C-A95C-5801094903CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{57490A19-1B6B-4195-AB4A-F6BCEF6FBE8D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{801B78D0-5038-40AF-B1E6-951247A6CA26}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CE73D48E-F0E4-4DC6-BB52-15497B6C4733}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{11C18E11-F32F-4018-A8E3-C079CFE84B05}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A050D621-898F-48F1-ABD7-DB9244FBA9A4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C0B8D24B-4958-46D3-A9A2-E116AAE041B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2086F552-A5AA-46BB-BF6C-0C80D26020AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A8280431-1ABA-4C77-8976-ED8D25110DF1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
28-09-2017 12:17:21 Revo Uninstaller's restore point - TAP-Windows 9.21.2
29-09-2017 12:45:32 Revo Uninstaller's restore point - Ultra Defragmenter
10-10-2017 09:04:36 Revo Uninstaller's restore point - CyberGhost 6
10-10-2017 09:10:29 Revo Uninstaller's restore point - Deutschlandradio-Recorder Version 3.03.9
10-10-2017 09:11:20 Revo Uninstaller's restore point - TAP-Windows 9.21.2
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/15/2017 09:44:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.10.2017.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 354
Startzeit: 01d3458952a1d463
Endzeit: 0
Anwendungspfad: C:\Users\Cosmas\Desktop\FRST64.exe
Berichts-ID: 9cded3f4-b17c-11e7-bec9-b4b52fcbceb0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/15/2017 09:43:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 14.10.2017.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2f54
Startzeit: 01d3458938711f37
Endzeit: 0
Anwendungspfad: C:\Users\Cosmas\Desktop\FRST64.exe
Berichts-ID: 8cbd2cc2-b17c-11e7-bec9-b4b52fcbceb0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/14/2017 11:27:20 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/14/2017 11:27:20 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {9A4EFC08-FE0E-439C-90A7-3729869ED6AC}
Error: (10/14/2017 11:27:20 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {9A4EFC08-FE0E-439C-90A7-3729869ED6AC}
Error: (10/12/2017 04:38:17 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/12/2017 04:38:17 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {A09B907E-4A54-4A3F-84BE-6FE590446D3E}
Error: (10/12/2017 04:38:17 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {A09B907E-4A54-4A3F-84BE-6FE590446D3E}
Error: (10/10/2017 06:17:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.18460 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3668
Startzeit: 01d341e27518da6f
Endzeit: 0
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: 3914896c-add6-11e7-bec9-b4b52fcbceb0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/10/2017 09:10:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9ce9d9d6-8af4-4165-9ae0-0479dc373a81}
Systemfehler:
=============
Error: (10/12/2017 07:19:31 AM) (Source: DCOM) (EventID: 10010) (User: NIETZSCHE)
Description: Der Server "{4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/10/2017 06:14:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Error: (10/10/2017 09:07:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 6 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/06/2017 09:01:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (10/06/2017 09:01:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (10/06/2017 09:00:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (10/06/2017 09:00:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (10/04/2017 08:14:08 AM) (Source: DCOM) (EventID: 10010) (User: NIETZSCHE)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/02/2017 07:00:49 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "NIETZSCHE" auf Transport "NetBT_Tcpip_{4D97C0BD-B79F-4AE5-8717-33A3FED7D427}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (10/01/2017 01:09:56 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "NIETZSCHE" auf Transport "NetBT_Tcpip_{4D97C0BD-B79F-4AE5-8717-33A3FED7D427}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
CodeIntegrity:
===================================
Date: 2017-06-07 18:43:03.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-06-07 18:19:19.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-06-07 18:04:29.863
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-06-07 17:56:34.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-06-07 12:25:17.292
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-06-07 12:25:17.176
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-06-07 12:25:17.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.
Date: 2017-06-07 12:25:16.943
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.
Date: 2017-06-07 12:25:16.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-06-07 12:25:16.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 8145.03 MB
Verfügbarer physikalischer RAM: 6323.11 MB
Summe virtueller Speicher: 9111.29 MB
Verfügbarer virtueller Speicher: 6895.79 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:917.6 GB) (Free:625.02 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.34 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (Volume) (Fixed) (Total:1862.89 GB) (Free:1156.84 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8330884F)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
Farbar Service Scanner 
FRST 32-Bit | FRST 64-Bit
Lesestoff: