| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Dropper in C:\Program Files (x86)\WinZipper gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
30.08.2016, 08:15
| #1 |
 |  Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Leider konnte ich Schritt 2 nicht ausführen, da sich bei mir mit Strg + R nur dieses Fenster öffnet: Wenn ich da versuche den Text einzufügen, dann wird nur die erste Zeile eingefügt. Was mache ich falsch? |
|
30.08.2016, 09:59
| #2 | |
| /// TB-Ausbilder   | Win32:Dropper in C:\Program Files (x86)\WinZipper gefundenZitat:
  Dann öffnet sich ein leeres Textdokument und dort fügst du alle Zeilen für den FRST-Fix ein. Du schaffst das  |
|
30.08.2016, 12:56
| #3 |
| | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Ja.... wer lesen kann ist klar im Vorteil
__________________ Vielen Dank für deine schnellen Antworten! Es ist echt toll, was ihr hier ehrenamtlich macht! AdwareCleaner[C2] Code:
ATTFilter # AdwCleaner v6.010 - Bericht erstellt am 30/08/2016 um 08:58:16
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-30.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Martin - LAPTOP-MARTIN
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Program Files (x86)\WinZipper
***** [ Dateien ] *****
[-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
:: Hosts-Datei wiederhergestellt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [22642 Bytes] - [29/08/2016 11:20:48]
C:\AdwCleaner\AdwCleaner[C2].txt - [1264 Bytes] - [30/08/2016 08:58:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1569 Bytes] - [30/08/2016 08:55:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [1642 Bytes] - [30/08/2016 08:57:17]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1557 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.010 - Bericht erstellt am 30/08/2016 um 08:57:17
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-30.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Martin - LAPTOP-MARTIN
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
# Modus: Suchlauf
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\WinZipper
***** [ Dateien ] *****
Datei Gefunden: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: UpdaterTask
Aufgabe Gefunden: AVGPCTuneUp_Task_BkGndMaintenance
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [22642 Bytes] - [29/08/2016 11:20:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1569 Bytes] - [30/08/2016 08:55:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [1490 Bytes] - [30/08/2016 08:57:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1563 Bytes] ##########
Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von Martin (30-08-2016 13:15:02) Run:1
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: []
BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden
Unlock: C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\setup.exe
C:\Program Files (x86)\setup.ini
C:\Users\Martin\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG
Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG
Unlock: C:\ProgramData\cm-lock
Folder: C:\ProgramData\cm-lock
Folder: C:\Program Files (x86)\_SSpm
Folder: C:\Program Files (x86)\zffvjegf
Folder: C:\WINDOWS\SysWOW64\_SSpm
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\ProgramData"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert erfolgreich entfernt
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wert erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => Wert erfolgreich entfernt
"C:\Program Files (x86)\WinZipper" => nicht gefunden.
"C:\Program Files (x86)\WinZipper" => nicht gefunden.
C:\Program Files (x86)\setup.exe => erfolgreich verschoben
C:\Program Files (x86)\setup.ini => erfolgreich verschoben
C:\Users\Martin\AppData\Local\Google\Desktop\Install => erfolgreich verschoben
C:\Program Files (x86)\Google\Desktop\Install => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C847DC-B226-4C5A-A8AB-184E4A601340} => Schlüssel nicht gefunden.
C:\WINDOWS\System32\Tasks\UpdaterTask => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterTask => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8C2E264-6122-426B-B842-15D6E9E9638C} => Schlüssel nicht gefunden.
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => Schlüssel nicht gefunden.
C:\Windows => ":CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8" ADS erfolgreich entfernt.
C:\Windows => ":CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77" ADS erfolgreich entfernt.
C:\Windows => ":CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83" ADS erfolgreich entfernt.
C:\Windows => ":CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302" ADS erfolgreich entfernt.
C:\Windows => ":CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4" ADS erfolgreich entfernt.
C:\Windows => ":CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8" ADS erfolgreich entfernt.
"HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\SOFiCAD-OEMScriptFile" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr" => Schlüssel erfolgreich entfernt
"C:\ProgramData\cm-lock" => nicht gefunden.
========================= Folder: C:\ProgramData\cm-lock ========================
nicht gefunden.
====== Ende von Folder: ======
========================= Folder: C:\Program Files (x86)\_SSpm ========================
2016-08-22 12:34 - 2016-06-21 07:25 - 0000484 _____ () C:\Program Files (x86)\_SSpm\39.json
2016-08-22 12:34 - 2016-08-18 10:10 - 0813796 _____ () C:\Program Files (x86)\_SSpm\DataBase
2016-08-22 12:34 - 2014-08-12 18:00 - 0131640 _____ (Tencent Inc.) C:\Program Files (x86)\_SSpm\QQBrowser.exe
2016-08-22 12:34 - 2016-07-06 08:33 - 0100864 _____ (Skytech) C:\Program Files (x86)\_SSpm\QQBrowserFrame.dll
2016-08-22 12:34 - 2016-08-22 08:13 - 0355608 _____ () C:\Program Files (x86)\_SSpm\saber.exe
2016-08-22 12:34 - 2016-06-08 10:22 - 0085504 _____ () C:\Program Files (x86)\_SSpm\UnEverything.exe
2016-08-23 07:45 - 2016-08-23 05:43 - 0160304 _____ () C:\Program Files (x86)\_SSpm\winzipper.exe
2016-08-22 12:34 - 2016-08-18 10:04 - 0541416 _____ (WFini LIMITED) C:\Program Files (x86)\_SSpm\wpm.exe
====== Ende von Folder: ======
========================= Folder: C:\Program Files (x86)\zffvjegf ========================
====== Ende von Folder: ======
========================= Folder: C:\WINDOWS\SysWOW64\_SSpm ========================
2016-06-21 13:25 - 2016-06-21 13:25 - 0000484 _____ () C:\WINDOWS\SysWOW64\_SSpm\39.json
2016-07-06 14:10 - 2016-07-06 14:10 - 0816132 _____ () C:\WINDOWS\SysWOW64\_SSpm\DataBase
2016-08-08 11:11 - 2016-08-08 11:11 - 0275672 _____ () C:\WINDOWS\SysWOW64\_SSpm\qks.exe
2014-08-13 00:00 - 2014-08-13 00:00 - 0131640 _____ (Tencent Inc.) C:\WINDOWS\SysWOW64\_SSpm\QQBrowser.exe
2016-07-06 14:33 - 2016-07-06 14:33 - 0100864 _____ (Skytech) C:\WINDOWS\SysWOW64\_SSpm\QQBrowserFrame.dll
2016-06-08 16:22 - 2016-06-08 16:22 - 0085504 _____ () C:\WINDOWS\SysWOW64\_SSpm\UnEverything.exe
====== Ende von Folder: ======
========= dir "C:\Program Files (x86)" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CC6E-7394
Verzeichnis von C:\Program Files (x86)
30.08.2016 13:15 <DIR> .
30.08.2016 13:15 <DIR> ..
16.01.2016 21:48 <DIR> Adobe
08.07.2014 23:02 <DIR> Adobe Download Assistant
15.11.2012 02:52 <DIR> AMD APP
12.11.2013 15:36 <DIR> ANNO 1404 - K”nigsedition
14.07.2014 15:54 <DIR> Anno 1701
26.03.2016 13:37 <DIR> ATI Technologies
21.10.2013 17:37 <DIR> Autodesk
22.05.2016 15:07 <DIR> AVG
03.02.2016 14:59 <DIR> AX88772C
15.11.2012 02:57 <DIR> Bonjour
28.06.2016 08:42 <DIR> c9ikp9in
26.08.2016 08:43 <DIR> CLIQZ
12.05.2016 09:01 <DIR> CodeMeter
29.08.2016 11:19 <DIR> Common Files
31.08.2012 23:03 <DIR> Connected Music powered by Universal Music Group
18.08.2013 20:21 <DIR> CyberLink
06.12.2015 19:09 <DIR> Deep Silver
24.08.2016 00:34 <DIR> Drecuied
24.08.2016 09:03 <DIR> Dropbox
03.04.2015 16:33 <DIR> DVDVideoSoft
03.04.2015 16:33 <DIR> Free Codec Pack
05.12.2015 18:05 <DIR> Free mp3 Wma Converter
22.05.2013 14:38 <DIR> GameSpy Arcade
20.05.2016 22:42 <DIR> Ghokaphlbeward
20.08.2016 08:46 <DIR> Google
11.04.2015 13:42 <DIR> Gothic II Gold
04.07.2014 17:05 <DIR> Handbuch und FAQ
29.03.2016 09:45 <DIR> Hewlett-Packard
27.10.2013 11:55 <DIR> HP
31.08.2012 23:03 <DIR> HPConnectedMusic
26.03.2016 15:40 <DIR> Intel
10.08.2016 17:11 <DIR> Internet Explorer
13.10.2015 16:43 <DIR> Java
29.08.2016 11:18 <DIR> Lavasoft
29.08.2015 18:53 <DIR> licenses
18.01.2013 14:16 <DIR> MainConcept
26.09.2013 10:36 <DIR> Maxis
24.02.2013 11:49 <DIR> MEDION
24.02.2013 11:50 <DIR> Memeo
19.01.2013 11:33 <DIR> Microsoft Analysis Services
09.01.2016 13:06 <DIR> Microsoft Games
19.01.2013 11:37 <DIR> Microsoft Office
18.04.2016 12:45 <DIR> Microsoft SDKs
26.06.2016 01:48 <DIR> Microsoft Silverlight
18.04.2016 12:45 <DIR> Microsoft SQL Server
19.01.2013 11:37 <DIR> Microsoft SQL Server Compact Edition
19.01.2013 11:37 <DIR> Microsoft Sync Framework
19.01.2013 11:37 <DIR> Microsoft Synchronization Services
19.01.2013 11:35 <DIR> Microsoft Visual Studio 8
26.03.2016 13:24 <DIR> Microsoft.NET
26.03.2016 13:37 <DIR> MSBuild
27.06.2016 12:42 <DIR> nc0gtqtf
03.04.2015 17:17 <DIR> Nero
06.12.2015 19:26 <DIR> NVIDIA Corporation
17.01.2013 15:23 <DIR> Online Services
29.08.2015 18:55 <DIR> OpenOffice 4
13.08.2014 10:29 154.565.521 openoffice1.cab
13.08.2014 10:27 2.314.240 openoffice411.msi
08.09.2013 12:31 <DIR> PiranhaBytes
12.11.2014 12:35 <DIR> Pontifex Demo
29.08.2015 18:53 <DIR> readmes
15.11.2012 02:56 <DIR> Realtek
29.08.2015 18:53 <DIR> redist
26.03.2016 12:58 <DIR> Reference Assemblies
26.09.2013 10:34 <DIR> SimCity 4 Deluxe
18.04.2016 14:19 <DIR> SOFiSTiK
07.04.2016 10:36 <DIR> Software Treiber SkyStar
12.04.2016 15:24 <DIR> Star Wars Battlefront II
15.11.2012 03:20 <DIR> SymSilent
21.04.2014 19:55 <DIR> TeamSpeak 3 Client
29.03.2016 09:45 <DIR> TechniSat DVB
10.05.2013 18:49 <DIR> Ubi Soft
16.04.2016 18:13 <DIR> Ubisoft
08.10.2014 18:34 <DIR> VideoLAN
11.06.2014 14:35 <DIR> Wecker6
13.07.2016 08:58 <DIR> Windows Defender
31.08.2012 23:00 <DIR> Windows Live
13.07.2016 08:58 <DIR> Windows Mail
13.02.2016 18:58 <DIR> Windows Media Player
26.03.2016 21:04 <DIR> Windows Multimedia Platform
30.10.2015 09:24 <DIR> Windows NT
13.07.2016 08:58 <DIR> Windows Photo Viewer
26.03.2016 21:04 <DIR> Windows Portable Devices
24.12.2014 17:06 <DIR> Worms 4 Mayhem
12.02.2013 17:23 <DIR> YOUTUBE Downloader
01.08.2016 10:42 <DIR> zffvjegf
29.08.2016 13:36 <DIR> _SSpm
2 Datei(en), 156.879.761 Bytes
87 Verzeichnis(se), 147.889.700.864 Bytes frei
========= Ende von CMD: =========
========= dir "C:\ProgramData" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CC6E-7394
Verzeichnis von C:\ProgramData
16.01.2016 21:48 <DIR> Adobe
15.11.2012 02:57 <DIR> Apple
26.03.2016 15:22 <DIR> Application Data
26.03.2016 18:08 <DIR> ATI
18.04.2016 17:16 <DIR> Autodesk
15.03.2016 14:12 <DIR> AVAST Software
22.05.2016 15:07 <DIR> Avg
18.01.2013 14:32 <DIR> CMUV
18.04.2016 12:41 <DIR> CodeMeter
30.10.2015 09:24 <DIR> Comms
23.03.2013 16:29 <DIR> CyberLink
13.06.2015 09:25 <DIR> Dropbox
18.06.2016 11:30 <DIR> F-Secure
21.10.2013 18:48 <DIR> FARO
18.04.2016 13:14 <DIR> FLEXnet
04.05.2013 15:33 <DIR> Google
11.05.2016 16:43 <DIR> Hewlett-Packard
15.11.2012 03:09 <DIR> install_clap
15.11.2012 02:54 <DIR> Intel
29.08.2016 11:17 <DIR> Lavasoft
29.08.2016 11:41 <DIR> Malwarebytes
13.06.2015 09:32 <DIR> McAfee
26.08.2013 11:10 <DIR> Media Center Programs
24.08.2016 09:07 <DIR> Microsoft Help
13.02.2016 19:31 <DIR> Microsoft OneDrive
26.03.2016 10:10 <DIR> Nero
19.01.2013 12:28 <DIR> Norton
15.11.2012 03:18 <DIR> NortonInstaller
21.07.2016 10:13 <DIR> Oracle
18.04.2016 15:26 <DIR> Package Cache
29.07.2014 13:09 <DIR> PDF Writer
26.03.2016 13:25 <DIR> PRICache
15.11.2012 02:57 <DIR> Ralink Driver
13.02.2016 19:12 <DIR> regid.1991-06.com.microsoft
20.06.2016 11:50 <DIR> Skype
29.04.2016 18:22 <DIR> SoftwareDistribution
26.09.2013 16:45 <DIR> Solidshield
21.10.2013 18:18 <DIR> Sun
15.11.2012 03:30 <DIR> Synaptics
26.08.2013 10:48 <DIR> Tages
18.01.2013 14:16 <DIR> Technisat
15.11.2012 03:14 <DIR> Temp
13.02.2016 19:26 <DIR> USOPrivate
13.02.2016 19:26 <DIR> USOShared
30.06.2016 12:47 <DIR> W
05.05.2013 12:27 <DIR> {9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
0 Datei(en), 0 Bytes
46 Verzeichnis(se), 147.889.696.768 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 583648 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13150391 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2614108685 B
Edge => 71975986 B
Chrome => 749582 B
Firefox => 11443176 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 9777 B
LocalService => 7309528 B
NetworkService => 15876 B
Martin => 2830533315 B
RecycleBin => 24592564588 B
EmptyTemp: => 28.1 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 13:22:40 ====
Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von Martin (30-08-2016 13:36:03)
Gestartet von C:\Users\Martin\Desktop
Start-Modus: Normal
================== Registry-Suche: "iSafe;winziper;qksee;Legpat;Uncheckit;Browser-Security;DriverCure;Elex-tech;ParetoLogic;Solvusoft;web companion;BandwidthStat;ChelfNotify;WaNetworkEnhance;PC Speed Maximizer;Wajam;QQBrowser;SoftUpgrade;TXQQBrowser;WinSaber;SoEasySvc;mindspark" ===========
===================== Suchergebnis für "iSafe" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
""="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
""="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
""="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
""="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
""="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4}]
""="ISafeSaveHandleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
""="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
""="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
""="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B}]
""="ISafeSaveHandleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
""="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
""="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
""="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
""="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
""="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
""="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
""="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}]
""="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
""="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
""="ISafeReportItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
""="ISafeMailItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
""="ISafeContactItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
""="ISafeMAPIFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
""="ISafeAppointmentItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4}]
""="ISafeSaveHandleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
""="ISafeRecipient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
""="ISafePostItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
""="ISafeInspector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B}]
""="ISafeSaveHandleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
""="ISafeRecipients"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
""="ISafeTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
""="ISafeCurrentUser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
""="ISafeItems"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
""="_ISafeItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
""="ISafeJournalItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
""="ISafeDistList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7919641-3978-4668-8388-7310329C800E}]
""="ISafeMeetingItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
""="ISafeTaskItem"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iSafeTray.exe"="0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058350000000000000200000002000000"
===================== Suchergebnis für "winziper" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd987501f7d0"="
C:\Users\Martin\AppData\Roaming\WinZiper\update\wzp_update_v2.2.1.exe
>tools\unck.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd98755ef4b7"="
C:\Users\Martin\AppData\Roaming\WinZiper\update\wzp_update_v2.2.25.exe
>tools\chr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip]
"DisplayIcon"="C:\Program Files (x86)\WinZipper\winziper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper]
"svc"="winzipersvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper]
"softuid"="Global\Winziper{78CA2E40-5C38-48EE-BB7F-599F29A6A13A}Winziper"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"="0x5341435001000000000000000700000028000000786A11004497110001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000064190000000000000100000001000000"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\WinZipper\winziper.exe"="0x534143500100000000000000070000002800000098BE15003F9A160001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CF7A0300000000000900000009000000"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WinZipper\winziper.exe.FriendlyAppName"="Winziper application"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WinZipper\winziper.exe.ApplicationCompany"="Winziper Pvt Ltd."
===================== Suchergebnis für "qksee" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\PUB-Removed]
"1d1fd23c42f7e53"="
C:\Program Files (x86)\qksee\qkdup.exe"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\qksee\qkseeSvc.exe"="0x5341435001000000000000000700000028000000009E0B000000000001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007C080000000000000100000001000000"
===================== Suchergebnis für "Legpat" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat]
"path"="C:\Program Files (x86)\Legpat\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat]
"publicdirectroy_dump"="C:\Program Files (x86)\Legpat\Reports\Dump"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-HideIconsCommand""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-ReinstallCommand""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-ShowIconsCommand""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\shell\open\command]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Legpat]
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\34db7675_0]
""="{2}.\\?\hdaudio#func_01&ven_8086&dev_2806&subsys_80860101&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\intcdaudtopo_2_48_24_d0/00010001
\Device\HarddiskVolume4\Program Files (x86)\Legpat\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Legpat\Application\chrome.exe"="0x534143500100000000000000070000002800000098BF0F008C85100001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000D1B82801000000003D0000003D000000"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ftp\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ftp\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\http\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\http\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\https\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\https\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\irc\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\irc\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\mms\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\mms\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\news\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\news\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\nntp\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\nntp\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\sms\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\sms\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\smsto\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\smsto\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\urn\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\urn\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""
===================== Suchergebnis für "Uncheckit" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1c8d34bd520cf"="
C:\Program Files (x86)\Uncheckit\InjectEx.dll"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Uncheckit\UncheckitHelper.exe"="0x5341435001000000000000000700000028000000000707007A7E070001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000086090000000000000300000003000000"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Uncheckit\cktSvc.exe"="0x5341435001000000000000000700000028000000002F0400FD12050001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D3040000000000000100000001000000"
===================== Suchergebnis für "Elex-tech" ==========
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058350000000000000200000002000000"
===================== Suchergebnis für "ParetoLogic" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
""="C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1"
===================== Suchergebnis für "web companion" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}]
"DisplayName"="Web Companion"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}]
"DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}]
"UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall"
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC]
"73"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
"
===================== Suchergebnis für "BandwidthStat" ==========
[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Martin\AppData\Roaming\BandwidthStat\bandwidthstat.exe"="0x5341435001000000000000000700000028000000007C33000000000001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000049010000000000000100000001000000"
===================== Suchergebnis für "WinSaber" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd92f82071ae"="
C:\Program Files (x86)\WinSaber\WinSaber.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc]
"svcpath"="C:\Program Files (x86)\WinSaber\"
===================== Suchergebnis für "SoEasySvc" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd90f045472d"="
C:\Program Files (x86)\SoEasySvc\SoEasySvc.exe"
====== Ende von Suche ======
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von Martin (30-08-2016 13:50:08)
Gestartet von C:\Users\Martin\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled)
Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled)
Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk)
AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH)
cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version: - ) <==== ACHTUNG
CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - )
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - )
Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood)
GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version: - Chronic Logic LLC)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG)
SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden
SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden
SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG)
SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden
SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG)
SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG
Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II"
Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software)
Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/
ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2011-09-16 01:16 - 2011-09-16 01:16 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-30 13:14 - 2016-08-30 13:14 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083000\algo.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-08-18 20:22 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-18 20:22 - 2013-01-27 16:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-08-18 20:22 - 2012-09-25 10:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-08-18 20:22 - 2013-01-27 16:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-24 09:02 - 2016-07-12 04:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-24 09:02 - 2016-07-12 04:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-24 09:02 - 2016-07-12 04:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-24 09:02 - 2016-07-12 04:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-24 09:02 - 2016-08-24 01:17 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-24 09:02 - 2016-08-24 01:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-24 09:02 - 2016-08-24 01:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-24 09:02 - 2016-08-24 01:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2011-09-16 01:17 - 2011-09-16 01:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-09-16 01:17 - 2011-09-16 01:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2011-09-16 01:18 - 2011-09-16 01:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
2010-04-05 20:52 - 2010-04-05 20:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2010-04-05 20:52 - 2010-04-05 20:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll
2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2012-07-26 07:26 - 2016-08-30 08:58 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg
DNS Servers: 10.156.33.53 - 129.187.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe
FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe
FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe
FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Wiederherstellungspunkte =========================
10-08-2016 09:32:46 Geplanter Prüfpunkt
19-08-2016 10:38:33 Geplanter Prüfpunkt
24-08-2016 09:01:40 Windows Update
29-08-2016 13:51:10 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/30/2016 11:58:36 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (08/30/2016 11:58:21 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (08/30/2016 08:59:48 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (08/30/2016 07:48:06 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (08/30/2016 07:47:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.
Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1207968
Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1207968
Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/29/2016 04:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2500
Error: (08/29/2016 04:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2500
Systemfehler:
=============
Error: (08/30/2016 01:24:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (08/30/2016 01:24:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.
Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/30/2016 01:21:20 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (08/30/2016 01:21:18 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (08/30/2016 01:21:16 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (08/30/2016 01:21:14 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
CodeIntegrity:
===================================
Date: 2016-08-29 11:40:30.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:40:30.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:40:30.019
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:40:29.956
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:40:26.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:40:26.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:39:52.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:39:52.758
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:39:49.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-29 11:39:49.334
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8084.27 MB
Verfügbarer physikalischer RAM: 5579.82 MB
Summe virtueller Speicher: 9364.27 MB
Verfügbarer virtueller Speicher: 6971.23 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:448.21 GB) (Free:166.01 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
30.08.2016, 12:57
| #4 |
| | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (30-08-2016 13:49:37)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Christoph Bünger Software) C:\Program Files (x86)\Wecker6\Wecker.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Mozilla Corporation) C:\Program Files (x86)\CLIQZ\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-08-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-08-29]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2016-08-29]
ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1
Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04]
FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z
CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-08-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] ()
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] ()
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-08-30 13:36 - 2016-08-30 13:36 - 00018538 _____ C:\Users\Martin\Desktop\SearchReg.txt
2016-08-30 13:23 - 2016-08-30 13:32 - 00000004 ____H C:\ProgramData\cm-lock
2016-08-30 13:15 - 2016-08-30 13:22 - 00017204 _____ C:\Users\Martin\Desktop\Fixlog.txt
2016-08-30 09:07 - 2016-08-30 08:58 - 00001636 _____ C:\Users\Martin\Desktop\AdwCleaner[C2].txt
2016-08-30 09:07 - 2016-08-30 08:57 - 00001642 _____ C:\Users\Martin\Desktop\AdwCleaner[S2].txt
2016-08-29 20:26 - 2016-08-29 20:26 - 00000878 _____ C:\Users\Martin\Desktop\Wohnheim.lnk
2016-08-29 20:26 - 2016-08-29 20:26 - 00000823 _____ C:\Users\Martin\Desktop\Uni.lnk
2016-08-29 14:31 - 2016-08-30 12:02 - 00000000 ____D C:\Users\Martin\Desktop\Bereinigung
2016-08-29 14:05 - 2016-08-29 14:05 - 00067071 _____ C:\Users\Martin\Desktop\FRST2.txt
2016-08-29 14:05 - 2016-08-29 14:05 - 00055015 _____ C:\Users\Martin\Desktop\Addition2.txt
2016-08-29 14:00 - 2016-08-30 12:05 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2016-08-29 13:57 - 2016-08-29 13:57 - 00004681 _____ C:\Users\Martin\Desktop\JRT.txt
2016-08-29 13:50 - 2016-08-29 13:50 - 01610560 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe
2016-08-29 13:50 - 2016-08-29 13:50 - 00001205 _____ C:\Users\Martin\Desktop\mbam.txt
2016-08-29 11:42 - 2016-08-29 13:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 11:41 - 2016-08-29 13:43 - 00000738 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ Malwarebytes Anti-Malware
2016-08-29 11:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-29 11:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-29 11:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-29 11:37 - 2016-08-29 11:37 - 22851472 _____ (Malwarebytes ) C:\Users\Martin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-29 11:34 - 2016-08-29 11:20 - 00022642 _____ C:\Users\Martin\Desktop\AdwCleaner[C0].txt
2016-08-29 11:06 - 2016-08-30 08:58 - 00000000 ____D C:\AdwCleaner
2016-08-29 11:05 - 2016-08-29 11:05 - 03826240 _____ C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
2016-08-28 16:41 - 2016-08-28 16:52 - 00097628 _____ C:\Users\Martin\Desktop\TDSSKiller.3.1.0.11_28.08.2016_16.41.53_log.txt
2016-08-28 16:35 - 2016-08-30 13:42 - 00064027 _____ C:\Users\Martin\Desktop\Addition.txt
2016-08-28 16:33 - 2016-08-30 13:49 - 00033040 _____ C:\Users\Martin\Desktop\FRST.txt
2016-08-28 16:32 - 2016-08-30 13:49 - 00000000 ____D C:\FRST
2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe
2016-08-28 16:31 - 2016-08-30 12:05 - 02397696 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html
2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 09:39 - 2016-08-29 13:36 - 00000000 ____D C:\Program Files (x86)\_SSpm
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html
2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1
2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:54 - 2016-08-29 13:43 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-29 13:43 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ
2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ
2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ
2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html
2016-08-07 11:50 - 2016-08-30 13:16 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys
2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS
2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS
2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip
2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf
2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls
2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html
2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html
2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-08-30 13:46 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity
2016-08-30 13:46 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity
2016-08-30 13:46 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity
2016-08-30 13:33 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2016-08-30 13:29 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox
2016-08-30 13:27 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-30 13:24 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-30 13:24 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity
2016-08-30 13:24 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity
2016-08-30 13:24 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity
2016-08-30 13:24 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles
2016-08-30 13:23 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 13:23 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 13:23 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 13:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-30 12:09 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien
2016-08-30 12:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-30 11:58 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai
2016-08-30 10:11 - 2016-05-12 12:00 - 00000000 ____D C:\Users\Martin\Documents\Wohnheim
2016-08-30 08:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-29 13:43 - 2016-04-18 16:17 - 00002048 _____ C:\Users\Public\Desktop\Revit 2016.lnk
2016-08-29 13:43 - 2016-04-18 14:22 - 00002433 _____ C:\Users\Public\Desktop\SOFiCAD-OEM 2014.lnk
2016-08-29 13:43 - 2016-04-18 14:19 - 00002027 _____ C:\Users\Public\Desktop\SOFiSTiK Sonar.lnk
2016-08-29 13:43 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-29 13:43 - 2016-03-26 13:33 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-29 13:43 - 2016-03-15 14:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-29 13:43 - 2016-03-15 14:16 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-29 13:43 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-29 13:43 - 2016-01-16 21:48 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-29 13:43 - 2015-08-29 18:56 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2016-08-29 13:43 - 2015-04-03 17:17 - 00002913 _____ C:\Users\Public\Desktop\Nero 2015.lnk
2016-08-29 13:43 - 2015-04-03 16:33 - 00001532 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2016-08-29 13:43 - 2014-12-29 13:39 - 00001968 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-29 13:43 - 2014-07-21 13:54 - 00000662 _____ C:\Users\Public\Desktop\Cremer Commander.lnk
2016-08-29 13:43 - 2014-07-08 23:02 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-08-29 13:43 - 2014-04-21 19:55 - 00001162 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-08-29 13:43 - 2014-04-20 10:58 - 00000960 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-08-29 13:43 - 2014-01-23 23:58 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013b.lnk
2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card.lnk
2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card (2).lnk
2016-08-29 13:43 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-29 13:43 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-29 13:43 - 2013-02-24 11:50 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
2016-08-29 13:43 - 2013-02-24 11:50 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk
2016-08-29 13:43 - 2013-01-20 16:55 - 00001191 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2.lnk
2016-08-29 13:43 - 2013-01-18 14:11 - 00000291 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2016-08-29 13:43 - 2013-01-17 18:30 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
2016-08-29 13:43 - 2013-01-17 18:30 - 00001251 _____ C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk
2016-08-29 13:43 - 2012-11-15 03:08 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
2016-08-29 13:43 - 2012-08-31 22:59 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-08-29 13:43 - 2012-08-31 22:59 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-08-29 13:43 - 2012-08-31 22:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-08-29 13:42 - 2016-04-18 16:27 - 00002003 _____ C:\Users\Martin\Desktop\Autodesk Revit 2016 jetzt installieren.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001314 _____ C:\Users\Martin\Desktop\Easy Audio Cutter.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001298 _____ C:\Users\Martin\Desktop\Free CD Ripper.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001296 _____ C:\Users\Martin\Desktop\Free Mp3 Wma Converter.lnk
2016-08-29 13:42 - 2014-06-11 14:35 - 00001798 _____ C:\Users\Martin\Desktop\Wecker für Windows.lnk
2016-08-29 13:42 - 2013-12-23 17:35 - 00001299 _____ C:\Users\Martin\Desktop\Dropbox.lnk
2016-08-29 13:42 - 2013-08-08 20:10 - 00002265 _____ C:\Users\Martin\Desktop\Carcasonne - Verknüpfung.lnk
2016-08-29 13:39 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-29 11:20 - 2015-05-13 10:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-29 11:19 - 2016-05-26 14:04 - 00000000 ____D C:\WINDOWS\system32\log
2016-08-29 11:18 - 2015-12-04 12:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-08-29 11:17 - 2015-12-04 12:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Lavasoft
2016-08-29 11:17 - 2015-12-04 12:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin
2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm
2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied
2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive
2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni
2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2
2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab
2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi
2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS
2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part
2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-30 13:23 - 2016-08-30 13:32 - 0000004 ____H () C:\ProgramData\cm-lock
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-08-24 09:30
==================== Ende von FRST.txt ============================
|
|
30.08.2016, 13:21
| #5 |
| /// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Servus, gut gemacht  , aber du musst lernen, noch genauer zu lesen. Die "Chrome Einstellungen" hast du bei AdwCleaner wieder nicht gesetzt gehabt...  Dann machen wir das halt anders... wir entfernen die letzten Reste und kontrollieren nochmal alles.  Zuerst bitte Chrome zurücksetzen: Setze Google Chrome nach dieser Anleitung zurück. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\WINDOWS\SysWOW64\_SSpm
C:\Program Files (x86)\_SSpm
C:\Program Files (x86)\zffvjegf
C:\Program Files (x86)\c9ikp9in
C:\Program Files (x86)\nc0gtqtf
CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z
CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> nice
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54C3021D-55CA-44E8-899F-C102D92DD517}" /s
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54C3021D-55CA-44E8-899F-C102D92DD517}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat
File: C:\ProgramData\cm-lock
CMD: type "C:\ProgramData\cm-lock"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
 Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
30.08.2016, 14:17
| #6 |
| | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden Mir kam das beim ersten Mal schon komisch vor, aber dieses mal bin ich mir ganz sicher, dass der Haken gesetzt war. Trotzdem bin ich gerade dabei deinen neuen Anweisungen zu Folgen. Vielen Dank! |
|
30.08.2016, 19:48
| #7 |
| /// TB-Ausbilder | Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden "Chrome Richtlinien" waren gesetzt, die "Chrome Einstellungen" allerdings nicht. Habs bei mir selbst getestet. Wenn richtig gesetzt, wird das auch in der Logdatei angezeigt. Aber macht ja nichts. |
|
| Themen zu Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden |
| aktion, avast, bedrohung, dropper, entferne, entfernen, festgestellt, files, hoffe, konnte, löschen, maleware, manuell, ordner, schwere, suche, troja, trojaner, unterstützt, versucht, viren, weiterhelfen, win, win 32, win32, windows, überprüfung |
und 
und speichere die Logdatei auf Deinem Desktop.
Hybrid-Darstellung
