| |
| |||||||
Log-Analyse und Auswertung: Weiterleitung auf fremde SeiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.06.2016, 12:06
| #7 |
 |  Weiterleitung auf fremde Seite Servus, und los geht es: Fixlog.txt: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von Mandy85 (2016-06-13 12:47:38) Run:1
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Hosts: 127.0.0.1 clients2.google.com
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
C:\ProgramData\VideoFetcher
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
Unlock: C:\FRST
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
Und Systemlook.txt: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 12:48 on 13/06/2016 by Mandy85
Administrator - Elevation successful
========== regfind ==========
Searching for "VideoFetcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE810D14-84E3-4AF4-8AF9-B97792B13978}]
"Path"="\Microsoft\Windows\Media Center\VideoFetcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE810D14-84E3-4AF4-8AF9-B97792B13978}]
"URI"="\Microsoft\Windows\Media Center\VideoFetcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VideoFetcher]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VideoFetcher_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\VideoFetcher_RASMANCS]
Searching for "Web Companion"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"DisplayName"="Web Companion"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LavasoftTcpService]
"Description"="Lavasoft service for supporting the Web Companion family of applications"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LavasoftTcpService]
"ImagePath"="C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService]
"Description"="Lavasoft service for supporting the Web Companion family of applications"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService]
"ImagePath"="C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe"
Searching for "webcompanion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\WebCompanion.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aff566ab-c960-452f-9b59-77f0981ce4d7}]
"UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com]
Searching for "StarkIndustry"
[HKEY_CURRENT_USER\SOFTWARE\StarkIndustry]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\650F32AB9A493B5498422EF35D41C854]
"0964FD3B82A837141BDCE75F4F3CB069"="01:\Software\StarkIndustry\AdBlocker\installed"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F75D64D236F9DE44C8D0A96B055AD732]
"0964FD3B82A837141BDCE75F4F3CB069"="02:\Software\StarkIndustry\AdBlocker\Active"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0964FD3B82A837141BDCE75F4F3CB069\InstallProperties]
"Publisher"="StarkIndustry"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}]
"Publisher"="StarkIndustry"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3DF4690-8A28-4173-B1CD-7EF5F4C30B96}]
"Publisher"="StarkIndustry"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\StarkIndustry]
[HKEY_USERS\S-1-5-21-2819549147-2898331595-3477625086-1001\SOFTWARE\StarkIndustry]
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="5.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="5.0"/> <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/> <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/> <Param Name="SessionConfigurationData" Value="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="5.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
-= EOF =-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
durchgeführt von Mandy85 (Administrator) auf MANDY (13-06-2016 12:52:26)
Gestartet von C:\Users\Mandy85\Desktop
Geladene Profile: Mandy85 (Verfügbare Profile: Mandy85)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-04-11] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [759696 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Run: [Dropbox Update] => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-07] (Dropbox, Inc.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\MountPoints2: {7dbe2de1-c2f3-11e3-be7c-089e01e6ef9a} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cd1ff5b1-c692-4e4d-aee3-93493828d56c}: [DhcpNameServer] 192.168.178.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.gwdg.de/CACHE/stc/6/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Ad-Aware Ad Block - C:\Users\Mandy85\AppData\Roaming\Mozilla\Firefox\Profiles\4rjilx6g.default-1465565963730\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2016-06-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-23] (Digital Wave Ltd.)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 AdBlockerService; "C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe" [X]
U2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-06-10] ()
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-10] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-13 12:52 - 2016-06-13 12:53 - 00015724 _____ C:\Users\Mandy85\Desktop\FRST.txt
2016-06-13 12:48 - 2016-06-13 12:51 - 00014568 _____ C:\Users\Mandy85\Desktop\SystemLook.txt
2016-06-13 12:48 - 2016-06-13 12:48 - 00165376 _____ C:\Users\Mandy85\Desktop\SystemLook_x64.exe
2016-06-13 12:47 - 2016-06-13 12:47 - 00002910 _____ C:\Users\Mandy85\Desktop\Fixlog.txt
2016-06-13 12:47 - 2016-06-13 12:47 - 00002417 _____ C:\Users\Mandy85\Desktop\Fixlist.txt
2016-06-13 12:47 - 2016-06-13 12:47 - 00000000 ____D C:\Users\Mandy85\Desktop\FRST-OlderVersion
2016-06-11 16:06 - 2016-06-11 16:11 - 00263128 _____ C:\TDSSKiller.3.1.0.9_11.06.2016_16.06.45_log.txt
2016-06-11 16:05 - 2016-06-11 16:06 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mandy85\Desktop\tdsskiller.exe
2016-06-11 15:59 - 2016-06-13 12:47 - 02385408 _____ (Farbar) C:\Users\Mandy85\Desktop\FRST64.exe
2016-06-11 15:59 - 2016-06-13 12:47 - 00000000 ____D C:\FRST
2016-06-10 20:26 - 2016-06-10 20:26 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-06-10 17:09 - 2016-06-10 19:07 - 00000000 ____D C:\Program Files\Reason
2016-06-10 15:28 - 2016-06-10 15:28 - 00000578 _____ C:\WINDOWS\system32\.crusader
2016-06-10 15:22 - 2016-06-10 15:22 - 00000385 _____ C:\Users\Mandy85\AppData\Roaminguser_gensett.xml
2016-06-10 15:17 - 2016-06-11 11:01 - 00004718 _____ C:\bdlog.txt
2016-06-10 15:16 - 2016-06-10 15:16 - 00000000 ____D C:\Users\Mandy85\AppData\Temp
2016-06-10 15:06 - 2016-06-10 15:06 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-10 15:04 - 2016-06-10 15:04 - 00002278 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-06-10 15:04 - 2016-06-10 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-06-10 15:03 - 2016-06-10 15:03 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-10 15:03 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-06-10 15:03 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-10 15:02 - 2016-06-10 15:11 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Bitdefender
2016-06-10 15:02 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-06-10 15:02 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-06-10 15:02 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-06-10 15:02 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-06-10 14:57 - 2016-06-10 15:12 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\QuickScan
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-10 14:57 - 2016-06-10 14:57 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-10 14:57 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-06-10 14:57 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-06-10 14:49 - 2016-06-10 14:49 - 00019992 _____ C:\Users\Mandy85\Desktop\bookmarks-2016-06-10.json
2016-06-10 14:26 - 2016-06-10 20:27 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-10 14:25 - 2016-06-10 15:28 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-10 13:06 - 2016-06-10 20:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-10 13:05 - 2016-06-10 13:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-10 12:48 - 2016-06-10 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-10 12:43 - 2016-06-10 12:43 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-06-10 12:36 - 2016-06-10 12:36 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-10 12:34 - 2016-06-13 12:45 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-10 12:34 - 2016-06-10 12:34 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-06-10 12:13 - 2016-04-22 09:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-10 12:05 - 2016-06-10 12:05 - 00000000 ____D C:\OETemp
2016-06-10 12:03 - 2016-06-10 12:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-06-10 12:03 - 2016-06-10 12:09 - 00031443 _____ C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
2016-06-10 12:03 - 2016-06-10 12:09 - 00003718 _____ C:\WINDOWS\System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130
2016-06-10 12:02 - 2016-06-10 12:02 - 00001542 ____S C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefoх.lnk
2016-06-10 12:02 - 2016-06-10 12:02 - 00000000 ____D C:\ProgramData\VideoFetcher
2016-06-10 10:47 - 2016-06-10 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 15:34 - 2016-06-07 15:34 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-06 13:52 - 2016-06-06 13:52 - 01661549 _____ C:\Users\Mandy85\Desktop\BKK Bonusprogramm Hrube.pdf
2016-06-06 11:00 - 2016-06-06 11:00 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 11:00 - 2016-06-06 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 10:59 - 2016-06-06 11:00 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files\iPod
2016-06-06 10:59 - 2016-06-06 10:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-29 10:49 - 2016-05-29 11:03 - 00000000 ____D C:\Users\Mandy85\Desktop\Bewerbung
2016-05-28 15:32 - 2016-05-28 15:32 - 00000000 ____D C:\$SysReset
2016-05-17 10:33 - 2016-05-17 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-13 12:47 - 2014-04-13 00:05 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-13 12:31 - 2016-05-07 11:26 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job
2016-06-13 11:31 - 2016-05-07 11:26 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job
2016-06-13 10:48 - 2014-08-31 14:59 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E328451F-3FA5-4D5A-A3C6-266B1F172D19}
2016-06-13 10:46 - 2016-03-13 11:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-13 10:46 - 2014-08-29 13:23 - 00000000 __SHD C:\Users\Mandy85\IntelGraphicsProfiles
2016-06-12 20:59 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Deployment
2016-06-12 20:58 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\Packages
2016-06-12 12:06 - 2015-09-12 09:15 - 00000098 _____ C:\Users\Mandy85\Desktop\to do.txt
2016-06-12 11:48 - 2016-05-07 17:48 - 00000000 ____D C:\Users\Mandy85\Desktop\Schuldrecht
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 15:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-11 11:01 - 2016-03-13 12:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 11:01 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-11 10:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-10 20:17 - 2014-04-10 17:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-10 20:13 - 2012-07-26 07:26 - 00000234 _____ C:\WINDOWS\win.ini
2016-06-10 19:27 - 2015-08-30 11:39 - 00000000 ____D C:\ProgramData\PDF Architect 3
2016-06-10 19:26 - 2015-12-27 13:40 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-06-10 18:15 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-10 18:10 - 2014-04-08 19:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-10 16:47 - 2014-04-08 18:50 - 00000000 ____D C:\Users\Mandy85\AppData\Local\VirtualStore
2016-06-10 16:19 - 2014-08-08 10:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 15:56 - 2014-05-21 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-10 15:56 - 2014-05-21 10:58 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-10 13:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Lavasoft
2016-06-10 12:58 - 2015-08-30 11:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-06-10 12:57 - 2015-08-30 11:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-06-10 12:23 - 2014-04-08 19:16 - 00000000 ____D C:\ProgramData\Avira
2016-06-10 12:08 - 2014-04-08 19:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-10 12:07 - 2014-04-08 19:20 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Avira
2016-06-10 11:53 - 2012-03-11 20:27 - 00000000 ___RD C:\Users\Mandy85\Desktop\Diverses
2016-06-10 11:52 - 2014-04-10 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:35 - 2016-05-02 10:07 - 00000783 _____ C:\Users\Mandy85\Desktop\to do allgemein.txt
2016-06-09 17:04 - 2015-10-30 20:35 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-09 17:04 - 2015-10-30 20:35 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-09 17:04 - 2015-10-20 22:15 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-07 15:34 - 2014-04-13 17:27 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Dropbox
2016-06-06 10:59 - 2014-04-13 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-05 17:54 - 2014-06-29 16:40 - 00000000 ____D C:\Users\Mandy85\Desktop\Musik
2016-06-05 10:10 - 2016-03-28 10:29 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\DVDVideoSoft
2016-06-03 15:41 - 2014-04-08 19:16 - 00000000 ____D C:\Users\Mandy85\AppData\Roaming\Skype
2016-06-03 15:37 - 2014-04-08 19:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Users\Mandy85\AppData\Local\PokerStars.EU
2016-06-02 17:41 - 2014-08-31 18:12 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2016-06-02 13:44 - 2015-11-22 15:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-28 15:18 - 2016-02-01 12:46 - 00000000 ____D C:\Users\Mandy85\AppData\Local\MicrosoftEdge
2016-05-19 11:56 - 2015-10-20 22:34 - 00002432 _____ C:\Users\Mandy85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 11:56 - 2015-10-20 22:34 - 00000000 ___RD C:\Users\Mandy85\OneDrive
2016-05-17 18:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\ProgramData\Cisco
2016-05-17 10:33 - 2014-04-10 14:09 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-05-14 16:53 - 2016-03-13 11:53 - 00000000 ____D C:\Users\Mandy85
2016-05-14 13:51 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-07-10 11:52 - 2014-07-10 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-10-05 17:45 - 2013-10-05 17:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-21 10:57 - 2016-06-10 18:13 - 0002894 _____ () C:\ProgramData\hpzinstall.log
2015-08-15 11:51 - 2015-08-25 21:00 - 0000528 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
Einige Dateien in TEMP:
====================
C:\Users\Mandy85\AppData\Local\Temp\adblocker4.exe
C:\Users\Mandy85\AppData\Local\Temp\avgnt.exe
C:\Users\Mandy85\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz7p5tx.dll
C:\Users\Mandy85\AppData\Local\Temp\HitmanPro.exe
C:\Users\Mandy85\AppData\Local\Temp\libeay32.dll
C:\Users\Mandy85\AppData\Local\Temp\msvcr120.dll
C:\Users\Mandy85\AppData\Local\Temp\sparpilot_installmonster.exe
C:\Users\Mandy85\AppData\Local\Temp\sqlite3.dll
C:\Users\Mandy85\AppData\Local\Temp\startipm.bat.exe
C:\Users\Mandy85\AppData\Local\Temp\VideoBox.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-06 10:49
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
durchgeführt von Mandy85 (2016-06-13 12:53:54)
Gestartet von C:\Users\Mandy85\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-13 10:24:46)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2819549147-2898331595-3477625086-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2819549147-2898331595-3477625086-503 - Limited - Disabled)
Gast (S-1-5-21-2819549147-2898331595-3477625086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2819549147-2898331595-3477625086-1005 - Limited - Enabled)
Mandy85 (S-1-5-21-2819549147-2898331595-3477625086-1001 - Administrator - Enabled) => C:\Users\Mandy85
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
AdBlocker (HKLM-x32\...\{3ad3263c-cc1b-432e-bf08-9059586c7d7a}) (Version: 4.1.1.0 - StarkIndustry) <==== ACHTUNG
AdBlocker (x32 Version: 4.1.1.0 - StarkIndustry) Hidden <==== ACHTUNG
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.13015 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.13015 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Web Companion (HKLM-x32\...\{aff566ab-c960-452f-9b59-77f0981ce4d7}) (Version: 2.3.1384.2669 - Lavasoft)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {009C2EAD-BCCE-428B-8764-FA0FE89C67DA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {0DF17164-6E75-4C74-86AB-5EA7988A1FAA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {219292A0-E379-4E1E-8BE8-55DC79AEAD1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23969FDE-1588-404A-AE41-51F3760E9905} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {28E478A1-BD8B-420D-B002-87FE4B04C11A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {31988C96-2A9C-4316-95FB-4484ED042B0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {330A7D6E-B7AC-4A57-93E6-709BF7402126} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {39F28A47-0D3E-4C86-90FD-D0EF768E8179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3AF54698-227D-4EE5-8D87-91D9FD5C04C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-07] (Dropbox, Inc.)
Task: {552ED0A1-D4A0-49D7-A22D-6392EF807322} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {575145B1-F06C-44FF-9BAC-9C782313EEC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {6FF28BBC-80F5-420B-A3C0-B55A144BF03C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7738D642-2C81-4F34-9527-53B972F0554F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {84843A29-6A20-4951-921F-85A1AD08A7B6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {931A48DE-860F-4B3E-8BB6-97F75A48AED3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {974AE9E6-D2CA-4431-9F86-B33D1A78F0CE} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {A615A25C-5CCE-46F5-A76F-7CE29AD6DB80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {B0C4191A-59B4-447B-8F04-69017BA89B2F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C00BE087-1242-4F15-9BCD-2FE67A927D22} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {C4B6A259-F0AC-4A76-80FC-9278A25D8B3B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {CA7D06D2-26FD-4CB1-A507-907D493876B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CE810D14-84E3-4AF4-8AF9-B97792B13978} - System32\Tasks\Microsoft\Windows\Media Center\VideoFetcher => C:\ProgramData\VideoFetcher\VideoFetcher.exe [2016-05-25] () <==== ACHTUNG
Task: {CF83D749-069F-4351-A617-3A2796FD7C71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {D8AE62FC-6424-44AF-B768-0A1CB9F27F6D} - System32\Tasks\bfb7fa6bca096f3265eaf861e87a9130 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\bfb7fa6bca096f3265eaf861e87a9130.ps1
Task: {DDA4AC88-DA03-44A2-9EB5-19F4B8253AEC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E3201634-DB57-4D3E-A28B-A501CC9C0168} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {E7BE02EC-B677-4A4D-BBCD-6FF28000BBF1} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {E7C36DA6-BA32-4825-8E33-6127E1DF742D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F74F3580-506E-4AD3-A7D8-6389C27C5122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {FB5DD166-45D2-4E6D-B259-56E52A17C6CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001Core.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2819549147-2898331595-3477625086-1001UA.job => C:\Users\Mandy85\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-06-10 15:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-06-10 15:02 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-06-10 15:02 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 08:21 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 11:56 - 2016-05-19 11:56 - 00959168 _____ () C:\Users\Mandy85\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-10-05 18:03 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-05-11 14:22 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:22 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:22 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-13 11:35 - 2016-03-13 11:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:21 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-23 15:27 - 2015-12-23 15:27 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Mandy85\Desktop\SystemLook_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Mandy85\Desktop\tdsskiller.exe:BDU [0]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\localhost -> localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2016-06-13 12:45 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 clients2.google.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandy85\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-2819549147-2898331595-3477625086-1001\...\StartupApproved\Run: => "BrowserChoice"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE16DB55-3448-41B4-AEBB-6B0D5139FDFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10B8F0E-BC5F-4BBD-9984-DACACF091B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C82A3AA-44CF-4DB2-A42B-2F1A17F7D0CB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{726538A5-3BCE-41FB-8E5C-F068CCDDF1CB}] => (Allow) LPort=5357
FirewallRules: [{3731ECD6-96F2-4875-8A29-A93E0777BA3D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{834FADE1-CBBE-4F12-ABD0-D24A4C978059}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{D0627080-2107-42E9-9D6F-A55DA805090A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E77F4DCB-DEED-480D-BC55-17A4A9589883}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2714E79-59AF-4429-9A06-E70D9E4CFA78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F735367C-889F-4A83-917C-5AB8BB9C08B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{80F933EF-B441-42A8-BED9-370EBF11F053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{FDEDE01A-0AD2-4F5E-8691-688D1D5F9774}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A9247B39-67D4-4687-AEAE-59A9CB7DB090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BF054137-D8BB-41B1-8131-892016F8311D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E38BB25F-F9E1-47CE-BA4E-0C5872373956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7EAB9F98-68F5-4147-AA22-5EE8EEE010AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A6E78499-1F62-40A8-9692-59B9B1FE8832}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CA47D9D6-D151-41FB-8530-87C18646810E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC72F3E7-DD52-4C40-8911-D920DE52448D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5F72E62-61BC-4A22-A352-35ECCDDF440D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{133DBA7E-71BF-4714-85D9-E76B17757309}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FFC6105F-3FDB-4041-89EE-A5D399A1FAE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{78BDA0A5-8379-4E3F-9DD8-4BB20F3E950A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{60ED60ED-A553-465F-907D-4BB761AE265C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FCBC375E-6537-428F-981A-E8EBF8D11242}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F684E320-6333-427A-A285-09D6FAB2D2C1}] => (Allow) C:\Users\Mandy85\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9C587CE-B4DD-45AA-9E15-36915C96F8D9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CC6346B-C836-495B-B70D-C36652E0BF04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ACBB40FA-0747-4562-9562-4546B7BC58B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5933716-2F7C-4D8C-A736-1BB175A9A2C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C145D6A-789F-4542-896C-1AE84640A05B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5D7C4460-1404-4AA0-BAAD-FF2CACEA4F14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{605BB654-018F-4AF8-BD35-9CCBA2184B75}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29891796-F3C2-4651-9A1C-E5318EA7F5E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{560DD717-0809-4E71-881F-7973A916AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{147DD520-8B5B-4E0F-8139-04F38517F780}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{75833E1C-313A-4269-BF0E-F6C3A39EAEA2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{32E4CE4F-1B82-42FB-8C10-BB9D269DE2E7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8CF1B0BD-91BA-458C-A66F-AFF7936A1236}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{AF748F03-5979-4B89-B0F8-1ECF60ADBBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2AC2B658-5E33-457F-A20C-58FFF42F31AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9793FCFC-1FC5-492C-973E-B2AA4086167F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3A0E4D6-44A0-4934-A22A-D42119335FC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A02F5DD8-503B-4E18-BEF8-AD7AAAE7C47D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B8FCC90B-5CAE-49F8-A5FE-354FD3481893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8A287AFF-AEAF-47FB-A2D2-8F2B56ECA7A8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{AA24E7A9-7EDE-46A8-A815-FAEE7AFFF659}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{47453C64-ED6A-40F3-BD3C-48834B70203F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{3B2FBB27-4092-4B9B-94E6-0B427F493B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{42FF2468-0E05-4A6C-9563-FAE7E6517E35}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BCCBFC24-F941-4A26-892A-1A0D9BB81465}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{814039D2-D9A5-46DD-AEC8-E28F63B94CD8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E578593-A08D-4D6B-BB46-38C977439879}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AA7C6A4-925A-42D4-B203-5166ACF9BD63}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AD9751DC-1387-4474-B15E-1B944D565CB5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{50F41FC0-DD8A-45E6-9563-62F8E297C04B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{64465223-B060-4B3A-A4CC-2DD80071E511}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F2ECEB75-552B-42E5-8E41-1064C2DFC3CC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{202F81ED-B0F5-4B69-83C0-14BD04CC68CE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{59D9E35E-3977-42AC-A56E-2D01D1B78C7F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{26273E9A-A545-4382-95D9-7D34CD5B8EB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43155AB8-E284-43EA-83EE-5E461A5B576C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1AA8DED2-5885-490A-A493-F8FD7A079865}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{785E8305-1D7A-4094-A42D-5FBFD0638181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A24D72F6-4ED7-4DA4-8973-1BC727B37D65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9060493-1071-4DF4-A653-7CAE0A456711}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1D6B457-BA76-44C8-9FC5-29D80E624DF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CCC29B-00F7-439F-8FBC-579D84143473}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55F60B9F-33DC-4A9D-BF34-E561EAB9FC36}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
26-05-2016 12:21:15 Geplanter Prüfpunkt
02-06-2016 16:37:00 Geplanter Prüfpunkt
10-06-2016 12:02:30 AdBlocker
10-06-2016 19:40:09 JRT Pre-Junkware Removal
10-06-2016 19:44:41 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/11/2016 04:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x1d5c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (06/11/2016 04:08:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhostw.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d756
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000231f7
ID des fehlerhaften Prozesses: 0x1d60
Startzeit der fehlerhaften Anwendung: 0xtaskhostw.exe0
Pfad der fehlerhaften Anwendung: taskhostw.exe1
Pfad des fehlerhaften Moduls: taskhostw.exe2
Berichtskennung: taskhostw.exe3
Vollständiger Name des fehlerhaften Pakets: taskhostw.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: taskhostw.exe5
Error: (06/11/2016 10:57:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ApplicationFrameHost.exe, Version 10.0.10586.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1620
Startzeit: 01d1c3bd8d6265dd
Beendigungszeit: 9
Anwendungspfad: C:\Windows\System32\ApplicationFrameHost.exe
Berichts-ID: 8931b023-2fb2-11e6-bed9-089e01e6ef9a
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (06/11/2016 10:57:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Mandy)
Description: Das Paket „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/10/2016 08:30:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0xbc8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (06/10/2016 08:30:09 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3016) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 206(bf.cxx:22073): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
Error: (06/10/2016 07:44:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (06/10/2016 07:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 10.0.10586.11, Zeitstempel: 0x56457cb1
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x56fa0e13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782c7
ID des fehlerhaften Prozesses: 0x1118
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5
Error: (06/10/2016 07:40:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (06/10/2016 07:27:45 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Mandy)
Description: Die Anwendung oder der Dienst "PDF Architect 3 Creator" konnte nicht neu gestartet werden.
Systemfehler:
=============
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ProductAgentService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CCDMonitorService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Digital Wave Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2016 12:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Launch Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2016-05-15 11:30:38.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-14 16:41:39.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-13 11:20:32.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-05-12 09:25:28.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-15 07:04:59.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-13 16:59:15.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-13 08:39:15.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-23 19:12:40.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-20 13:22:42.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-18 13:12:07.490
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 3976.27 MB
Verfügbarer physikalischer RAM: 2290.91 MB
Summe virtueller Speicher: 4680.27 MB
Verfügbarer virtueller Speicher: 2909.53 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:375.36 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9C6396F5)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
| Themen zu Weiterleitung auf fremde Seite |
| adobe, adobe flash player, bho, bonjour, browser, defender, desktop, download, explorer, flash player, freude, hijack, hijackthis, internet, internet explorer, launch, logfile, microsoft, mozilla, problem, security, senden, software, suche, virus, windows, wmp |
Baum-Darstellung