| |
| |||||||
Log-Analyse und Auswertung: Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
19.05.2017, 17:20
| #1 |
 | ![Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] - Standard](images/icons/icon1.gif){kind=icon} Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Hallo zusammen, ich habe in letzter Zeit mit Malwarebytes immer wieder Funde gehabt. Adware.ChinAd. Habe Sie dann in die Quarantäne verschoben, aber nach ein paar Tagen: das gleiche Spiel von vorn. Avira Antivirus hatte in den letzten Tagen auch Funde mit dem Echtzeitscanner. Hießen aber anders, ('TR/Crypt.XPACK.Gen2 [trojan]') Mein FirefoxBrowser spielt manchmal verrückt:" (Keine Rückmeldung)" wird dann ein paar Sekunden angezeigt und ich kann nichts machen. Im Anschluss läuft alles wieder normal. Außerdem soll ich mein Windows-Konto Passwort erneut eingeben/selbst nach dem Booten und erfolgreicher Anmeldung auf dem Rechner. Habe dies bereits getan, nur leider ändert das nichts an der PC Problem - Meldung unten rechts. Warum das? Ansonsten habe ich keine Einschränkungen, denke auch mein Laptop ist langsam alt. Ich hatte ihn seit 2014 (Erwerb) und seitdem nicht formatiert und schon so einige Virenmeldungen. Damals noch mit Norton. Ich hoffe es sieht nicht allzu schlimm aus!? ;-) beste Grüße Mario hier die Logfiles FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
durchgeführt von h (Administrator) auf NICE (18-05-2017 19:29:37)
Gestartet von C:\Users\h\Downloads
Geladene Profile: h (Verfügbare Profile: h)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
() C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Akamai Technologies, Inc.) C:\Users\h\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\h\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\h\AppData\Local\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [9571552 2016-07-18] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2567568 2015-08-18] ()
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [912768 2017-05-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2796264 2017-04-10] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\h\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Akamai NetSession Interface] => C:\Users\h\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Spotify Web Helper] => C:\Users\h\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Spotify] => C:\Users\h\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {cc58ae22-e978-11e3-bed3-20689d4f0ac8} - "F:\LGAutoRun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-22]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{39EF41FA-3C33-47DF-BEAA-29E4E409FEC8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C9F07D4E-D772-4C2B-BB49-7A21E60ADAE6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F319265E-6219-49D9-BDB2-7326C8156DA6}: [NameServer] 192.168.179.1
Tcpip\..\Interfaces\{F319265E-6219-49D9-BDB2-7326C8156DA6}: [DhcpNameServer] 192.168.179.1
Internet Explorer:
==================
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> DefaultScope {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {4B820E7B-4800-4494-9F54-289747922168} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {78E6EE3E-5CEF-4C57-BF21-F12166C15BB0} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {8411043D-2B58-4FEE-A0F1-D74FBFA013B4} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {C88C548B-49E4-4638-8532-8369AE669CDF} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Keine Datei
BHO-x32: af0.Adblock.BHO -> {90EFF544-3981-4d46-85C9-C0361D0931D6} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
BHO-x32: YouProxy.YouProxy.YouProxy -> {bb4c50c9-d7f0-48ef-a67c-daf6a86830e4} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-08-18] (AVG Secure Search)
FireFox:
========
FF ProfilePath: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441 [2017-05-18]
FF Homepage: Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441 -> hxxps://annaundarthur.wordpress.com/termine/
FF Extension: (Porn Blocker) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\@porn-blocker.xpi [2016-10-21]
FF Extension: (Anti-Porn Pro - The Best Anti-Porn Addon!) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\azhang@cloudacl.com.xpi [2016-10-21]
FF Extension: (Facebook™ Disconnect) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2016-12-02]
FF Extension: (NoScript) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-16]
FF Extension: (Video DownloadHelper) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-11]
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2016-10-15]
FF Extension: (Adblock Plus) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: (Kein Name) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-08-20] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-15] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\h\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\h\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [87088 2017-03-22] (CyberGhost S.R.L)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-24] (Samsung Electronics CO., LTD.)
S3 GMX_MailCheck_Update; C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Update.exe [581352 2017-04-10] (Pixality Computersysteme GmbH)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-03-16] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2017-05-16] ()
R2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-08-18] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 cgnetfilter1521; C:\WINDOWS\System32\drivers\cgnetfilter1521.sys [84768 2017-03-22] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150817.001\IDSvia64.sys [692984 2015-07-10] (Symantec Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-05-18] (Malwarebytes)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2015-07-16] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-12] (Windows (R) 2003 DDK 3790 provider)
S1 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
S1 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-18 19:29 - 2017-05-18 19:31 - 00032333 _____ C:\Users\h\Downloads\FRST.txt
2017-05-18 19:27 - 2017-05-18 19:29 - 00000000 ____D C:\FRST
2017-05-18 19:19 - 2017-05-18 19:19 - 02429952 _____ (Farbar) C:\Users\h\Downloads\FRST64.exe
2017-05-14 00:13 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-14 00:13 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-13 21:42 - 2017-05-13 21:42 - 01496584 _____ C:\Users\h\Downloads\RansomFree Schutz vor WannaCry - CHIP-Installer.exe
2017-05-10 10:01 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 10:01 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-05-10 10:01 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 10:01 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 10:01 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-10 10:01 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 10:01 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-10 10:01 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 10:01 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 10:01 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 10:01 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-10 10:01 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 10:01 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 10:01 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 10:01 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 10:01 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 10:01 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 10:01 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 10:01 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 10:01 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 10:01 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 10:01 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 10:01 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 10:01 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 10:01 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-05-10 10:01 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 10:01 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 10:01 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 10:01 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 10:01 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 10:01 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-10 10:01 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-05-10 10:01 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 10:01 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 10:01 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 10:01 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 10:01 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-05-10 10:01 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-05-10 10:01 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-05-10 10:01 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-10 10:01 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-10 10:01 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-10 10:01 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-05-10 10:01 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-05-10 10:01 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-05-10 10:00 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 10:00 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-05-10 10:00 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 10:00 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 10:00 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 10:00 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 10:00 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-05-10 10:00 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-05-10 10:00 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-05-10 10:00 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 10:00 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 10:00 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 10:00 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 10:00 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 10:00 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 10:00 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 10:00 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-05-10 10:00 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 10:00 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 10:00 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 10:00 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 10:00 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 10:00 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-10 10:00 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-05-10 10:00 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-05-10 10:00 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-05-10 10:00 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-05-10 10:00 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-05-10 10:00 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-10 10:00 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-05-10 10:00 - 2017-03-08 04:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-05-09 22:40 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-05-09 22:40 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-05-09 22:39 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-05-09 22:39 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-05-06 21:44 - 2017-05-06 21:48 - 00000000 ____D C:\Users\TEMP.NICE.000\AppData\Local\Packages
2017-05-06 21:44 - 2017-05-06 21:48 - 00000000 ____D C:\Users\TEMP.NICE.000
2017-05-05 21:35 - 2017-05-18 16:59 - 00000000 ____D C:\Users\h\AppData\Roaming\Skype
2017-05-05 21:35 - 2017-05-05 21:35 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ____D C:\Users\h\Tracing
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-05 21:34 - 2017-05-05 21:35 - 00000000 ____D C:\ProgramData\Skype
2017-05-05 21:30 - 2017-05-05 21:31 - 01631704 _____ (Skype Technologies S.A.) C:\Users\h\Downloads\SkypeSetup.exe
2017-05-05 11:46 - 2017-05-05 11:46 - 00001152 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-05-02 23:28 - 2017-05-02 23:28 - 00000000 ____D C:\Users\h\AppData\Local\My Games
2017-05-02 14:37 - 2017-05-02 14:37 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2017-04-30 21:55 - 2017-04-30 21:55 - 00000000 ____D C:\Users\h\Documents\Electronic Arts
2017-04-30 21:19 - 2017-04-30 21:19 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2017-04-30 21:19 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2017-04-30 21:18 - 2017-04-30 21:18 - 00002110 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2017-04-30 19:30 - 2017-04-30 19:30 - 00000000 ____D C:\Users\h\AppData\Roaming\FUEL
2017-04-30 19:22 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-04-30 19:06 - 2017-04-30 19:06 - 00000000 ____D C:\Users\h\AppData\Roaming\InstallShield Installation Information
2017-04-30 19:05 - 2017-04-30 19:05 - 00000000 ____D C:\Program Files (x86)\Codemasters
2017-04-28 19:51 - 2017-04-28 19:51 - 00000000 ____D C:\Users\h\Documents\Eidos
2017-04-27 21:17 - 2017-04-27 21:52 - 521070080 _____ C:\Users\h\Downloads\farcry_spdemo.exe
2017-04-27 21:08 - 2017-04-27 21:24 - 189377784 _____ (Ubisoft ) C:\Users\h\Downloads\far_cry_v1.4_cumulative.exe
2017-04-27 19:06 - 2017-04-27 19:06 - 01496584 _____ C:\Users\h\Downloads\Far Cry 2 Patch - CHIP-Installer.exe
2017-04-25 00:10 - 2017-04-25 00:27 - 265653440 _____ C:\Users\h\Downloads\GTA2INSTALLER.ZIP
2017-04-25 00:05 - 2017-04-25 00:05 - 01496584 _____ C:\Users\h\Downloads\Grand Theft Auto GTA 2 - CHIP-Installer(2).exe
2017-04-24 21:58 - 2017-05-05 12:16 - 00000000 ____D C:\Users\h\AppData\Local\Spotify
2017-04-24 21:58 - 2017-04-24 21:58 - 00001827 _____ C:\Users\h\Desktop\Spotify.lnk
2017-04-24 21:58 - 2017-04-24 21:58 - 00001813 _____ C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-04-24 21:54 - 2017-05-05 12:07 - 00000000 ____D C:\Users\h\AppData\Roaming\Spotify
2017-04-24 21:54 - 2017-04-24 21:54 - 00278224 _____ (Spotify Ltd) C:\Users\h\Downloads\SpotifySetup.exe
2017-04-24 16:46 - 2017-04-24 16:46 - 00002068 _____ C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
2017-04-21 08:17 - 2017-04-21 08:17 - 00000000 ____D C:\Program Files\GMX MailCheck
2017-04-21 08:16 - 2017-04-21 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2017-04-21 08:16 - 2017-04-21 08:16 - 00000000 ____D C:\Program Files (x86)\GMX MailCheck
2017-04-19 23:00 - 2017-04-19 23:00 - 00000000 ____D C:\ProgramData\UUdb
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-18 19:02 - 2013-04-20 20:26 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-219690849-1002
2017-05-18 19:00 - 2012-08-23 06:25 - 00000000 ____D C:\ProgramData\WinClon
2017-05-18 18:59 - 2015-06-02 18:07 - 00003898 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6BC42FF6-E8FF-496F-834E-72144BBBDEE5}
2017-05-18 18:58 - 2016-12-16 20:09 - 00000000 ____D C:\Users\h\AppData\LocalLow\Mozilla
2017-05-18 18:58 - 2016-11-20 14:04 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-18 18:57 - 2013-04-21 19:29 - 00000000 ____D C:\Users\h\AppData\Local\CrashDumps
2017-05-18 18:56 - 2015-02-10 13:45 - 00000000 ___RD C:\Users\h\OneDrive
2017-05-18 18:56 - 2014-08-29 09:18 - 00000394 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2017-05-18 18:56 - 2014-08-29 09:18 - 00000394 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2017-05-18 18:56 - 2012-08-23 06:32 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2017-05-18 18:53 - 2016-12-22 21:43 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-18 18:53 - 2016-01-08 14:28 - 00002352 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2017-05-18 18:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-18 18:52 - 2013-04-21 21:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-18 18:49 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-05-17 11:40 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-17 09:51 - 2016-12-10 22:30 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-17 09:51 - 2012-08-23 05:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-16 22:18 - 2016-09-28 20:38 - 00000000 ____D C:\Users\h\Documents\My Games
2017-05-16 21:37 - 2017-02-28 21:07 - 02250024 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2017-05-16 21:37 - 2017-02-28 21:07 - 00107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-16 21:37 - 2017-02-28 21:07 - 00107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-05-16 10:24 - 2016-01-09 20:56 - 00000000 ____D C:\Users\h\AppData\Roaming\vlc
2017-05-15 21:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-15 21:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-15 21:22 - 2013-08-03 23:24 - 00004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-15 21:18 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Oracle
2017-05-15 21:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-14 22:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2017-05-14 18:09 - 2016-08-29 10:06 - 00000000 ____D C:\Program Files\Java
2017-05-14 18:09 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-14 18:08 - 2016-08-29 10:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-05-14 00:10 - 2013-08-22 16:44 - 00447488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-13 23:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-13 12:39 - 2015-05-19 23:12 - 00000000 ____D C:\Users\h\Desktop\Kunst
2017-05-10 12:58 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 10:15 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 05:22 - 2013-08-14 12:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-09 22:42 - 2013-04-22 09:57 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-06 21:44 - 2015-08-21 15:35 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-06 17:23 - 2016-12-15 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-06 17:23 - 2013-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-05 21:35 - 2015-02-10 12:43 - 00000000 ____D C:\Users\h
2017-05-05 11:46 - 2015-08-21 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-30 20:45 - 2017-02-25 20:33 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2017-04-27 22:14 - 2016-12-13 22:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-26 00:10 - 2013-04-20 20:15 - 00000000 ____D C:\Users\h\AppData\Local\Packages
2017-04-25 21:06 - 2016-12-10 22:30 - 00000000 ____D C:\Users\h\AppData\Local\Ubisoft Game Launcher
2017-04-24 16:47 - 2017-04-07 20:44 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-04-24 16:46 - 2017-04-07 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-04-24 16:46 - 2017-03-13 10:31 - 00000000 ____D C:\Users\h\AppData\Local\JDownloader 2.0
2017-04-19 23:00 - 2014-11-29 11:48 - 00003856 _____ C:\WINDOWS\System32\Tasks\Registration 1und1 Task
2017-04-19 23:00 - 2013-07-31 17:14 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2017-04-19 10:44 - 2016-11-29 18:41 - 00000000 ____D C:\Program Files (x86)\Deep Silver
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-04-11 20:42 - 2015-04-11 20:42 - 0196076 _____ () C:\Users\h\AppData\Local\38C2540F_stp.CIS
2015-04-11 20:42 - 2015-04-11 20:42 - 0000290 _____ () C:\Users\h\AppData\Local\38C2540F_stp.CIS.part
2015-04-11 20:40 - 2015-04-11 20:40 - 0385602 _____ () C:\Users\h\AppData\Local\5D515C96_stp.CIS
2015-04-11 20:40 - 2015-04-11 20:40 - 0000220 _____ () C:\Users\h\AppData\Local\5D515C96_stp.CIS.part
2015-04-11 20:42 - 2015-04-11 20:42 - 1509462 _____ () C:\Users\h\AppData\Local\69DD7379_stp.CIS
2015-04-11 20:42 - 2015-04-11 20:42 - 0000295 _____ () C:\Users\h\AppData\Local\69DD7379_stp.CIS.part
2015-09-14 22:46 - 2015-09-14 22:46 - 0005120 _____ () C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-10 19:23 - 2017-03-10 19:23 - 0000089 _____ () C:\Users\h\AppData\Local\fusioncache.dat
2016-07-12 10:28 - 2016-07-12 10:28 - 0000844 _____ () C:\Users\h\AppData\Local\recently-used.xbel
2015-01-16 23:33 - 2015-01-16 23:33 - 0000017 _____ () C:\Users\h\AppData\Local\resmon.resmoncfg
2012-08-23 06:42 - 2012-08-08 06:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 06:42 - 2012-08-07 12:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
Einige Dateien in TEMP:
====================
2015-08-21 15:34 - 2016-10-05 22:24 - 0000000 ____D () C:\Users\h\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-18 17:54
==================== Ende von FRST.txt ============================
|
|
19.05.2017, 17:21
| #2 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Addition:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-05-2017
durchgeführt von h (18-05-2017 19:32:53)
Gestartet von C:\Users\h\Downloads
Windows 8.1 (Update) (X64) (2015-02-10 11:33:54)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3774421412-1007907057-219690849-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3774421412-1007907057-219690849-1006 - Limited - Enabled)
Gast (S-1-5-21-3774421412-1007907057-219690849-501 - Limited - Disabled)
h (S-1-5-21-3774421412-1007907057-219690849-1002 - Administrator - Enabled) => C:\Users\h
HomeGroupUser$ (S-1-5-21-3774421412-1007907057-219690849-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
AdblockIE (HKLM-x32\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Adobe Connect 9 Add-in) (Version: 11,2,369,0 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
ArtRage Studio Pro (HKLM-x32\...\{7082E27E-2637-4ED5-9156-E19B57A3B5B0}) (Version: 3.5.4 - Ambient Design)
ArtRage Studio Pro Demo (HKLM-x32\...\{3E0F9DFA-123E-4B6A-928B-621EB333F90A}) (Version: 3.5.4 - Ambient Design)
Autodesk SketchBook Pro 6.0.1 (HKLM-x32\...\{783C27F9-EF0B-4B81-8464-8592AE8CB5B8}) (Version: 6.01.0000 - Autodesk)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.8.0.180 - AVG Technologies)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.26.48 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{897e4d08-9554-48e9-ba07-ce6040867fa3}) (Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.6.5.2921 - Avira Operations GmbH & Co. KG)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Botanicula (HKLM-x32\...\Botanicula) (Version: 1.0 - Daedalic Entertainment)
BrowserDefender (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - Bit89 Inc) <==== ACHTUNG
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP510 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510) (Version: - )
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Corel Painter Essentials 4 (HKLM-x32\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version: - Corel Corporation)
Corel Painter Essentials 4 (x32 Version: 4.2 - Corel Corporation) Hidden
Creativerse (HKLM\...\Steam App 280790) (Version: - Playful Corporation)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4415.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ACHTUNG
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.7.2.1_WHQL (HKLM\...\Elantech) (Version: 11.7.2.1 - ELAN Microelectronic Corp.)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FUEL (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\{F51FF206-2273-4B3E-A90A-4752AE288C12}) (Version: 1.00.0000 - Codemasters)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Windows (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.12.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 4.0.3.0 - 1&1 Mail & Media GmbH)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM\...\Steam App 32510) (Version: - Traveller's Tales)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 45.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.0 (x86 de)) (Version: 45.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MyFreeCodec) (Version: - )
nGlide 1.04 (HKLM-x32\...\nGlide) (Version: 1.04 - Zeus Software)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
oCam Version 370.0 (HKLM-x32\...\oCam_is1) (Version: 370.0 - hxxp://ohsoft.net/)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.4.0 - Samsung Electronics CO., LTD.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version: - Ubisoft)
Spotify (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StuffIt Expander 2011 (HKLM\...\{6B62B973-49F5-4C51-B738-93B56A963417}) (Version: 15.0.1.17 - Smith Micro Software, Inc.)
Support Center (HKLM\...\{332518C0-0D31-4FFA-9D15-24C9C3D70B08}) (Version: 2.0.7 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{3B4E6027-AED5-4169-B030-B450E5A0F396}) (Version: 2.0.14 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
UE4 Prerequisites (x86) (x32 Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 26.1 - Ubisoft)
User Guide (HKLM-x32\...\{039EA659-E421-45C6-8913-BED5D69B5536}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3774421412-1007907057-219690849-1002_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01F6B9A0-CA15-46A3-8E51-4CE1B9F7AFBB} - System32\Tasks\StereoPn => C:\Users\h\AppData\Roaming\StereoPn\sterpn.exe
Task: {0A7D9EFA-2AA9-444B-8114-5F4E9E153961} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-11-05] (CHIP)
Task: {0D2A0A39-FEDF-4FCB-A36E-DA0C9D2C8C2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {154E2819-0A69-4F32-B7E8-9ADE82864295} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {291F679A-E195-4D37-B448-90F0BA73DD07} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {30258BE9-3094-4431-B317-46BC72279FE8} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2016-03-25] (1&1 Mail & Media GmbH)
Task: {3E118B37-9ED6-44ED-BDEC-6F22731F6F7B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-15] (SEC)
Task: {43518753-E4B6-4A80-9BE4-3CD36CE5A964} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {452845B5-540D-43A4-8470-400FF0920B02} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {473ECCD0-938F-4928-9E8D-3BAD79EB68F3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-15] (Adobe Systems Incorporated)
Task: {47AFA574-7503-4D40-80AE-18D62BFA2E13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {4E96A78A-FC15-438D-8E31-CD10F383B9F8} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-29] ()
Task: {5827C3C2-464E-4F28-8AA5-2B09C1A29D53} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-08] (NVIDIA Corporation)
Task: {6F490688-8690-46FA-BBA9-0655E6923BD4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {6FBFF8F1-1F77-42B7-8305-418C5F610A93} - System32\Tasks\{4C645FA7-882A-4228-9C1B-D93CA4171B3D} => pcalua.exe -a C:\Users\h\Downloads\mpnwin303ea22.exe
Task: {70839554-B98C-4FE9-BCD4-D3769E6F70AF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {70DADE89-37B0-4EB3-8DFC-5F9A6BCCBA04} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {7E9114A8-6D68-4B2C-9DBB-00DC4A88FE9B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-09] (Microsoft Corporation)
Task: {8D142124-AC96-4073-BC5E-42BAD90197EE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-05-09] (Microsoft Corporation)
Task: {8E909D3E-984C-48B6-913D-09348AD90993} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-29] ()
Task: {9AA64FD8-7838-43CE-8E19-65C81A1712CC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {AE7CA6C7-E966-45DA-99B5-9872A4FF5F9E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {C0667715-7681-4B61-AB4E-42F1065332A0} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe
Task: {C67A143E-5A1D-440F-BF6D-132AAA9C0202} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {E9E02351-0485-4864-BCDE-BDF92B335A1C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {EC4921E0-CF05-48ED-9CB3-A66D47E194EB} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-22] (Samsung Electronics CO., LTD.)
Task: {F15F162E-EB1F-4A53-AC1B-712E34A2E896} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {F5551DDF-EDD2-4343-892F-875F35116678} - System32\Tasks\Opera scheduled Autoupdate 1479643490 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\h\AppData\Local\Microsoft\Windows\RoamingTiles\14041332540.lnk -> hxxp://www.wdr.de/tv/menschenhautnah
ShortcutWithArgument: C:\Users\h\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\14041332540.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x18da4acc -pinnedTimeHigh 0x01ce6242 -securityFlags 0x00000000 -url 0x00000025 hxxp://www.wdr.de/tv/menschenhautnah/
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-18 20:22 - 2016-07-18 20:22 - 00732056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 20:27 - 2016-07-18 20:27 - 00030464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00068872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00146184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 11625208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03420880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 01005824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00124672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00040192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00986864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00623360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00837872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00111336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00134368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01049856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00901392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01104624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00268016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01630464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00226048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01179384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01377512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00039680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01025784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01205504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02663672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01520872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01457904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03464440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03124472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01327864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00073480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01905408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01031912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00467688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03159808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01313512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01033960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01597680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01170704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00535280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2017-02-28 21:07 - 2017-03-16 20:19 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-02-28 21:07 - 2017-05-16 21:37 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-02-10 12:29 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-16 23:01 - 2017-03-22 09:40 - 00310320 _____ () C:\Program Files\CyberGhost 6\MobileConcepts45.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00093232 _____ () C:\Program Files\CyberGhost 6\CyberGhost.FilterApi.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00025648 _____ () C:\Program Files\CyberGhost 6\BugSplatDotNet.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00121904 _____ () C:\Program Files\CyberGhost 6\CyberGhost.RESTCommunicator.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00169656 _____ () C:\Program Files\CyberGhost 6\Data\Firewall\x64\nfapi.DLL
2016-12-22 21:42 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-08-29 09:18 - 2014-08-29 09:17 - 02782744 _____ () C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
2014-04-03 22:40 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-03-20 08:53 - 2014-03-20 08:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 01016440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-23 06:35 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-23 06:14 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2015-08-10 03:32 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme2\img8.jpg
DNS Servers: 192.168.179.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SketchBook Snapshot.lnk"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "MailCheck IE Broker"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => ""
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9C713605-3EB5-46E4-B424-52A3E5D766ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0870D98B-FDC7-4A27-A89F-50371677BA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A24C5632-491E-4B5D-80E1-23CDC0C43CBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CB46E053-F290-402F-A4BF-F0D363049BD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{62D08DDE-8F1D-42C4-9099-99407693878F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1975958B-27CE-43B2-8FB0-D6BF103A5ABD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{01DBFFF1-270C-46E8-81C0-413DADD35393}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD3A6.tmp\SymNRT.exe
FirewallRules: [{70CA61D4-D7CE-4713-89A4-1BC2A22E84E5}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD3A6.tmp\SymNRT.exe
FirewallRules: [{2575C9E3-D863-4DD1-9DB2-E76BC970B4BE}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSF5B1.tmp\SymNRT.exe
FirewallRules: [{31CBE51D-DBDA-4290-9D76-8CDBD633CD78}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSF5B1.tmp\SymNRT.exe
FirewallRules: [{E38197A5-EF5F-4759-A3DA-46142B05FDA5}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS764B.tmp\SymNRT.exe
FirewallRules: [{F94A81DA-DD84-4600-A895-02C48B3A3EDA}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS764B.tmp\SymNRT.exe
FirewallRules: [{B4BACFFA-4D48-42EF-8244-5F7E81E95883}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD652.tmp\SymNRT.exe
FirewallRules: [{C27A9D61-5E7F-4158-8603-3C64B81B8E6F}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD652.tmp\SymNRT.exe
FirewallRules: [{C7C014EF-5B03-4B7E-8A57-8987A69CF188}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS9283.tmp\SymNRT.exe
FirewallRules: [{C9BBEE2A-3365-45FB-8A06-5C6128ECAF0E}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS9283.tmp\SymNRT.exe
FirewallRules: [{9A3B2BDD-F4C1-466E-A67F-E0BBE2885CDE}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS6817.tmp\SymNRT.exe
FirewallRules: [{B05739E5-F789-42DC-A038-087EDB06FA65}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS6817.tmp\SymNRT.exe
FirewallRules: [{21A46CD5-34F1-4E4F-80F2-F6534AFE817F}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS91DE.tmp\SymNRT.exe
FirewallRules: [{30EA79C5-575A-486F-B01C-0EFB5DE9B68E}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS91DE.tmp\SymNRT.exe
FirewallRules: [{CA55BBBA-8AC8-4937-8E24-0645050AA960}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS5264.tmp\SymNRT.exe
FirewallRules: [{555F5619-A66A-437F-A77F-54B3F0254EF6}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS5264.tmp\SymNRT.exe
FirewallRules: [{7FB3343A-6142-4AED-878B-96D619D5820B}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS3DCD.tmp\SymNRT.exe
FirewallRules: [{599ADED6-DEE3-494C-947E-D1B67D1959DF}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS3DCD.tmp\SymNRT.exe
FirewallRules: [UDP Query User{7FBE3AE7-A874-4D25-9DD0-90DAB24F91EB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{89A29B4E-209D-4146-8C9A-687C7C35640C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{03B97FC0-D857-407A-AEC3-2B03C84BCD2E}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS8098.tmp\SymNRT.exe
FirewallRules: [{B11D91A3-2F1A-4DED-BA7A-BA1E1812B385}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS8098.tmp\SymNRT.exe
FirewallRules: [{237BEAC6-1FFC-47DA-88CC-A6F431BCB4FA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1834F659-CF15-452C-BEEB-A761B0A5EE37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1FB865F4-2014-41C8-BDDA-A9A623CB5C15}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B288242C-A231-4482-81B2-A4CD2AA0C83B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{074B9FFA-BEF4-4AF5-8237-52CEA32409A7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2592DA51-D3E9-4CF5-A89F-BB96ABF527E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{1B4CBF0A-E878-41FD-8034-7CB6964EEA98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5262EBF5-AD3D-40B8-BE66-18FEABA718BC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{699F193A-6751-4539-9A8D-5F178DA0D93C}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{A91B50AD-9C18-4DF7-976F-C9E7A78CF6D1}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{D8AEC545-6F8E-4894-89C4-09569D7AC53D}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{7C50BB3D-1461-4F21-B15B-97BAFDE15B30}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{3F75341D-7C1E-4D84-B694-1CA6BAAE1735}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDD9FBF0-5EFC-4F2A-B935-AA84D07654ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01D6E59D-CDD6-4520-81A0-9D28C844513C}] => (Allow) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
FirewallRules: [{6FE55507-A9C4-4C11-A13F-76EE6088B2AC}] => (Allow) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
FirewallRules: [{04494928-1722-4A37-A698-41ED635E0A1C}] => (Allow) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
FirewallRules: [{A17881C3-2D81-4365-90EC-8B207631DADE}] => (Allow) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
FirewallRules: [{E4C3CDE2-54D5-4DED-B2F7-4D18D630C882}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4CEC78B5-F3CD-4B41-80C5-BB90F7E23A51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AE14A140-E96B-420A-BDE7-0F271AC02579}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1BEC09CF-E645-456E-B2A4-4F99C197DCD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D28CFFC0-2275-4411-A0B4-E20867ADF02D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EBD3DCBB-62D7-445F-9726-B89070E28D2D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{501EEBDD-FF5B-41D8-90E4-D7EABCBDF89B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB27300D-C33C-4F65-A990-BCCACA883C7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB55BFD9-C1F0-4B85-AD8F-4AC861D36644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{6E55620E-D35E-4D81-A2D9-978586653070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{FE775F47-EB85-405C-8E83-D9CB2CCCEDE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{5AC74D70-D249-4FFE-BB44-E06569934217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{2B56832D-26BD-467F-AA60-61127CF78D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lego Star Wars III - The Clone Wars\LEGOCloneWars.exe
FirewallRules: [{27920A3C-9752-409A-94EA-1185879BE43C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lego Star Wars III - The Clone Wars\LEGOCloneWars.exe
FirewallRules: [{E11A874C-942F-4BAB-8FB3-7752758486AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A61DC458-B7F8-4373-96E2-515DA84BF969}] => (Allow) LPort=2869
FirewallRules: [{471AACEA-030D-4550-81C3-B36390BA3F1A}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C3023845-F75C-466C-BCDB-17B6E3A23CB5}C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe] => (Block) C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe
FirewallRules: [UDP Query User{C83DB4DA-8432-48C7-95CA-765245A6513C}C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe] => (Block) C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe
FirewallRules: [TCP Query User{08A9ABF4-8625-4ACD-916F-B7F29E5D71E3}C:\users\h\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\h\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{BEA5E667-26F9-4162-B860-B5609C02BAB7}C:\users\h\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\h\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FD510838-F83C-4842-BD16-4944B665E544}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E61ECF-F1B8-46D6-B520-1E690B33FCA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FDCC3B3-7580-4BB3-8DEE-A082BA36C014}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{391268BC-011F-48EA-A4FE-3D45B803055E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA058369-25A8-4B09-9115-91E1610397D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{59A604A7-92EE-49CD-9F51-2AB86AF70701}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB28EA00-B738-477F-B2D2-6EC3E1295A6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{922D877A-DD14-4A66-AA62-59588EF835CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{61B3CF62-9860-4F40-AA9B-A4E84CC43CB7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E5BBB90A-138D-40C0-81D9-904A1D1D6801}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BD6FD614-9F65-466F-B448-91DB0502AF9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{448F2CC0-E33C-4554-A6B9-427825C65CC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{8417E585-122B-48E3-8861-774C1FCF24CE}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [UDP Query User{EEA07D55-90E4-415B-BBC9-2B4818D5EE69}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{380A100C-C36D-4C27-88D8-6ACAAEE4B6FC}] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{A3BB5CB5-CD90-40DB-9A3A-52AAE7725FF6}] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [TCP Query User{3AE69678-60A6-41EA-A425-17659EA93B1F}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe
FirewallRules: [UDP Query User{1C220832-0CE1-42FB-84D5-F9FF6EE6ECD9}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe
FirewallRules: [{D764039E-21B7-48B7-9E68-AE2167067E10}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{11702B0C-44BC-4AA3-B999-EB28AE6FAF9A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{A11000B8-8085-45E1-9F9E-D4811DDA0582}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{6B4754A4-4153-4DE1-B7EF-DC4871CCC66F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{0A82B40B-BDFD-4DAA-8247-C11BDB71315B}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{0EEF3910-2DE1-4011-B2A9-9F4FD0883298}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{075A2B5E-760C-4C14-A0DC-DBC2A331A8EB}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{29C64A47-91CC-4707-8B36-EA0D5411D82C}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{EE94424A-1813-454F-941C-873A8496BA12}C:\users\h\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{36DAA579-559F-43E8-95D7-F0F2381216EB}C:\users\h\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C09724F1-201D-46C7-85FC-C2339D68097D}] => (Block) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A1F6A64B-29CF-4B06-9DF4-D55180053CB0}] => (Block) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [{140AB763-4AB6-49EC-B7B4-9826FCAC9201}] => (Allow) C:\Program Files (x86)\Codemasters\FUEL\FUEL.exe
FirewallRules: [{D41FBEDB-B7C8-4649-9598-1B272A46B803}] => (Allow) C:\Program Files (x86)\Codemasters\FUEL\FUEL.exe
FirewallRules: [TCP Query User{95DC3EEB-3A45-4DF1-B3A1-E4E43383FE58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BFFF0A22-4F8E-4AB7-9AB5-A61292F3D8D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C90D5098-DB10-410B-A00F-5A86FC038A80}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4863E2D7-E59D-44CA-9A66-FD2A39DD7690}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6D1E9732-8C58-4196-B231-5331B08BFAAE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4AC45A90-1CDE-4FF0-8296-DA8E5BA3C5E3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
==================== Wiederherstellungspunkte =========================
09-05-2017 22:34:46 Windows Update
13-05-2017 21:46:19 Installed Cybereason RansomFree 2.2.7.0
16-05-2017 21:17:29 Installiert Far Cry 2
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/18/2017 06:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x175c
Startzeit der fehlerhaften Anwendung: 0x01d2cff7d474b8ff
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: 157b9cfe-3beb-11e7-bf74-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/18/2017 05:28:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1078
Startzeit: 01d2cfeab33ae837
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: a7f79746-3bde-11e7-bf73-e8039af457ef
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/18/2017 05:11:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b10
Startzeit: 01d2cfe6e877521c
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 223fc112-3bdc-11e7-bf73-e8039af457ef
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/18/2017 05:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0x01d2cfe7d2246f3b
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: 14a40c45-3bdb-11e7-bf73-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/18/2017 05:01:31 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Event-ID 1
Error: (05/18/2017 05:01:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.33.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17b0
Startzeit: 01d2cfe752911fed
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: cf8a8dd4-3bda-11e7-bf73-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/18/2017 05:00:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xe30
Startzeit der fehlerhaften Anwendung: 0x01d2cfe6ff4a4bf7
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: c3130835-3bda-11e7-bf73-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/17/2017 03:16:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147220995. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/17/2017 03:16:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147220995. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/17/2017 03:16:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People“ ist folgender Fehler aufgetreten: -2147220995. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (05/18/2017 06:54:23 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/18/2017 06:52:21 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/18/2017 06:52:20 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/18/2017 06:49:56 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/18/2017 04:58:04 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/18/2017 04:56:07 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/18/2017 04:56:07 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/18/2017 04:54:46 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/16/2017 10:00:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/16/2017 09:57:58 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
CodeIntegrity:
===================================
Date: 2017-05-10 10:34:37.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:36.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:36.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:35.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:35.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:34.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:34.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:33.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:33.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:32.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 3797.53 MB
Verfügbarer physikalischer RAM: 1543.39 MB
Summe virtueller Speicher: 5141.54 MB
Verfügbarer virtueller Speicher: 2492 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:439.21 GB) (Free:270.14 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0014168A)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 4
Adware.ChinAd, C:\Users\h\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\93beeb5b62864c1eb1f81b9ab854046e, In Quarantäne, [1126], [375557],1.0.1965
Adware.ChinAd, C:\Users\h\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1, In Quarantäne, [1126], [375557],1.0.1965
Adware.ChinAd, C:\Users\h\AppData\Local\Temp\DMR\Downloads, In Quarantäne, [1126], [375557],1.0.1965
Adware.ChinAd, C:\USERS\H\APPDATA\LOCAL\TEMP\DMR, In Quarantäne, [1126], [375557],1.0.1965
Datei: 3
PUP.Optional.DownloadSponsor, C:\USERS\H\APPDATA\LOCAL\TEMP\DMR\DMR_72.EXE, In Quarantäne, [506], [373684],1.0.1965
Adware.ChinAd, C:\USERS\H\APPDATA\LOCAL\TEMP\DMR\IOJKOKOMLTFMECQT.DAT, In Quarantäne, [1126], [375557],1.0.1965
Adware.ChinAd, C:\Users\h\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\93beeb5b62864c1eb1f81b9ab854046e\Cybereason227RansomFree.msi, In Quarantäne, [1126], [375557],1.0.1965
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Avira Funde: Code:
ATTFilter 18.05.2017, 12:09:59 [Echtzeit-Scanner] Malware gefunden
Muster 'TR/Crypt.XPACK.Gen2 [trojan]'
in Datei 'C:\Windows\Temp\365167b0-aefb-4b23-9455-fbfed32b137b\tmp0000100a\tmp000049e3' gefunden.
Durchgeführte Aktion: Datei in Quarantäne verschieben
Benutzer-SID: S-1-5-18
18.05.2017, 12:09:43 [Echtzeit-Scanner] Malware gefunden
Muster 'TR/Crypt.XPACK.Gen2 [trojan]'
in Datei 'C:\Windows\Temp\365167b0-aefb-4b23-9455-fbfed32b137b\tmp0000100a\tmp000049e3' gefunden.
Durchgeführte Aktion: Datei in Quarantäne verschieben
Benutzer-SID: S-1-5-18
16.05.2017, 12:14:32 [Echtzeit-Scanner] Malware gefunden
Muster 'TR/Crypt.XPACK.Gen2 [trojan]'
in Datei 'C:\Windows\Temp\613f356f-39f9-40f3-bf45-8508a5c3bc2a\tmp000007db\tmp0000731d' gefunden.
Durchgeführte Aktion: Datei in Quarantäne verschieben
Benutzer-SID: S-1-5-18
16.05.2017, 12:14:27 [Echtzeit-Scanner] Malware gefunden
Muster 'TR/Crypt.XPACK.Gen2 [trojan]'
in Datei 'C:\Windows\Temp\613f356f-39f9-40f3-bf45-8508a5c3bc2a\tmp000007db\tmp0000731d' gefunden.
Durchgeführte Aktion: Datei in Quarantäne verschieben
Benutzer-SID: S-1-5-18
|
|
23.05.2017, 12:48
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] hi,
__________________Bitte Avira deinstallieren. Am besten mit Revo, siehe weiter unten. Bei der Gelegenheit schmeißen wir auch anderen unnötigen Schrott mit Revo weg. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ |
|
25.05.2017, 10:06
| #4 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Danke für deine Antwort, cosinus. Habe nun besagte Programme mit Revo deinstalliert. Auch von Avira ist nichts mehr übrig. Was ist jetzt zu tun? |
|
26.05.2017, 06:31
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2017, 13:46
| #6 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] zum Verständnis: die Programme waren jetzt nicht bösartig, oder? Prinzipiell kann ich auf fast alle von denen verzichten.Mein System läuft auch besser ohne sie. Aber einige fand ich schon hilfreich( wie zB den JDownloader.) Kann ich doch später wieder installieren, oder? Ich hatte im letzten Post nicht erwähnt, dass Revo "AntimalwareEngine" nicht gefunden hat. Ich weiß nicht warum!? Hier die neuen FRST Berichte Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
durchgeführt von h (Administrator) auf NICE (26-05-2017 11:42:44)
Gestartet von C:\Users\h\Downloads
Geladene Profile: h (Verfügbare Profile: h)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Akamai Technologies, Inc.) C:\Users\h\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\h\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\h\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(CHIP) C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2796264 2017-04-10] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\h\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Akamai NetSession Interface] => C:\Users\h\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Spotify Web Helper] => C:\Users\h\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Spotify] => C:\Users\h\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-04-24] (Spotify Ltd)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MountPoints2: {cc58ae22-e978-11e3-bed3-20689d4f0ac8} - "F:\LGAutoRun.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
Startup: C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-22]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{39EF41FA-3C33-47DF-BEAA-29E4E409FEC8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C9F07D4E-D772-4C2B-BB49-7A21E60ADAE6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F319265E-6219-49D9-BDB2-7326C8156DA6}: [NameServer] 192.168.179.1
Tcpip\..\Interfaces\{F319265E-6219-49D9-BDB2-7326C8156DA6}: [DhcpNameServer] 192.168.179.1
Internet Explorer:
==================
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> DefaultScope {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {0AD69A11-BE0B-4770-8FD4-BF91E4435485} URL =
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {4B820E7B-4800-4494-9F54-289747922168} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {78E6EE3E-5CEF-4C57-BF21-F12166C15BB0} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {8411043D-2B58-4FEE-A0F1-D74FBFA013B4} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> {C88C548B-49E4-4638-8532-8369AE669CDF} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll => Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: YouProxy.YouProxy.YouProxy -> {bb4c50c9-d7f0-48ef-a67c-daf6a86830e4} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll Keine Datei
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.8.0.180\AVG Secure Search_toolbar.dll [2015-08-18] (AVG Secure Search)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
Toolbar: HKU\S-1-5-21-3774421412-1007907057-219690849-1002 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2017-04-10] (1und1 Mail und Media GmbH)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-08-18] (AVG Secure Search)
FireFox:
========
FF ProfilePath: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441 [2017-05-26]
FF Homepage: Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441 -> hxxps://annaundarthur.wordpress.com/termine/
FF Extension: (Porn Blocker) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\@porn-blocker.xpi [2016-10-21]
FF Extension: (Anti-Porn Pro - The Best Anti-Porn Addon!) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\azhang@cloudacl.com.xpi [2016-10-21]
FF Extension: (Facebook™ Disconnect) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2016-12-02]
FF Extension: (NoScript) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-05-16]
FF Extension: (Video DownloadHelper) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-11]
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2016-10-15]
FF Extension: (Adblock Plus) - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\k95qhuj9.default-1468763182441\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: (Kein Name) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-08-20] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-15] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-15] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\h\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\h\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3774421412-1007907057-219690849-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [87088 2017-03-22] (CyberGhost S.R.L)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-24] (Samsung Electronics CO., LTD.)
S3 GMX_MailCheck_Update; C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Update.exe [581352 2017-04-10] (Pixality Computersysteme GmbH)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-03-16] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2017-05-22] ()
R2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-08-18] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [Datei ist nicht signiert]
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\diMaster.dll" /prefetch:1
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 cgnetfilter1521; C:\WINDOWS\System32\drivers\cgnetfilter1521.sys [84768 2017-03-22] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-05-25] (Malwarebytes)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2015-07-16] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-12] (Windows (R) 2003 DDK 3790 provider)
S1 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
S1 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S1 BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [X]
R1 IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150817.001\IDSvia64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\EX64.SYS [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-25 09:36 - 2017-05-25 09:36 - 00001050 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-05-25 09:36 - 2017-05-25 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-05-25 09:36 - 2017-05-25 09:36 - 00000000 ____D C:\Program Files\VS Revo Group
2017-05-25 09:35 - 2017-05-25 09:36 - 07178424 _____ (VS Revo Group ) C:\Users\h\Downloads\revosetup_v2.0.3.exe
2017-05-18 20:15 - 2017-05-19 18:15 - 00000000 ____D C:\Users\h\Desktop\LFILES
2017-05-18 19:32 - 2017-05-18 19:35 - 00064884 _____ C:\Users\h\Downloads\Addition.txt
2017-05-18 19:29 - 2017-05-26 11:44 - 00027686 _____ C:\Users\h\Downloads\FRST.txt
2017-05-18 19:27 - 2017-05-26 11:42 - 00000000 ____D C:\FRST
2017-05-18 19:19 - 2017-05-18 19:19 - 02429952 _____ (Farbar) C:\Users\h\Downloads\FRST64.exe
2017-05-14 00:13 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-14 00:13 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-13 21:42 - 2017-05-13 21:42 - 01496584 _____ C:\Users\h\Downloads\RansomFree Schutz vor WannaCry - CHIP-Installer.exe
2017-05-10 10:01 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 10:01 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-05-10 10:01 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 10:01 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 10:01 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-10 10:01 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 10:01 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 10:01 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-10 10:01 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 10:01 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 10:01 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 10:01 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-10 10:01 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 10:01 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 10:01 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 10:01 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 10:01 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 10:01 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 10:01 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 10:01 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 10:01 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 10:01 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 10:01 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 10:01 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 10:01 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 10:01 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-05-10 10:01 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 10:01 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 10:01 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 10:01 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 10:01 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 10:01 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-10 10:01 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-05-10 10:01 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 10:01 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 10:01 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 10:01 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 10:01 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-05-10 10:01 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-05-10 10:01 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-05-10 10:01 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-10 10:01 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-10 10:01 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-10 10:01 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-05-10 10:01 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-05-10 10:01 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-05-10 10:00 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 10:00 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-05-10 10:00 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 10:00 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 10:00 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 10:00 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 10:00 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-05-10 10:00 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-05-10 10:00 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-05-10 10:00 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 10:00 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 10:00 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 10:00 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 10:00 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 10:00 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 10:00 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 10:00 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-05-10 10:00 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 10:00 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 10:00 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 10:00 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 10:00 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 10:00 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-10 10:00 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-05-10 10:00 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-05-10 10:00 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-05-10 10:00 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-05-10 10:00 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-05-10 10:00 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-10 10:00 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-05-10 10:00 - 2017-03-08 04:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-05-09 22:40 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-05-09 22:40 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-05-09 22:39 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-05-09 22:39 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-05-06 21:44 - 2017-05-06 21:48 - 00000000 ____D C:\Users\TEMP.NICE.000\AppData\Local\Packages
2017-05-06 21:44 - 2017-05-06 21:48 - 00000000 ____D C:\Users\TEMP.NICE.000
2017-05-05 21:35 - 2017-05-18 16:59 - 00000000 ____D C:\Users\h\AppData\Roaming\Skype
2017-05-05 21:35 - 2017-05-05 21:35 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ____D C:\Users\h\Tracing
2017-05-05 21:35 - 2017-05-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-05 21:34 - 2017-05-05 21:35 - 00000000 ____D C:\ProgramData\Skype
2017-05-05 21:30 - 2017-05-05 21:31 - 01631704 _____ (Skype Technologies S.A.) C:\Users\h\Downloads\SkypeSetup.exe
2017-05-02 23:28 - 2017-05-02 23:28 - 00000000 ____D C:\Users\h\AppData\Local\My Games
2017-05-02 14:37 - 2017-05-02 14:37 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2017-04-30 21:55 - 2017-04-30 21:55 - 00000000 ____D C:\Users\h\Documents\Electronic Arts
2017-04-30 21:19 - 2017-04-30 21:19 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2017-04-30 21:19 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2017-04-30 21:18 - 2017-04-30 21:18 - 00002110 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2017-04-30 19:30 - 2017-04-30 19:30 - 00000000 ____D C:\Users\h\AppData\Roaming\FUEL
2017-04-30 19:22 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-04-30 19:06 - 2017-04-30 19:06 - 00000000 ____D C:\Users\h\AppData\Roaming\InstallShield Installation Information
2017-04-30 19:05 - 2017-04-30 19:05 - 00000000 ____D C:\Program Files (x86)\Codemasters
2017-04-28 19:51 - 2017-04-28 19:51 - 00000000 ____D C:\Users\h\Documents\Eidos
2017-04-27 19:06 - 2017-04-27 19:06 - 01496584 _____ C:\Users\h\Downloads\Far Cry 2 Patch - CHIP-Installer.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-26 11:45 - 2016-01-09 20:56 - 00000000 ____D C:\Users\h\AppData\Roaming\vlc
2017-05-26 10:56 - 2012-08-23 06:32 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2017-05-26 10:41 - 2015-06-02 18:07 - 00003898 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6BC42FF6-E8FF-496F-834E-72144BBBDEE5}
2017-05-25 19:19 - 2013-04-20 20:26 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3774421412-1007907057-219690849-1002
2017-05-25 10:55 - 2014-02-10 21:00 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2017-05-25 10:43 - 2015-08-21 15:35 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-25 10:42 - 2012-08-23 06:25 - 00000000 ____D C:\ProgramData\WinClon
2017-05-25 10:38 - 2013-04-21 19:29 - 00000000 ____D C:\Users\h\AppData\Local\CrashDumps
2017-05-25 10:34 - 2016-12-16 20:09 - 00000000 ____D C:\Users\h\AppData\LocalLow\Mozilla
2017-05-25 10:32 - 2016-12-22 21:43 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-25 10:32 - 2015-02-10 13:45 - 00000000 ___RD C:\Users\h\OneDrive
2017-05-25 10:30 - 2014-08-29 09:18 - 00000394 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2017-05-25 10:30 - 2014-08-29 09:18 - 00000394 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2017-05-25 10:30 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-25 10:30 - 2013-04-21 21:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-25 10:29 - 2016-12-15 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-25 10:29 - 2013-08-03 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-25 10:28 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-05-25 10:16 - 2013-04-21 19:13 - 00000000 ____D C:\Users\h\AppData\LocalLow\Adobe
2017-05-25 09:51 - 2016-12-22 21:15 - 00000000 ____D C:\ProgramData\Lavasoft
2017-05-24 22:36 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-23 22:10 - 2013-08-14 12:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 22:06 - 2013-04-22 09:57 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 18:58 - 2016-12-10 22:30 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-05-23 18:58 - 2012-08-23 05:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-23 11:25 - 2015-05-19 23:12 - 00000000 ____D C:\Users\h\Desktop\Kunst
2017-05-23 00:15 - 2016-12-13 22:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-23 00:12 - 2013-04-30 22:57 - 00000000 ____D C:\Program Files (x86)\Ambient Design
2017-05-22 17:56 - 2017-02-28 21:07 - 00107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-05-22 17:55 - 2017-02-28 21:07 - 02250024 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2017-05-19 20:09 - 2017-04-24 21:58 - 00000000 ____D C:\Users\h\AppData\Local\Spotify
2017-05-19 20:09 - 2017-04-24 21:54 - 00000000 ____D C:\Users\h\AppData\Roaming\Spotify
2017-05-19 17:39 - 2016-11-20 14:05 - 00003860 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1479643490
2017-05-19 17:39 - 2016-11-20 14:05 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-19 17:39 - 2016-11-20 14:04 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-16 22:18 - 2016-09-28 20:38 - 00000000 ____D C:\Users\h\Documents\My Games
2017-05-16 21:37 - 2017-02-28 21:07 - 00107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-05-15 21:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-15 21:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-15 21:22 - 2013-08-03 23:24 - 00004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-15 21:18 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Oracle
2017-05-15 21:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-14 22:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2017-05-14 18:09 - 2016-08-29 10:06 - 00000000 ____D C:\Program Files\Java
2017-05-14 18:09 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-14 18:08 - 2016-08-29 10:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-05-14 00:10 - 2013-08-22 16:44 - 00447488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-13 23:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-10 12:58 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 10:15 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-05 21:35 - 2015-02-10 12:43 - 00000000 ____D C:\Users\h
2017-04-30 20:45 - 2017-02-25 20:33 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2017-04-26 00:10 - 2013-04-20 20:15 - 00000000 ____D C:\Users\h\AppData\Local\Packages
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-04-11 20:42 - 2015-04-11 20:42 - 0196076 _____ () C:\Users\h\AppData\Local\38C2540F_stp.CIS
2015-04-11 20:42 - 2015-04-11 20:42 - 0000290 _____ () C:\Users\h\AppData\Local\38C2540F_stp.CIS.part
2015-04-11 20:40 - 2015-04-11 20:40 - 0385602 _____ () C:\Users\h\AppData\Local\5D515C96_stp.CIS
2015-04-11 20:40 - 2015-04-11 20:40 - 0000220 _____ () C:\Users\h\AppData\Local\5D515C96_stp.CIS.part
2015-04-11 20:42 - 2015-04-11 20:42 - 1509462 _____ () C:\Users\h\AppData\Local\69DD7379_stp.CIS
2015-04-11 20:42 - 2015-04-11 20:42 - 0000295 _____ () C:\Users\h\AppData\Local\69DD7379_stp.CIS.part
2015-09-14 22:46 - 2015-09-14 22:46 - 0005120 _____ () C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-10 19:23 - 2017-03-10 19:23 - 0000089 _____ () C:\Users\h\AppData\Local\fusioncache.dat
2016-07-12 10:28 - 2016-07-12 10:28 - 0000844 _____ () C:\Users\h\AppData\Local\recently-used.xbel
2015-01-16 23:33 - 2015-01-16 23:33 - 0000017 _____ () C:\Users\h\AppData\Local\resmon.resmoncfg
2012-08-23 06:42 - 2012-08-08 06:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-08-23 06:42 - 2012-08-07 12:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
Einige Dateien in TEMP:
====================
2015-08-21 15:34 - 2016-10-05 22:24 - 0000000 ____D () C:\Users\h\AppData\Local\Temp\avgnt.exe
2017-05-19 20:56 - 2017-05-19 20:56 - 0208896 _____ (Sony DADC Austria AG) C:\Users\h\AppData\Local\Temp\drm_dyndata_7400005.dll
2017-05-25 11:00 - 2017-05-25 11:00 - 0035680 _____ () C:\Users\h\AppData\Local\Temp\i4jdel0.exe
2017-05-25 10:59 - 2017-05-25 10:59 - 0040448 ____N () C:\Users\h\AppData\Local\Temp\proxy_vole5558965415752078628.dll
2017-05-23 00:10 - 2015-08-18 11:44 - 2097040 _____ (AVG Technologies) C:\Users\h\AppData\Local\Temp\UNINSTALL.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-25 19:19
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-05-2017
durchgeführt von h (26-05-2017 11:46:08)
Gestartet von C:\Users\h\Downloads
Windows 8.1 (Update) (X64) (2015-02-10 11:33:54)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3774421412-1007907057-219690849-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3774421412-1007907057-219690849-1006 - Limited - Enabled)
Gast (S-1-5-21-3774421412-1007907057-219690849-501 - Limited - Disabled)
h (S-1-5-21-3774421412-1007907057-219690849-1002 - Administrator - Enabled) => C:\Users\h
HomeGroupUser$ (S-1-5-21-3774421412-1007907057-219690849-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
ArtRage Studio Pro (HKLM-x32\...\{7082E27E-2637-4ED5-9156-E19B57A3B5B0}) (Version: 3.5.4 - Ambient Design)
Autodesk SketchBook Pro 6.0.1 (HKLM-x32\...\{783C27F9-EF0B-4B81-8464-8592AE8CB5B8}) (Version: 6.01.0000 - Autodesk)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Botanicula (HKLM-x32\...\Botanicula) (Version: 1.0 - Daedalic Entertainment)
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP510 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510) (Version: - )
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Corel Painter Essentials 4 (HKLM-x32\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version: - Corel Corporation)
Corel Painter Essentials 4 (x32 Version: 4.2 - Corel Corporation) Hidden
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4415.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.7.2.1_WHQL (HKLM\...\Elantech) (Version: 11.7.2.1 - ELAN Microelectronic Corp.)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FUEL (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\{F51FF206-2273-4B3E-A90A-4752AE288C12}) (Version: 1.00.0000 - Codemasters)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Windows (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.12.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 4.0.3.0 - 1&1 Mail & Media GmbH)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM\...\Steam App 32510) (Version: - Traveller's Tales)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 45.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.0 (x86 de)) (Version: 45.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\MyFreeCodec) (Version: - )
nGlide 1.04 (HKLM-x32\...\nGlide) (Version: 1.04 - Zeus Software)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
oCam Version 370.0 (HKLM-x32\...\oCam_is1) (Version: 370.0 - hxxp://ohsoft.net/)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Stable 45.0.2552.812 (HKLM-x32\...\Opera 45.0.2552.812) (Version: 45.0.2552.812 - Opera Software)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.4.0 - Samsung Electronics CO., LTD.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version: - Ubisoft)
Spotify (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StuffIt Expander 2011 (HKLM\...\{6B62B973-49F5-4C51-B738-93B56A963417}) (Version: 15.0.1.17 - Smith Micro Software, Inc.)
Support Center (HKLM\...\{332518C0-0D31-4FFA-9D15-24C9C3D70B08}) (Version: 2.0.7 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{3B4E6027-AED5-4169-B030-B450E5A0F396}) (Version: 2.0.14 - Samsung Electronics CO., LTD.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
UE4 Prerequisites (x86) (x32 Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 26.1 - Ubisoft)
User Guide (HKLM-x32\...\{039EA659-E421-45C6-8913-BED5D69B5536}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3774421412-1007907057-219690849-1002_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01F6B9A0-CA15-46A3-8E51-4CE1B9F7AFBB} - System32\Tasks\StereoPn => C:\Users\h\AppData\Roaming\StereoPn\sterpn.exe
Task: {0A7D9EFA-2AA9-444B-8114-5F4E9E153961} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-11-05] (CHIP)
Task: {154E2819-0A69-4F32-B7E8-9ADE82864295} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {291F679A-E195-4D37-B448-90F0BA73DD07} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {30258BE9-3094-4431-B317-46BC72279FE8} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2016-03-25] (1&1 Mail & Media GmbH)
Task: {3E118B37-9ED6-44ED-BDEC-6F22731F6F7B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-15] (SEC)
Task: {43518753-E4B6-4A80-9BE4-3CD36CE5A964} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {452845B5-540D-43A4-8470-400FF0920B02} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe
Task: {473ECCD0-938F-4928-9E8D-3BAD79EB68F3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-15] (Adobe Systems Incorporated)
Task: {47AFA574-7503-4D40-80AE-18D62BFA2E13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {4E96A78A-FC15-438D-8E31-CD10F383B9F8} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {554EE7C4-77A4-4B33-B141-7A66D61F44D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {5827C3C2-464E-4F28-8AA5-2B09C1A29D53} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-08] (NVIDIA Corporation)
Task: {6F490688-8690-46FA-BBA9-0655E6923BD4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {6FBFF8F1-1F77-42B7-8305-418C5F610A93} - System32\Tasks\{4C645FA7-882A-4228-9C1B-D93CA4171B3D} => pcalua.exe -a C:\Users\h\Downloads\mpnwin303ea22.exe
Task: {70839554-B98C-4FE9-BCD4-D3769E6F70AF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe
Task: {70DADE89-37B0-4EB3-8DFC-5F9A6BCCBA04} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {7E9114A8-6D68-4B2C-9DBB-00DC4A88FE9B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-23] (Microsoft Corporation)
Task: {8BDD59B5-F2FB-4268-A626-FB5AA32880FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {8E909D3E-984C-48B6-913D-09348AD90993} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {93E59C01-EE0F-46C8-BC49-8C887B268055} - System32\Tasks\Opera scheduled Autoupdate 1479643490 => C:\Program Files (x86)\Opera\launcher.exe [2017-05-15] (Opera Software)
Task: {9AA64FD8-7838-43CE-8E19-65C81A1712CC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {AE7CA6C7-E966-45DA-99B5-9872A4FF5F9E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {C0667715-7681-4B61-AB4E-42F1065332A0} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe
Task: {C463E877-A023-48C3-B98B-7C244C0799CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C67A143E-5A1D-440F-BF6D-132AAA9C0202} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe
Task: {D968DB1E-0911-43E2-8A6A-D6D330A6B9B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {E9E02351-0485-4864-BCDE-BDF92B335A1C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {EC4921E0-CF05-48ED-9CB3-A66D47E194EB} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-22] (Samsung Electronics CO., LTD.)
Task: {F15F162E-EB1F-4A53-AC1B-712E34A2E896} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\h\AppData\Local\Microsoft\Windows\RoamingTiles\14041332540.lnk -> hxxp://www.wdr.de/tv/menschenhautnah
ShortcutWithArgument: C:\Users\h\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\14041332540.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x18da4acc -pinnedTimeHigh 0x01ce6242 -securityFlags 0x00000000 -url 0x00000025 hxxp://www.wdr.de/tv/menschenhautnah/
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-08-24 13:45 - 2012-08-24 13:45 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2017-02-28 21:07 - 2017-03-16 20:19 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-02-28 21:07 - 2017-05-22 17:56 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-02-10 12:29 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-22 21:42 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-16 23:01 - 2017-03-22 09:40 - 00310320 _____ () C:\Program Files\CyberGhost 6\MobileConcepts45.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00093232 _____ () C:\Program Files\CyberGhost 6\CyberGhost.FilterApi.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00025648 _____ () C:\Program Files\CyberGhost 6\BugSplatDotNet.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00121904 _____ () C:\Program Files\CyberGhost 6\CyberGhost.RESTCommunicator.dll
2017-04-16 23:01 - 2017-03-22 09:39 - 00169656 _____ () C:\Program Files\CyberGhost 6\Data\Firewall\x64\nfapi.DLL
2014-04-03 22:40 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-03-20 08:53 - 2014-03-20 08:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-10 13:15 - 2014-11-05 13:50 - 00056584 _____ () C:\Program Files (x86)\CHIP Updater\AbSettings.dll
2014-11-10 13:15 - 2014-11-05 13:50 - 01421576 _____ () C:\Program Files (x86)\CHIP Updater\AbGui.dll
2014-11-10 13:15 - 2014-11-05 13:50 - 00031496 _____ () C:\Program Files (x86)\CHIP Updater\AbApi.dll
2014-11-10 13:15 - 2014-11-05 13:50 - 00020744 _____ () C:\Program Files (x86)\CHIP Updater\AbStartManager.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00152000 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 02763200 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00626624 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00046016 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 12298176 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 01487808 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00083392 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 02568640 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00118720 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00267712 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00059328 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00074176 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00684480 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00833984 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00140224 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00055232 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00150464 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 01605056 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00349120 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 16:45 - 2016-06-01 16:45 - 00238016 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00051648 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00330688 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00347584 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 01521088 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00844736 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00339392 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00032704 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00056256 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00437696 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00199616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 03009472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00426432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00035264 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00455616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00135104 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 00032192 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 16:47 - 2016-06-01 16:47 - 15975872 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00916928 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00051136 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00037824 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00816576 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00133056 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00033216 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00059840 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00053696 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00043456 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 00034240 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 16:46 - 2016-06-01 16:46 - 01515456 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 01016440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-24 13:45 - 2012-08-24 13:45 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-23 06:35 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-23 06:14 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2015-08-10 03:32 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme2\img8.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SketchBook Snapshot.lnk"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "MailCheck IE Broker"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => ""
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3774421412-1007907057-219690849-1002\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9C713605-3EB5-46E4-B424-52A3E5D766ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0870D98B-FDC7-4A27-A89F-50371677BA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A24C5632-491E-4B5D-80E1-23CDC0C43CBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CB46E053-F290-402F-A4BF-F0D363049BD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{62D08DDE-8F1D-42C4-9099-99407693878F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1975958B-27CE-43B2-8FB0-D6BF103A5ABD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{01DBFFF1-270C-46E8-81C0-413DADD35393}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD3A6.tmp\SymNRT.exe
FirewallRules: [{70CA61D4-D7CE-4713-89A4-1BC2A22E84E5}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD3A6.tmp\SymNRT.exe
FirewallRules: [{2575C9E3-D863-4DD1-9DB2-E76BC970B4BE}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSF5B1.tmp\SymNRT.exe
FirewallRules: [{31CBE51D-DBDA-4290-9D76-8CDBD633CD78}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSF5B1.tmp\SymNRT.exe
FirewallRules: [{E38197A5-EF5F-4759-A3DA-46142B05FDA5}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS764B.tmp\SymNRT.exe
FirewallRules: [{F94A81DA-DD84-4600-A895-02C48B3A3EDA}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS764B.tmp\SymNRT.exe
FirewallRules: [{B4BACFFA-4D48-42EF-8244-5F7E81E95883}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD652.tmp\SymNRT.exe
FirewallRules: [{C27A9D61-5E7F-4158-8603-3C64B81B8E6F}] => (Allow) C:\Users\h\AppData\Local\Temp\7zSD652.tmp\SymNRT.exe
FirewallRules: [{C7C014EF-5B03-4B7E-8A57-8987A69CF188}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS9283.tmp\SymNRT.exe
FirewallRules: [{C9BBEE2A-3365-45FB-8A06-5C6128ECAF0E}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS9283.tmp\SymNRT.exe
FirewallRules: [{9A3B2BDD-F4C1-466E-A67F-E0BBE2885CDE}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS6817.tmp\SymNRT.exe
FirewallRules: [{B05739E5-F789-42DC-A038-087EDB06FA65}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS6817.tmp\SymNRT.exe
FirewallRules: [{21A46CD5-34F1-4E4F-80F2-F6534AFE817F}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS91DE.tmp\SymNRT.exe
FirewallRules: [{30EA79C5-575A-486F-B01C-0EFB5DE9B68E}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS91DE.tmp\SymNRT.exe
FirewallRules: [{CA55BBBA-8AC8-4937-8E24-0645050AA960}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS5264.tmp\SymNRT.exe
FirewallRules: [{555F5619-A66A-437F-A77F-54B3F0254EF6}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS5264.tmp\SymNRT.exe
FirewallRules: [{7FB3343A-6142-4AED-878B-96D619D5820B}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS3DCD.tmp\SymNRT.exe
FirewallRules: [{599ADED6-DEE3-494C-947E-D1B67D1959DF}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS3DCD.tmp\SymNRT.exe
FirewallRules: [UDP Query User{7FBE3AE7-A874-4D25-9DD0-90DAB24F91EB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{89A29B4E-209D-4146-8C9A-687C7C35640C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{03B97FC0-D857-407A-AEC3-2B03C84BCD2E}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS8098.tmp\SymNRT.exe
FirewallRules: [{B11D91A3-2F1A-4DED-BA7A-BA1E1812B385}] => (Allow) C:\Users\h\AppData\Local\Temp\7zS8098.tmp\SymNRT.exe
FirewallRules: [{237BEAC6-1FFC-47DA-88CC-A6F431BCB4FA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1834F659-CF15-452C-BEEB-A761B0A5EE37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1FB865F4-2014-41C8-BDDA-A9A623CB5C15}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B288242C-A231-4482-81B2-A4CD2AA0C83B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{074B9FFA-BEF4-4AF5-8237-52CEA32409A7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2592DA51-D3E9-4CF5-A89F-BB96ABF527E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{1B4CBF0A-E878-41FD-8034-7CB6964EEA98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5262EBF5-AD3D-40B8-BE66-18FEABA718BC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{699F193A-6751-4539-9A8D-5F178DA0D93C}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{A91B50AD-9C18-4DF7-976F-C9E7A78CF6D1}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{D8AEC545-6F8E-4894-89C4-09569D7AC53D}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{7C50BB3D-1461-4F21-B15B-97BAFDE15B30}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker 2015\MusicMaker.exe
FirewallRules: [{3F75341D-7C1E-4D84-B694-1CA6BAAE1735}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDD9FBF0-5EFC-4F2A-B935-AA84D07654ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E4C3CDE2-54D5-4DED-B2F7-4D18D630C882}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4CEC78B5-F3CD-4B41-80C5-BB90F7E23A51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AE14A140-E96B-420A-BDE7-0F271AC02579}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1BEC09CF-E645-456E-B2A4-4F99C197DCD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D28CFFC0-2275-4411-A0B4-E20867ADF02D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EBD3DCBB-62D7-445F-9726-B89070E28D2D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{501EEBDD-FF5B-41D8-90E4-D7EABCBDF89B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB27300D-C33C-4F65-A990-BCCACA883C7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB55BFD9-C1F0-4B85-AD8F-4AC861D36644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{6E55620E-D35E-4D81-A2D9-978586653070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe
FirewallRules: [{FE775F47-EB85-405C-8E83-D9CB2CCCEDE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{5AC74D70-D249-4FFE-BB44-E06569934217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{2B56832D-26BD-467F-AA60-61127CF78D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lego Star Wars III - The Clone Wars\LEGOCloneWars.exe
FirewallRules: [{27920A3C-9752-409A-94EA-1185879BE43C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lego Star Wars III - The Clone Wars\LEGOCloneWars.exe
FirewallRules: [{E11A874C-942F-4BAB-8FB3-7752758486AD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A61DC458-B7F8-4373-96E2-515DA84BF969}] => (Allow) LPort=2869
FirewallRules: [{471AACEA-030D-4550-81C3-B36390BA3F1A}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C3023845-F75C-466C-BCDB-17B6E3A23CB5}C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe] => (Block) C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe
FirewallRules: [UDP Query User{C83DB4DA-8432-48C7-95CA-765245A6513C}C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe] => (Block) C:\program files (x86)\cosmic castaway\asteroidthecrashing\binaries\win32\asteroidthecrashing-win32-shipping.exe
FirewallRules: [TCP Query User{08A9ABF4-8625-4ACD-916F-B7F29E5D71E3}C:\users\h\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\h\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{BEA5E667-26F9-4162-B860-B5609C02BAB7}C:\users\h\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\h\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FD510838-F83C-4842-BD16-4944B665E544}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89E61ECF-F1B8-46D6-B520-1E690B33FCA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FDCC3B3-7580-4BB3-8DEE-A082BA36C014}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{391268BC-011F-48EA-A4FE-3D45B803055E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA058369-25A8-4B09-9115-91E1610397D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{59A604A7-92EE-49CD-9F51-2AB86AF70701}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB28EA00-B738-477F-B2D2-6EC3E1295A6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{922D877A-DD14-4A66-AA62-59588EF835CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{61B3CF62-9860-4F40-AA9B-A4E84CC43CB7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E5BBB90A-138D-40C0-81D9-904A1D1D6801}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BD6FD614-9F65-466F-B448-91DB0502AF9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{448F2CC0-E33C-4554-A6B9-427825C65CC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{8417E585-122B-48E3-8861-774C1FCF24CE}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [UDP Query User{EEA07D55-90E4-415B-BBC9-2B4818D5EE69}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{380A100C-C36D-4C27-88D8-6ACAAEE4B6FC}] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{A3BB5CB5-CD90-40DB-9A3A-52AAE7725FF6}] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [TCP Query User{3AE69678-60A6-41EA-A425-17659EA93B1F}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe
FirewallRules: [UDP Query User{1C220832-0CE1-42FB-84D5-F9FF6EE6ECD9}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe] => (Block) C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe
FirewallRules: [{D764039E-21B7-48B7-9E68-AE2167067E10}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{11702B0C-44BC-4AA3-B999-EB28AE6FAF9A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{A11000B8-8085-45E1-9F9E-D4811DDA0582}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{6B4754A4-4153-4DE1-B7EF-DC4871CCC66F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{0EEF3910-2DE1-4011-B2A9-9F4FD0883298}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{075A2B5E-760C-4C14-A0DC-DBC2A331A8EB}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{29C64A47-91CC-4707-8B36-EA0D5411D82C}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{EE94424A-1813-454F-941C-873A8496BA12}C:\users\h\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{36DAA579-559F-43E8-95D7-F0F2381216EB}C:\users\h\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C09724F1-201D-46C7-85FC-C2339D68097D}] => (Block) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A1F6A64B-29CF-4B06-9DF4-D55180053CB0}] => (Block) C:\users\h\appdata\roaming\spotify\spotify.exe
FirewallRules: [{140AB763-4AB6-49EC-B7B4-9826FCAC9201}] => (Allow) C:\Program Files (x86)\Codemasters\FUEL\FUEL.exe
FirewallRules: [{D41FBEDB-B7C8-4649-9598-1B272A46B803}] => (Allow) C:\Program Files (x86)\Codemasters\FUEL\FUEL.exe
FirewallRules: [TCP Query User{95DC3EEB-3A45-4DF1-B3A1-E4E43383FE58}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BFFF0A22-4F8E-4AB7-9AB5-A61292F3D8D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3EACB2AC-BEE5-4B2D-A6EF-BDAC9B85321E}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
FirewallRules: [{5A8B7968-48AA-4ABB-9825-FCF21B1B1E95}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{62904404-6674-4D67-A2BA-CD0D8B69936C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{871F70AD-1975-4959-877D-8A18DF8DBB6F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8BED1BA1-9696-444D-A96A-8C1584D22589}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
==================== Wiederherstellungspunkte =========================
16-05-2017 21:17:29 Installiert Far Cry 2
22-05-2017 17:41:43 Installiert Far Cry 2
23-05-2017 18:56:01 Entfernt Far Cry 2
25-05-2017 09:40:57 Revo Uninstaller's restore point - BrowserDefender
25-05-2017 09:45:40 Revo Uninstaller's restore point - Ad-Aware Antivirus
25-05-2017 09:49:54 AA11
25-05-2017 09:53:20 Revo Uninstaller's restore point - Delta Chrome Toolbar
25-05-2017 09:55:06 Revo Uninstaller's restore point - AdblockIE
25-05-2017 09:55:34 Removed AdblockIE
25-05-2017 09:57:10 Revo Uninstaller's restore point - Adobe Acrobat Reader DC - Deutsch
25-05-2017 10:01:14 Revo Uninstaller's restore point - Adobe AIR
25-05-2017 10:08:12 Revo Uninstaller's restore point - Adobe AIR
25-05-2017 10:09:16 Revo Uninstaller's restore point - Adobe Connect 9 Add-in
25-05-2017 10:17:51 Revo Uninstaller's restore point - AVG Security Toolbar
25-05-2017 10:21:33 Revo Uninstaller's restore point - Avira Antivirus
25-05-2017 10:36:58 Revo Uninstaller's restore point - Avira Connect
25-05-2017 10:38:27 Revo Uninstaller's restore point - Avira System Speedup
25-05-2017 10:42:42 Revo Uninstaller's restore point - Avira Connect
25-05-2017 10:44:50 Revo Uninstaller's restore point - chip 1-click download service
25-05-2017 10:53:14 chip 1-click download service wurde entfernt.
25-05-2017 10:54:34 Revo Uninstaller's restore point - Norton Internet Security
25-05-2017 10:56:04 Revo Uninstaller's restore point - Norton Online Backup
25-05-2017 10:57:46 Revo Uninstaller's restore point - JDownloader 2
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/25/2017 10:38:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x1730
Startzeit der fehlerhaften Anwendung: 0x01d2d532400f1ecd
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: 7e4914ff-4125-11e7-bf75-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/25/2017 10:36:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {94f159ae-6fa5-4e86-adaf-5989d35c080c}
Error: (05/25/2017 10:36:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xeec
Startzeit der fehlerhaften Anwendung: 0x01d2d5315855eb94
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: 41ee32dd-4125-11e7-bf75-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/25/2017 10:36:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cf8
Startzeit: 01d2d5314acad1f9
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 3b10f8e8-4125-11e7-bf75-e8039af457ef
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/25/2017 10:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/25/2017 10:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NICE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/25/2017 09:33:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x1044
Startzeit der fehlerhaften Anwendung: 0x01d2d529421a6b63
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: 82c91782-411c-11e7-bf74-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/25/2017 09:32:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x184
Startzeit der fehlerhaften Anwendung: 0x01d2d5285b4596b6
Pfad der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Samsung\S Agent\CommonAgent.exe
Berichtskennung: 55852375-411c-11e7-bf74-e8039af457ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/25/2017 09:32:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1498
Startzeit: 01d2d5283d1e2c3f
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 3371ca76-411c-11e7-bf74-e8039af457ef
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/23/2017 03:02:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b14
Startzeit: 01d2d3c335ce6cd3
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 09742a13-3fb8-11e7-bf74-e8039af457ef
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Systemfehler:
=============
Error: (05/25/2017 10:57:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (05/25/2017 10:55:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2017 10:35:45 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Norton Online Backup" wurde nicht richtig gestartet.
Error: (05/25/2017 10:30:37 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/25/2017 10:30:37 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/25/2017 10:29:12 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/25/2017 10:27:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMService erreicht.
Error: (05/25/2017 10:27:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
Der Dienst wurde nicht gestartet.
Error: (05/25/2017 10:26:36 AM) (Source: DCOM) (EventID: 10010) (User: NICE)
Description: Der Server "{C25463A6-DD30-5E5A-B2C8-F8AAB590E417}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/25/2017 10:26:14 AM) (Source: DCOM) (EventID: 10010) (User: NICE)
Description: Der Server "Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
CodeIntegrity:
===================================
Date: 2017-05-10 10:34:37.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:36.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:36.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:35.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:35.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:34.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:34.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:33.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:33.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-05-10 10:34:32.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 3797.53 MB
Verfügbarer physikalischer RAM: 1397.54 MB
Summe virtueller Speicher: 5141.54 MB
Verfügbarer virtueller Speicher: 2273.08 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:439.21 GB) (Free:273.02 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0014168A)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
26.05.2017, 14:01
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] jdownloader ist bekannt für illegalen Mist. Was willst du damit?! Ständig neue Probleme? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2017, 19:39
| #8 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Ich fand ihn praktisch um Videos runterzuladen, aber wenn er "bekannt für illegalen Mist" und "Probleme" ist kann ich auch drauf verzichten. Kannst du mir später vllt eine Alternative empfehlen? - ich schaue sonst mal bei filepony (und nicht mehr bei Chip! ;-)) Was sagen die neuen FRST Logs? Geändert von NetteMario (26.05.2017 um 20:08 Uhr) |
|
27.05.2017, 14:13
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2017, 11:46
| #10 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Hey, ich habe nix gefunden. Somit war auch kein Cleanup nötig. ABER im Anschluss habe ich den PC neu gestartet und nun ist es ganz komsich. Nach dem Neustart habe ich mich mit meinem WIndows Profil wie gehabt angemeldet. Die Desktop-Ansicht fing an zu laden und sich langsam aufzubauen. Doch plötzlich wurde kurz der Bildschirm schwarz und das Laden begann von vorne. Das wiederholt sich nun in Endlosschleife. Einstellung oder alles andere lässt sich nicht öffen, da mir bloß ein ca 1 Sekunden Fenster bleibt um übehaupt etwas anzuklicken, bis der Bildschirm wieder schwarz wird. Mit STRG + ALT + ENTF habe ich zumindest wieder die Kontrolle bekommen. und konnte im Abgesicherten Modus starten. Starte ich Normal, macht er diesen oben genannten Unfug. Bin gerade mit einem Temporären Profil angemeldet und kann daher nicht auf die LOGdatein des ANTI ROOTKIT zugreifen. Weißt du was los ist? |
|
28.05.2017, 12:56
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] dein Benutzerprofil ist schrott. Was du da gemacht hast weiß man nicht. Erstell einen neuen Benutzer mit Adminrechten über die Systemsteuerung und mach mit dem weiter. Deine eigenen Dateien vom alten User findest du unter c:\users bzw c:\benutzer außerdem ist da noch viel Norton-Schrott drauf, bitte damit alles entfernen --> http://liveupdate.symantecliveupdate...e/RnR/NRnR.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2017, 15:12
| #12 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] hey, hab gerade viel zu tun, melde mich spätestens morgen wieder. Grüße |
|
31.05.2017, 18:14
| #13 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] soo, alles erledigt (neues Profil, boot-Problem gelöst,Anti-RootKit scannen lassen) mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.05.31.07
rootkit: v2017.05.27.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18666
Kris :: NICE [administrator]
31.05.2017 15:31:21
mbar-log-2017-05-31 (15-31-21).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 393489
Time elapsed: 1 hour(s), 38 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
01.06.2017, 07:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2017, 19:52
| #15 |
| | Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] Nabend, beim adwcleaner ist mir ein kleiner Fehler unterlaufen. Während des Löschens ist mir aufgefallen, dass ich ihn noch im Downloadordner habe. Also habe ich Ihn beim Löschen auf den Dektop geschoben. Er meldete einen Fehler und beendetet den Vorgang. Und ich lies ihn noch mal vom Desktop aus starten. Er fand nun 20 Probleme weniger. Wohl weil er schon beim 1. Mal ein paar gelöscht hatte. Die tauchen jetzt wohl nicht im Bericht auf, oder? adwcleaner Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 01/06/2017 um 20:36:49
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-05-31.2 [Lokal]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Kris - NICE
# Gestartet von : C:\Users\Kris\Desktop\AdwCleaner_6.047.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Aufgabe gelöscht: AVG-Secure-Search-Update_0814tb_rmv
[-] Aufgabe gelöscht: AVG-Secure-Search-Update_0814tb_rmv
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\5e0df8ae66dea48
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\AVG Secure Search
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Myfree Codec
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Softonic
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\delta
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\AppDataLow\Software\adawarebp
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel gelöscht: HKLM\SOFTWARE\AVG Secure Search
[-] Schlüssel gelöscht: HKLM\SOFTWARE\AVG Security Toolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Schlüssel gelöscht: HKLM\SOFTWARE\delta
[-] Schlüssel gelöscht: HKU\S-1-5-21-3774421412-1007907057-219690849-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Schlüssel mit Neustart gelöscht: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [6006 Bytes] - [01/06/2017 20:36:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [6906 Bytes] - [01/06/2017 20:27:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [5971 Bytes] - [01/06/2017 20:35:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6225 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Kris (Administrator) on 01.06.2017 at 20:44:10,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Deleted the following from C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\9ie3077f.default\prefs.js
user_pref(browser.startup.homepage, hxxps://www.ixquick.de/deu/#hmb);
Registry: 4
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb4c50c9-d7f0-48ef-a67c-daf6a86830e4} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb4c50c9-d7f0-48ef-a67c-daf6a86830e4} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2017 at 20:47:22,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
| Themen zu Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan] |
| ad-aware, adware.chinad, akamai, antivirus, avira, booten, desktop, flash player, installation, keine rückmeldung, langsam, malwarebytes anti-malware, mozilla, problem, prozesse, realtek, registry, scan, secure search, security, sekunden, software, svchost.exe, symantec, system, tr/crypt.xpack.gen, trojan, wlan |
![Win 8.1, Malewarebytes findet Adware.ChinAd immer wieder , letzte Funde Avira: TR/Crypt.XPACK.Gen2 [trojan]](iconimages/log-analyse-auswertung/win-8-1-malewarebytes-findet-adware-chinad-immer-letzte-funde-avira-tr-crypt-xpack-gen2-trojan_ltr.gif)
dann auf 
und dann auf 
. 
Linear-Darstellung
