| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Phishing-Mail Link geklickt. Daten rettenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2017, 18:08
| #1 | |||
 |  Phishing-Mail Link geklickt. Daten retten Erstmal hallo an alle hier, ich habe momentan vielleicht ein Problem. Kurz gefasst, ich habe auf einen Link in einer E-mail geklickt und es öffnete sich zwar ein Fenster, aber mein Antivirusprogramm hat nichts angezeigt. Ich vermute, dass ich jetzt trotzdem infiziert bin. Darauf habe ich von einem anderen Laptop aus erstmal alle Passwörter geändert und in dem infizierten Laptop ganzen Cache, Chookies, Verlauf etc. in dem Browser gelöscht. Anschließend habe ich Malewarebytes Antimaleware (MAM) und OTL scannen lassen. Generell hätte ich jetzt kein Problem, meinen Laptop zu formatieren, würde aber lieber vorher paar Daten retten wollen. Zum Glück habe ich das meiste auf einer externen Festplatte, aber die neusten wichtigen Daten noch nicht. Da ich kein PC-Experte bin wollte ich fragen, ob es möglich ist die restlichen Daten zu sichern? Ich wäre euch sehr dankbar für hilfreiche Tipps und Möglichkeiten. mfg. Kohna Hier mein Bericht von der MAM und OTL Zitat:
Zitat:
Zitat:
|
|
23.10.2017, 18:45
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Phishing-Mail Link geklickt. Daten retten Hi,
__________________OTL ist zwar obsolet, sieht aber unkritisch aus. Selbiges gilt für Deine Fallbeschreibung. Hast Du die Email noch?
__________________ |
|
23.10.2017, 18:45
| #3 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten Hi,
__________________OTL ist zwar obsolet, sieht aber unkritisch aus. Selbiges gilt für Deine Fallbeschreibung. Hast Du die Email noch?
__________________ |
|
23.10.2017, 18:57
| #4 | |
| | Phishing-Mail Link geklickt. Daten rettenZitat:
Nach dem klicken auf den Link kam auf der Seite ein Satz in deutsch und anderen verschiedenen Sprachen und deren Flaggen dazu links. |
|
23.10.2017, 19:24
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten Willst Du unbedingt formatieren oder sollen wir schauen ob der PC sauber ist. Mit großer Wahrscheinlichkeit ist er das nämlich....
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.10.2017, 19:28
| #6 | |
| | Phishing-Mail Link geklickt. Daten rettenZitat:
 |
|
24.10.2017, 06:45
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten OK... Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.10.2017, 06:45
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten OK... Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.10.2017, 16:37
| #9 |
| | Phishing-Mail Link geklickt. Daten rettenCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (Administrator) auf SARBAT-PC (24-10-2017 17:12:04)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Geladene Profile: UpdatusUser & SARBAT & (Verfügbare Profile: UpdatusUser & SARBAT)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera_crashreporter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181006044\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181007058\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008103\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6D6AFF5B-072D-4B6C-929A-C21954DB165D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {22F81F80-1D65-452A-8EC3-762CB85B3173} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Keine Datei
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Keine Datei
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default [2017-10-21]
FF Homepage: Mozilla\Firefox\Profiles\F5yPghi0.default -> www1.online/?w=RD9898
FF Extension: (Avira Browserschutz) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\abs@avira.com.xpi [2017-10-21]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-10-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-03-10] [ist nicht signiert]
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\SARBAT\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-10-05]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1525240 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-10-17] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [421944 2016-12-29] (NVIDIA Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-12] () [Datei ist nicht signiert]
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-17] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153664 2017-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-24] (Malwarebytes)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [42936 2017-01-25] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-24 17:11 - 2017-10-24 17:12 - 000000000 ____D C:\FRST
2017-10-24 17:08 - 2017-10-24 17:10 - 001799680 _____ (Farbar) C:\Users\SARBAT\Desktop\FRST.exe
2017-10-23 18:59 - 2017-10-23 18:59 - 000063118 _____ C:\Users\SARBAT\Desktop\Extras.Txt
2017-10-23 18:57 - 2017-10-23 18:57 - 000095248 _____ C:\Users\SARBAT\Desktop\OTL.Txt
2017-10-23 18:35 - 2017-10-23 18:35 - 000602112 _____ (OldTimer Tools) C:\Users\SARBAT\Desktop\OTL.exe
2017-10-23 18:35 - 2017-10-23 18:35 - 000002747 _____ C:\Users\SARBAT\Desktop\MAM-Bericht.txt
2017-10-23 18:11 - 2017-10-23 18:11 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 17:48 - 2017-10-24 17:08 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-23 17:48 - 2017-10-23 18:11 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-23 17:47 - 2017-10-23 17:47 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-23 17:47 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-23 17:36 - 2017-10-23 17:45 - 071535032 _____ (Malwarebytes ) C:\Users\SARBAT\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-23 16:54 - 2017-10-23 17:26 - 000000000 ____D C:\Users\SARBAT\Desktop\Neuer Ordner
2017-10-23 00:29 - 2017-10-23 00:29 - 000001082 _____ C:\Users\Public\Desktop\Avira.lnk
2017-10-19 20:46 - 2017-10-19 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-17 17:48 - 2017-10-17 17:48 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-10-17 17:48 - 2017-10-17 17:48 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-10-15 16:42 - 2017-10-15 16:42 - 001115458 _____ C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
2017-10-12 14:02 - 2017-10-12 14:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-11 18:14 - 2017-09-13 17:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-11 18:14 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-11 18:14 - 2017-09-13 16:53 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-11 18:14 - 2017-09-13 16:50 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-11 18:14 - 2017-09-13 16:48 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-11 18:14 - 2017-09-13 16:46 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-11 18:14 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-11 18:14 - 2017-09-08 17:14 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-11 18:14 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-11 18:14 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-11 18:14 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-11 18:14 - 2017-09-08 16:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-11 18:14 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-10-11 18:14 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-11 18:14 - 2017-09-07 21:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-11 18:14 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-11 18:14 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-11 18:14 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-11 18:14 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-11 18:14 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-11 18:14 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-11 18:14 - 2017-09-07 20:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-11 18:14 - 2017-09-07 20:52 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-11 18:14 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-11 18:14 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-11 18:14 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-11 18:14 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-11 18:14 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-11 18:14 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-11 18:14 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-11 18:14 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-11 18:14 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-11 18:14 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-11 18:14 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-11 18:14 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-11 18:14 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-11 18:14 - 2017-09-07 16:48 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-11 18:14 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-11 18:14 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-11 18:14 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-11 18:14 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-11 18:14 - 2017-08-14 19:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-11 18:14 - 2017-08-13 23:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:03 - 2016-09-30 23:05 - 000001202 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-23 21:02 - 2016-09-30 23:05 - 000001198 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-23 20:35 - 2016-09-30 23:14 - 000000000 ___RD C:\Users\SARBAT\Dropbox
2017-10-23 18:10 - 2016-12-31 11:41 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater
2017-10-23 18:08 - 2010-08-09 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-23 18:08 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-23 16:46 - 2017-02-05 17:53 - 000001277 _____ C:\Users\SARBAT\Desktop\Opera Tabs.txt
2017-10-23 15:03 - 2016-09-04 22:47 - 000000000 ____D C:\Program Files\Opera
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-22 18:07 - 2017-07-09 11:56 - 000001245 _____ C:\Users\SARBAT\Desktop\nativelog.txt
2017-10-22 00:27 - 2017-02-07 12:52 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\.minecraft
2017-10-21 16:32 - 2017-02-18 18:53 - 000000000 ____D C:\Users\SARBAT\AppData\Local\CrashDumps
2017-10-21 03:27 - 2016-11-20 14:15 - 000000000 ____D C:\Users\SARBAT\AppData\LocalLow\Mozilla
2017-10-19 20:46 - 2016-09-30 23:05 - 000000000 ____D C:\Program Files\Dropbox
2017-10-16 19:13 - 2016-09-06 11:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-10-16 19:13 - 2016-09-06 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-16 19:13 - 2010-08-09 14:01 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-13 13:53 - 2010-07-06 22:23 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-13 13:53 - 2010-05-12 15:13 - 000699342 _____ C:\Windows\system32\perfh007.dat
2017-10-13 13:53 - 2010-05-12 15:13 - 000149450 _____ C:\Windows\system32\perfc007.dat
2017-10-13 13:53 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-10-12 20:02 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2017-10-12 18:38 - 2010-08-09 07:02 - 000000000 ____D C:\Users\UpdatusUser
2017-10-12 18:34 - 2009-07-14 06:33 - 000472696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-12 14:13 - 2016-10-23 11:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-12 14:13 - 2016-09-13 11:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-12 14:09 - 2016-09-08 18:14 - 000000000 ____D C:\Windows\system32\MRT
2017-10-12 14:02 - 2010-07-06 23:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-09-27 16:52 - 2017-03-10 21:17 - 000012755 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
2016-09-04 23:19 - 2016-09-04 23:19 - 000000000 ____D () C:\Users\SARBAT\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-21 18:06
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (24-10-2017 17:15:32)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-09-04 20:22:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1733954782-861682868-1594596262-500 - Administrator - Disabled)
Gast (S-1-5-21-1733954782-861682868-1594596262-501 - Limited - Disabled)
SARBAT (S-1-5-21-1733954782-861682868-1594596262-1001 - Administrator - Enabled) => C:\Users\SARBAT
UpdatusUser (S-1-5-21-1733954782-861682868-1594596262-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Avira (HKLM\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
B110 (HKLM\...\{9F9A2D22-7E30-4546-B817-10644FFB9935}) (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CorelDRAW Essentials 4 - Content (HKLM\...\{19AC095C-3520-4999-AA15-93B6D0248A50}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (HKLM\...\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (HKLM\...\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (HKLM\...\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (HKLM\...\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (HKLM\...\{ABD8B955-1C69-4AF3-949B-13CD587C175F}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (HKLM\...\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (HKLM\...\{34A9406E-1994-4C20-AC72-04CFA2B24545}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (HKLM\...\{C682F3F0-00A6-4379-B083-4F3273624D7B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (HKLM\...\{BA9319FE-BCEF-4C99-8039-F464648D046E}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (HKLM\...\{3576C335-958D-4D60-A812-F68F9A2796AF}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (HKLM\...\{5500BB35-1C21-4328-9F16-F894B860FADE}) (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (HKLM\...\{07B62101-7EBD-434A-94B1-B38063BE5516}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (HKLM\...\{9043B9A0-9505-405B-8202-E7167A38A89C}) (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version: - )
Dassault Systemes Software Prerequisites x86 (HKLM\...\{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}) (Version: 8.1.3 - Dassault Systemes)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 18.6 - Thüringer Landesfinanzdirektion)
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x86 de) (HKLM\...\Mozilla Firefox 56.0 (x86 de)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network (HKLM\...\{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
Opera Stable 48.0.2685.50 (HKLM\...\Opera 48.0.2685.50) (Version: 48.0.2685.50 - Opera Software)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_B110_SW_Min (HKLM\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Companion (HKLM\...\{2297ea72-567b-4acb-9bc8-a965250b5b56}) (Version: 3.2.1725.3256 - Lavasoft)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Websuche (HKLM\...\Websuche) (Version: - Websuche)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.40 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {110C67E6-C2B8-4DDC-914B-68B0C4EE83D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {25E89319-E128-4E4F-A434-63B151778D81} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {2E3CE279-534C-4403-9C38-C0C0B43BBB1F} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-18] ()
Task: {3016DA09-BA07-4F74-92E5-B17D226FC984} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {569898AC-90E9-4B42-8E5A-9241C6E672F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {704603C8-C524-4A1E-925C-42D31B199605} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {8C726C72-E741-4DED-81E0-7AB01270973E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {95CCA7F0-8969-4D73-B038-B51F0D9E73F0} - System32\Tasks\{AA520783-31E2-4877-92A1-C73D10E96BA3} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {C72C9538-06E3-4747-A3EB-F26500966247} - System32\Tasks\Opera scheduled Autoupdate 1498217446 => C:\Program Files\Opera\launcher.exe [2017-10-17] (Opera Software)
Task: {DC8F13ED-91DF-4100-AD31-15019320CB28} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2017-10-15] (Avira Operations GmbH & Co. KG)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2010-08-09 14:14 - 2010-02-12 16:20 - 000244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000025704 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000017000 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000036456 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-01-25 20:13 - 2017-01-25 20:13 - 000027576 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-02-07 14:32 - 2016-12-29 15:08 - 000121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 000619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 000013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 000771904 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 001804608 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000154440 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000045888 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-10-19 20:44 - 2017-10-17 17:49 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-05 18:35 - 2017-10-17 17:50 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.DLL
2017-10-19 20:44 - 2017-10-17 17:49 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000545080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000359224 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000038208 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngine.pyd
2012-01-10 22:12 - 2012-01-10 22:12 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000109160 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000110696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000058984 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000312424 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000084072 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2017-10-23 15:03 - 2017-10-23 15:03 - 067069016 _____ () C:\Program Files\Opera\48.0.2685.50\opera_browser.dll
2017-09-21 13:30 - 2017-09-21 13:30 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b5f4a6496e65d431698f64ba7160604\IsdiInterop.ni.dll
2010-08-09 14:36 - 2010-03-04 05:08 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 003113560 _____ () C:\Program Files\Opera\48.0.2685.50\libglesv2.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 000087640 _____ () C:\Program Files\Opera\48.0.2685.50\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\SARBAT\Desktop\Projektmanagement:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{625C91B8-0342-4013-A059-BC58F5ECF94B}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{723B0637-366C-4656-A5FD-0C7A6C8C38EF}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{101694CC-978D-4204-AF2E-84C24C6CE28B}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6460CEE5-80DC-45F7-A37D-865EE6C3110E}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{7DACDA9C-CBCB-4596-8C1B-130D6236D105}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D76C0F1E-888D-4289-BD8A-6210885792BA}] => (Allow) svchost.exe
FirewallRules: [{6699CC78-98F9-4B69-8461-8EDF1654F24B}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0B5B1F51-77F7-49D0-8CE0-7A5D9A5293D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{6D5F4FF9-4102-4440-8FBD-AB939941172C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C91C628F-5C05-4027-AF4F-5C8CF2F81613}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{88734459-98E5-4EBA-AFBD-C6102C401C95}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{DD83B366-C6ED-4B58-8435-0768E81A1FF1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2B149D1F-1C8C-46FD-8DE4-66E6DF7160D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{05916671-9299-46E5-A584-9297D56D0E04}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{10D06981-C45F-4DE5-8D99-9029D0DA5894}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{55CC1B6A-3695-4B99-923E-A0E1843E2430}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB3B3BC1-FF9D-4248-911B-7F72E1C3D3AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{71F39BC3-7F61-4FCC-AAD0-E134E016E307}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C9C499E5-736D-4C19-B3F3-8BD1FF9C1054}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{FC60236F-8CEA-4E2F-A91B-2BE85E5E2C9C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3147CA70-0D03-4D61-B979-D53CD904BB81}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D3741DB1-E99D-492C-8113-28E1BD3626C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CACB9EE4-9A80-45FA-84E2-FEADE1C2D886}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{9D409B5F-E51B-468C-92F3-8959F692E1B7}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{4BD084BC-47E0-4672-A91B-61D760CA3AA5}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [UDP Query User{C9F12131-48AA-4D9E-88FA-3754B59E31D9}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [TCP Query User{28F63C74-5DA3-431B-872F-D1605888B5DE}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [UDP Query User{68C6BB30-61BF-4D95-BC87-FA6F10EE9C6A}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [TCP Query User{1D625DD7-B346-470B-81D8-A5E128CB3CF7}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{9D4F346A-B4CB-45B1-9016-4722820BD821}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [{41A27EBD-B185-4D78-B53C-84F23D654B3E}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe
FirewallRules: [{94EA3DBD-F490-4B7E-857C-BE6BB7DA2BC5}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{9513971E-A24D-4700-B60F-6A625D988B34}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe
==================== Wiederherstellungspunkte =========================
21-10-2017 18:13:48 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/21/2017 04:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 56.0.0.6478, Zeitstempel: 0x59cab8da
Name des fehlerhaften Moduls: xul.dll, Version: 56.0.0.6478, Zeitstempel: 0x59cab8c9
Ausnahmecode: 0x80000003
Fehleroffset: 0x00c47e59
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0x01d34a104438963d
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: ae9a954b-b66c-11e7-9e38-00262dc14cb8
Error: (10/17/2017 05:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Name des fehlerhaften Moduls: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Ausnahmecode: 0x80000003
Fehleroffset: 0x000c2d94
ID des fehlerhaften Prozesses: 0x2138
Startzeit der fehlerhaften Anwendung: 0x01d3475c6283d73b
Pfad der fehlerhaften Anwendung: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Berichtskennung: b32c094c-b34f-11e7-ad35-00262dc14cb8
Error: (10/12/2017 02:19:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (10/09/2017 07:28:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 47.0.2631.80 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9430
Startzeit: 01d33e005acb9b1d
Endzeit: 3855
Anwendungspfad: C:\Program Files\Opera\47.0.2631.80\opera.exe
Berichts-ID: 0b5f2495-ad17-11e7-9fa5-00262dc14cb8
Error: (10/01/2017 03:05:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01834ab3
ID des fehlerhaften Prozesses: 0x6ca8
Startzeit der fehlerhaften Anwendung: 0x01d33a5010828cd6
Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Software Update\HPWUCli.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aeb71540-a644-11e7-9fa5-00262dc14cb8
Systemfehler:
=============
Error: (10/23/2017 06:17:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/23/2017 02:50:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Avira.ServiceHost erreicht.
Error: (10/23/2017 12:21:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (10/23/2017 12:21:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/22/2017 08:16:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/22/2017 08:15:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (10/21/2017 08:11:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/21/2017 08:02:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (10/21/2017 07:59:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/21/2017 07:59:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 89%
Installierter physikalischer RAM: 3253.42 MB
Verfügbarer physikalischer RAM: 357.19 MB
Summe virtueller Speicher: 7405.16 MB
Verfügbarer virtueller Speicher: 677.83 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:447.37 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:1.11 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 075432EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende vom Addition.txt ============================
|
|
24.10.2017, 16:40
| #10 |
| | Phishing-Mail Link geklickt. Daten rettenCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (Administrator) auf SARBAT-PC (24-10-2017 17:12:04)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Geladene Profile: UpdatusUser & SARBAT & (Verfügbare Profile: UpdatusUser & SARBAT)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera_crashreporter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181006044\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181007058\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008103\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6D6AFF5B-072D-4B6C-929A-C21954DB165D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {22F81F80-1D65-452A-8EC3-762CB85B3173} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Keine Datei
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Keine Datei
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default [2017-10-21]
FF Homepage: Mozilla\Firefox\Profiles\F5yPghi0.default -> www1.online/?w=RD9898
FF Extension: (Avira Browserschutz) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\abs@avira.com.xpi [2017-10-21]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-10-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-03-10] [ist nicht signiert]
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\SARBAT\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-10-05]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1525240 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-10-17] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [421944 2016-12-29] (NVIDIA Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-12] () [Datei ist nicht signiert]
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-17] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153664 2017-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-24] (Malwarebytes)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [42936 2017-01-25] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-24 17:11 - 2017-10-24 17:12 - 000000000 ____D C:\FRST
2017-10-24 17:08 - 2017-10-24 17:10 - 001799680 _____ (Farbar) C:\Users\SARBAT\Desktop\FRST.exe
2017-10-23 18:59 - 2017-10-23 18:59 - 000063118 _____ C:\Users\SARBAT\Desktop\Extras.Txt
2017-10-23 18:57 - 2017-10-23 18:57 - 000095248 _____ C:\Users\SARBAT\Desktop\OTL.Txt
2017-10-23 18:35 - 2017-10-23 18:35 - 000602112 _____ (OldTimer Tools) C:\Users\SARBAT\Desktop\OTL.exe
2017-10-23 18:35 - 2017-10-23 18:35 - 000002747 _____ C:\Users\SARBAT\Desktop\MAM-Bericht.txt
2017-10-23 18:11 - 2017-10-23 18:11 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 17:48 - 2017-10-24 17:08 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-23 17:48 - 2017-10-23 18:11 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-23 17:47 - 2017-10-23 17:47 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-23 17:47 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-23 17:36 - 2017-10-23 17:45 - 071535032 _____ (Malwarebytes ) C:\Users\SARBAT\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-23 16:54 - 2017-10-23 17:26 - 000000000 ____D C:\Users\SARBAT\Desktop\Neuer Ordner
2017-10-23 00:29 - 2017-10-23 00:29 - 000001082 _____ C:\Users\Public\Desktop\Avira.lnk
2017-10-19 20:46 - 2017-10-19 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-17 17:48 - 2017-10-17 17:48 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-10-17 17:48 - 2017-10-17 17:48 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-10-15 16:42 - 2017-10-15 16:42 - 001115458 _____ C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
2017-10-12 14:02 - 2017-10-12 14:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-11 18:14 - 2017-09-13 17:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-11 18:14 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-11 18:14 - 2017-09-13 16:53 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-11 18:14 - 2017-09-13 16:50 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-11 18:14 - 2017-09-13 16:48 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-11 18:14 - 2017-09-13 16:46 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-11 18:14 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-11 18:14 - 2017-09-08 17:14 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-11 18:14 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-11 18:14 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-11 18:14 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-11 18:14 - 2017-09-08 16:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-11 18:14 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-10-11 18:14 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-11 18:14 - 2017-09-07 21:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-11 18:14 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-11 18:14 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-11 18:14 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-11 18:14 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-11 18:14 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-11 18:14 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-11 18:14 - 2017-09-07 20:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-11 18:14 - 2017-09-07 20:52 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-11 18:14 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-11 18:14 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-11 18:14 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-11 18:14 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-11 18:14 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-11 18:14 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-11 18:14 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-11 18:14 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-11 18:14 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-11 18:14 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-11 18:14 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-11 18:14 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-11 18:14 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-11 18:14 - 2017-09-07 16:48 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-11 18:14 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-11 18:14 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-11 18:14 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-11 18:14 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-11 18:14 - 2017-08-14 19:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-11 18:14 - 2017-08-13 23:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:03 - 2016-09-30 23:05 - 000001202 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-23 21:02 - 2016-09-30 23:05 - 000001198 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-23 20:35 - 2016-09-30 23:14 - 000000000 ___RD C:\Users\SARBAT\Dropbox
2017-10-23 18:10 - 2016-12-31 11:41 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater
2017-10-23 18:08 - 2010-08-09 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-23 18:08 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-23 16:46 - 2017-02-05 17:53 - 000001277 _____ C:\Users\SARBAT\Desktop\Opera Tabs.txt
2017-10-23 15:03 - 2016-09-04 22:47 - 000000000 ____D C:\Program Files\Opera
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-22 18:07 - 2017-07-09 11:56 - 000001245 _____ C:\Users\SARBAT\Desktop\nativelog.txt
2017-10-22 00:27 - 2017-02-07 12:52 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\.minecraft
2017-10-21 16:32 - 2017-02-18 18:53 - 000000000 ____D C:\Users\SARBAT\AppData\Local\CrashDumps
2017-10-21 03:27 - 2016-11-20 14:15 - 000000000 ____D C:\Users\SARBAT\AppData\LocalLow\Mozilla
2017-10-19 20:46 - 2016-09-30 23:05 - 000000000 ____D C:\Program Files\Dropbox
2017-10-16 19:13 - 2016-09-06 11:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-10-16 19:13 - 2016-09-06 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-16 19:13 - 2010-08-09 14:01 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-13 13:53 - 2010-07-06 22:23 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-13 13:53 - 2010-05-12 15:13 - 000699342 _____ C:\Windows\system32\perfh007.dat
2017-10-13 13:53 - 2010-05-12 15:13 - 000149450 _____ C:\Windows\system32\perfc007.dat
2017-10-13 13:53 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-10-12 20:02 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2017-10-12 18:38 - 2010-08-09 07:02 - 000000000 ____D C:\Users\UpdatusUser
2017-10-12 18:34 - 2009-07-14 06:33 - 000472696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-12 14:13 - 2016-10-23 11:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-12 14:13 - 2016-09-13 11:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-12 14:09 - 2016-09-08 18:14 - 000000000 ____D C:\Windows\system32\MRT
2017-10-12 14:02 - 2010-07-06 23:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-09-27 16:52 - 2017-03-10 21:17 - 000012755 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
2016-09-04 23:19 - 2016-09-04 23:19 - 000000000 ____D () C:\Users\SARBAT\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-21 18:06
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (24-10-2017 17:15:32)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-09-04 20:22:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1733954782-861682868-1594596262-500 - Administrator - Disabled)
Gast (S-1-5-21-1733954782-861682868-1594596262-501 - Limited - Disabled)
SARBAT (S-1-5-21-1733954782-861682868-1594596262-1001 - Administrator - Enabled) => C:\Users\SARBAT
UpdatusUser (S-1-5-21-1733954782-861682868-1594596262-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Avira (HKLM\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
B110 (HKLM\...\{9F9A2D22-7E30-4546-B817-10644FFB9935}) (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CorelDRAW Essentials 4 - Content (HKLM\...\{19AC095C-3520-4999-AA15-93B6D0248A50}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (HKLM\...\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (HKLM\...\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (HKLM\...\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (HKLM\...\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (HKLM\...\{ABD8B955-1C69-4AF3-949B-13CD587C175F}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (HKLM\...\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (HKLM\...\{34A9406E-1994-4C20-AC72-04CFA2B24545}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (HKLM\...\{C682F3F0-00A6-4379-B083-4F3273624D7B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (HKLM\...\{BA9319FE-BCEF-4C99-8039-F464648D046E}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (HKLM\...\{3576C335-958D-4D60-A812-F68F9A2796AF}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (HKLM\...\{5500BB35-1C21-4328-9F16-F894B860FADE}) (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (HKLM\...\{07B62101-7EBD-434A-94B1-B38063BE5516}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (HKLM\...\{9043B9A0-9505-405B-8202-E7167A38A89C}) (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version: - )
Dassault Systemes Software Prerequisites x86 (HKLM\...\{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}) (Version: 8.1.3 - Dassault Systemes)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 18.6 - Thüringer Landesfinanzdirektion)
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x86 de) (HKLM\...\Mozilla Firefox 56.0 (x86 de)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network (HKLM\...\{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
Opera Stable 48.0.2685.50 (HKLM\...\Opera 48.0.2685.50) (Version: 48.0.2685.50 - Opera Software)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_B110_SW_Min (HKLM\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Companion (HKLM\...\{2297ea72-567b-4acb-9bc8-a965250b5b56}) (Version: 3.2.1725.3256 - Lavasoft)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Websuche (HKLM\...\Websuche) (Version: - Websuche)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.40 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {110C67E6-C2B8-4DDC-914B-68B0C4EE83D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {25E89319-E128-4E4F-A434-63B151778D81} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {2E3CE279-534C-4403-9C38-C0C0B43BBB1F} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-18] ()
Task: {3016DA09-BA07-4F74-92E5-B17D226FC984} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {569898AC-90E9-4B42-8E5A-9241C6E672F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {704603C8-C524-4A1E-925C-42D31B199605} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {8C726C72-E741-4DED-81E0-7AB01270973E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {95CCA7F0-8969-4D73-B038-B51F0D9E73F0} - System32\Tasks\{AA520783-31E2-4877-92A1-C73D10E96BA3} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {C72C9538-06E3-4747-A3EB-F26500966247} - System32\Tasks\Opera scheduled Autoupdate 1498217446 => C:\Program Files\Opera\launcher.exe [2017-10-17] (Opera Software)
Task: {DC8F13ED-91DF-4100-AD31-15019320CB28} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2017-10-15] (Avira Operations GmbH & Co. KG)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2010-08-09 14:14 - 2010-02-12 16:20 - 000244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000025704 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000017000 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000036456 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-01-25 20:13 - 2017-01-25 20:13 - 000027576 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-02-07 14:32 - 2016-12-29 15:08 - 000121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 000619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 000013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 000771904 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 001804608 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000154440 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000045888 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-10-19 20:44 - 2017-10-17 17:49 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-05 18:35 - 2017-10-17 17:50 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.DLL
2017-10-19 20:44 - 2017-10-17 17:49 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000545080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000359224 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000038208 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngine.pyd
2012-01-10 22:12 - 2012-01-10 22:12 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000109160 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000110696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000058984 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000312424 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000084072 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2017-10-23 15:03 - 2017-10-23 15:03 - 067069016 _____ () C:\Program Files\Opera\48.0.2685.50\opera_browser.dll
2017-09-21 13:30 - 2017-09-21 13:30 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b5f4a6496e65d431698f64ba7160604\IsdiInterop.ni.dll
2010-08-09 14:36 - 2010-03-04 05:08 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 003113560 _____ () C:\Program Files\Opera\48.0.2685.50\libglesv2.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 000087640 _____ () C:\Program Files\Opera\48.0.2685.50\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\SARBAT\Desktop\Projektmanagement:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{625C91B8-0342-4013-A059-BC58F5ECF94B}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{723B0637-366C-4656-A5FD-0C7A6C8C38EF}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{101694CC-978D-4204-AF2E-84C24C6CE28B}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6460CEE5-80DC-45F7-A37D-865EE6C3110E}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{7DACDA9C-CBCB-4596-8C1B-130D6236D105}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D76C0F1E-888D-4289-BD8A-6210885792BA}] => (Allow) svchost.exe
FirewallRules: [{6699CC78-98F9-4B69-8461-8EDF1654F24B}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0B5B1F51-77F7-49D0-8CE0-7A5D9A5293D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{6D5F4FF9-4102-4440-8FBD-AB939941172C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C91C628F-5C05-4027-AF4F-5C8CF2F81613}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{88734459-98E5-4EBA-AFBD-C6102C401C95}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{DD83B366-C6ED-4B58-8435-0768E81A1FF1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2B149D1F-1C8C-46FD-8DE4-66E6DF7160D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{05916671-9299-46E5-A584-9297D56D0E04}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{10D06981-C45F-4DE5-8D99-9029D0DA5894}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{55CC1B6A-3695-4B99-923E-A0E1843E2430}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB3B3BC1-FF9D-4248-911B-7F72E1C3D3AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{71F39BC3-7F61-4FCC-AAD0-E134E016E307}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C9C499E5-736D-4C19-B3F3-8BD1FF9C1054}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{FC60236F-8CEA-4E2F-A91B-2BE85E5E2C9C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3147CA70-0D03-4D61-B979-D53CD904BB81}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D3741DB1-E99D-492C-8113-28E1BD3626C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CACB9EE4-9A80-45FA-84E2-FEADE1C2D886}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{9D409B5F-E51B-468C-92F3-8959F692E1B7}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{4BD084BC-47E0-4672-A91B-61D760CA3AA5}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [UDP Query User{C9F12131-48AA-4D9E-88FA-3754B59E31D9}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [TCP Query User{28F63C74-5DA3-431B-872F-D1605888B5DE}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [UDP Query User{68C6BB30-61BF-4D95-BC87-FA6F10EE9C6A}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [TCP Query User{1D625DD7-B346-470B-81D8-A5E128CB3CF7}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{9D4F346A-B4CB-45B1-9016-4722820BD821}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [{41A27EBD-B185-4D78-B53C-84F23D654B3E}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe
FirewallRules: [{94EA3DBD-F490-4B7E-857C-BE6BB7DA2BC5}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{9513971E-A24D-4700-B60F-6A625D988B34}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe
==================== Wiederherstellungspunkte =========================
21-10-2017 18:13:48 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/21/2017 04:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 56.0.0.6478, Zeitstempel: 0x59cab8da
Name des fehlerhaften Moduls: xul.dll, Version: 56.0.0.6478, Zeitstempel: 0x59cab8c9
Ausnahmecode: 0x80000003
Fehleroffset: 0x00c47e59
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0x01d34a104438963d
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: ae9a954b-b66c-11e7-9e38-00262dc14cb8
Error: (10/17/2017 05:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Name des fehlerhaften Moduls: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Ausnahmecode: 0x80000003
Fehleroffset: 0x000c2d94
ID des fehlerhaften Prozesses: 0x2138
Startzeit der fehlerhaften Anwendung: 0x01d3475c6283d73b
Pfad der fehlerhaften Anwendung: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Berichtskennung: b32c094c-b34f-11e7-ad35-00262dc14cb8
Error: (10/12/2017 02:19:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (10/09/2017 07:28:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 47.0.2631.80 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9430
Startzeit: 01d33e005acb9b1d
Endzeit: 3855
Anwendungspfad: C:\Program Files\Opera\47.0.2631.80\opera.exe
Berichts-ID: 0b5f2495-ad17-11e7-9fa5-00262dc14cb8
Error: (10/01/2017 03:05:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01834ab3
ID des fehlerhaften Prozesses: 0x6ca8
Startzeit der fehlerhaften Anwendung: 0x01d33a5010828cd6
Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Software Update\HPWUCli.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aeb71540-a644-11e7-9fa5-00262dc14cb8
Systemfehler:
=============
Error: (10/23/2017 06:17:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/23/2017 02:50:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Avira.ServiceHost erreicht.
Error: (10/23/2017 12:21:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (10/23/2017 12:21:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/22/2017 08:16:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/22/2017 08:15:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
Zugriff verweigert
Error: (10/21/2017 08:11:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/21/2017 08:02:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (10/21/2017 07:59:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/21/2017 07:59:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 89%
Installierter physikalischer RAM: 3253.42 MB
Verfügbarer physikalischer RAM: 357.19 MB
Summe virtueller Speicher: 7405.16 MB
Verfügbarer virtueller Speicher: 677.83 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:447.37 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:1.11 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 075432EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende vom Addition.txt ============================
|
|
24.10.2017, 20:30
| #11 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten Wenn ich was zweimal poste liegt das an einem Bug im Forum. Die Anweisungen musst Du nur einmal ausführen...  Schritt 1 Downloade Dir bitte  AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.10.2017, 20:30
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten Wenn ich was zweimal poste liegt das an einem Bug im Forum. Die Anweisungen musst Du nur einmal ausführen... Schritt 1 Downloade Dir bitte AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.10.2017, 21:54
| #13 |
| | Phishing-Mail Link geklickt. Daten rettenCode:
ATTFilter # AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 24 20:47:09 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: WCAssistantService
***** [ Folders ] *****
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Users\SARBAT\AppData\Local\YSearchUtil
Deleted: C:\ProgramData\lavasoft\web companion
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\Program Files\lavasoft\web companion
Deleted: C:\Users\All Users\lavasoft\web companion
Deleted: C:\Users\SARBAT\AppData\Roaming\lavasoft\web companion
Deleted: C:\Program Files\Yahoo!\yset
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted: [Value] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2297ea72-567b-4acb-9bc8-a965250b5b56}|DisplayName []
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2297ea72-567b-4acb-9bc8-a965250b5b56}|DisplayIcon []
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2297ea72-567b-4acb-9bc8-a965250b5b56}|UninstallString []
***** [ Firefox (and derivatives) ] *****
Plugin deleted: Search and New Tab by Yahoo - Yahoo
Startpage deleted: www1.online/?w=RD9898
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [3317 B] - [2017/10/24 20:45:18]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
|
|
25.10.2017, 22:17
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Phishing-Mail Link geklickt. Daten retten Schritt 1 Downloade Dir HitmanPro  auf Deinen Desktop:HitmanPro-32 Bit Version HitmanPro-64 Bit Version
Schritt 2 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.10.2017, 18:31
| #15 |
| | Phishing-Mail Link geklickt. Daten rettenCode:
ATTFilter
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5ab8ef4616ea45439342461a168e7525
# end=init
# utc_time=2017-10-25 10:54:02
# local_time=2017-10-26 12:54:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 35187
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5ab8ef4616ea45439342461a168e7525
# end=updated
# utc_time=2017-10-25 10:59:54
# local_time=2017-10-26 12:59:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5ab8ef4616ea45439342461a168e7525
# engine=35187
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-10-26 09:51:00
# local_time=2017-10-26 11:51:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 96 40534 37483140 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35616117 260642650 0 0
# scanned=309386
# found=27
# cleaned=0
# scan_time=39064
sh=A28F64706E2F64BEF2E312D76EE72E707ECD5F50 ft=1 fh=d7ce1cd8676c7703 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1733954782-861682868-1594596262-1001\$R5HMCOK.exe"
sh=7368D143AAAD06E27700CDFB9402211A3BCB7C34 ft=1 fh=f97fda4e7da35c67 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\Lavasoft.Utils.dll"
sh=21B210517454ACA148BB3F710DD72C8C381E6CA2 ft=1 fh=ec7375de7603e004 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\Lavasoft.WCAssistant.WinService.exe"
sh=6167BF5453E3B51F4F8F3EB30A90C69DE403661E ft=1 fh=45a91f38d2c9dded vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\WebCompanion.exe"
sh=AF214BB8C34F40BBCED74A0265D652144BFAD911 ft=1 fh=b0c1ee30a374cdef vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\WebCompanionInstaller.exe"
sh=BD569B74D9F01AF8F54EB331006BA5D3B572C531 ft=1 fh=f5ea098eaa54fa94 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F70GJIJN\WcInstaller[1].exe"
sh=E3EA4D1DCE737CD6FDDA85D886FCCF23DC1D7D9B ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\WebCompanion.zip"
sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=704df630a1cb9cdd vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\DMR\dmr_72.exe"
sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=704df630a1cb9cdd vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\DMR\dmr_84.exe"
sh=1503016DD302FF14611634EB170CFDB7703757DC ft=1 fh=9b71f8d91b690524 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4072_25118\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=1306BB96FAF6B39A4372FE022DB7010CF42BB509 ft=1 fh=babdfc58d84facb8 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_16301\ffdshow tryouts - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_19600\Koepi s XviD - CHIP-Installer.exe"
sh=A28F64706E2F64BEF2E312D76EE72E707ECD5F50 ft=1 fh=d7ce1cd8676c7703 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_20740\Haali Media Splitter - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_31156\Koepi s XviD - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_3413\Koepi s XviD - CHIP-Installer.exe"
sh=4D0151EAB20DC21DF760131C4A2DF9CD1CE49361 ft=1 fh=96bbd3298f59d1c5 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_6286\VirtualDub 32 Bit - CHIP-Installer.exe"
sh=1306BB96FAF6B39A4372FE022DB7010CF42BB509 ft=1 fh=babdfc58d84facb8 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\ffdshow tryouts - CHIP-Installer.exe"
sh=1503016DD302FF14611634EB170CFDB7703757DC ft=1 fh=9b71f8d91b690524 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\Koepi s XviD - CHIP-Installer.exe"
sh=4D0151EAB20DC21DF760131C4A2DF9CD1CE49361 ft=1 fh=96bbd3298f59d1c5 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\VirtualDub 32 Bit - CHIP-Installer.exe"
sh=367257FA2A552DFEC7B9788AEE998B07F24F6339 ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\WebCompanion.zip"
sh=94549509601D21D2DF433B30E26516885952ADB4 ft=1 fh=891617a2a0aa4262 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_724912008\WcInstaller.exe"
sh=104C2FB3121299E660DECF60324ECBDEEEECCC2F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-02-17 190001\Backup Files 2013-02-17 190001\Backup files 1.zip"
sh=6CAA4821633348EE1EBA737D6E504A692C6AFDD5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-03-03 202647\Backup Files 2013-03-03 202647\Backup files 1.zip"
sh=3C1AFBDE868440DC0E0A7811AF4812028EB3E5FD ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.BC eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-03-24 214015\Backup Files 2013-03-31 190002\Backup files 1.zip"
sh=F7871916655896F8E597C405B8606ECBBEBB55B9 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-04-07 200356\Backup Files 2013-04-07 200356\Backup files 1.zip"
sh=3FCB33F4C29F79BE5138002EE07A533DCF630DDA ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.BC eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-04-07 200356\Backup Files 2013-04-21 202824\Backup files 1.zip"
|
|
| Themen zu Phishing-Mail Link geklickt. Daten retten |
| autorun, avdevprot, avdevprot.sys, avira, bho, browser, defender, e-mail, ebay, festplatte, firefox, flash player, frage, helper, home, internet, internet explorer, logfile, realtek, registry, rundll, scan, senden, svchost.exe, udp, usb, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
