Funde mit Malwarebyte, JRT und ADWCleander unter Win 8 Hallo Board,
weil der Rechner einer Freundin total langsam wurde, und zum Teil wohl "komische Sachen" passierten, habe ich FRST installiert. Danach die üblichen Programme - Malwarbytes, JRT und ADWCleander - laufen lassen und dann nochmal ein Log von FRST gemacht. Anbei die Logs
FRST Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
durchgeführt von Sabine (Administrator) auf SUSANNE (12-09-2015 12:25:14)
Gestartet von C:\Users\Sabine\Desktop
Geladene Profile: Sabine (Verfügbare Profile: Sabine)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-09-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Atheros Communications)
HKU\S-1-5-21-3643237689-3054303543-624020848-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-06-16] (Glarysoft Ltd)
HKU\S-1-5-21-3643237689-3054303543-624020848-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
HKU\S-1-5-21-3643237689-3054303543-624020848-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * BootDefrag.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{33E63699-F813-40C2-86A3-2311DBA0C120}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B1DAEDC6-5207-4FDF-954C-A46E00D17781}: [DhcpNameServer] 127.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3643237689-3054303543-624020848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-01-19] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
FireFox:
========
FF ProfilePath: C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\uk1t2rz5.default
FF Homepage: hxxp://www.google.de/
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-19] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-19] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin HKU\S-1-5-21-3643237689-3054303543-624020848-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\uk1t2rz5.default\Extensions\abs@avira.com [2015-03-15]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\uk1t2rz5.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-19]
FF Extension: DownloadHelper - C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\uk1t2rz5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-10]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-05] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Users\Sabine\AppData\Local\Temp\7zS349E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe [539648 2015-01-07] () [Datei ist nicht signiert]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-11] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-16] (Glarysoft Ltd)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R2 CMWFP; C:\Windows\system32\Drivers\CMWFP64.sys [43168 2015-01-07] (CartCrunch Israel Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-06-30] (Glarysoft Ltd)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-12 12:25 - 2015-09-12 12:25 - 00020150 _____ C:\Users\Sabine\Desktop\FRST.txt
2015-09-12 12:23 - 2015-09-12 12:25 - 00000000 ____D C:\FRST
2015-09-12 12:23 - 2015-09-12 09:44 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Sabine\Desktop\5JRT_7600.exe
2015-09-12 12:23 - 2015-09-12 09:43 - 01660416 _____ C:\Users\Sabine\Desktop\4AdwCleaner_5.007.exe
2015-09-12 12:23 - 2015-09-12 09:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sabine\Desktop\3mbam-setup-2.1.8.1057.exe
2015-09-12 12:22 - 2015-09-12 09:47 - 02190848 _____ (Farbar) C:\Users\Sabine\Desktop\FRST64.exe
2015-09-06 20:42 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-06 20:42 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-20 16:51 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-20 16:51 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-20 16:27 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-20 16:27 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-20 16:27 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-20 16:27 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-20 16:27 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-20 16:27 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-20 16:27 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-20 16:27 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-20 16:27 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-20 16:27 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-20 16:27 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-20 16:27 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-20 16:27 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-20 16:27 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-20 16:27 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-20 16:27 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-20 16:27 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-20 16:27 - 2015-06-09 20:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-20 16:25 - 2015-08-20 16:25 - 00004096 ____H C:\Users\Sabine\AppData\Local\keyfile3.drm
2015-08-13 10:16 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 10:16 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 10:16 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 10:16 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 10:16 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 10:16 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-13 10:16 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 10:16 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 10:16 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 10:16 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 10:16 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 10:16 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 10:15 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 10:15 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 10:15 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 10:15 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 10:15 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 10:15 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 10:15 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-13 10:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 10:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 10:15 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 10:15 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-13 10:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 10:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 10:15 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-13 10:15 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 10:15 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 10:15 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 10:15 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-13 10:15 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-13 10:15 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 10:15 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 10:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 10:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 10:15 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 10:15 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-13 10:15 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 10:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 10:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 10:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 10:14 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 10:14 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 10:14 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 10:14 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 10:14 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 10:14 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 10:14 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 10:14 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 10:14 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 10:14 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 10:14 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 10:14 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 10:14 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 10:14 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 10:14 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 10:14 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 10:14 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 10:14 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 10:14 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 10:14 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 10:14 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 10:14 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 10:14 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 10:14 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 10:14 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 10:14 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 10:14 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 10:14 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 10:14 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 10:14 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-12 12:24 - 2014-07-01 19:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 12:24 - 2014-07-01 17:02 - 01414124 _____ C:\Windows\WindowsUpdate.log
2015-09-12 12:24 - 2014-06-30 21:38 - 00165659 _____ C:\MyXML.xml
2015-09-12 12:24 - 2014-06-21 20:07 - 00000000 ____D C:\Users\Sabine\AppData\Local\CrashDumps
2015-09-12 12:24 - 2014-04-25 19:23 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-09-12 12:24 - 2014-04-25 19:23 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-09-12 12:24 - 2014-01-15 07:19 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 12:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-12 12:23 - 2014-06-21 20:01 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6C73CF3-7E7E-4622-A84F-5DB9A3A7F8A2}
2015-09-12 12:23 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-12 12:20 - 2015-07-18 13:10 - 00009483 _____ C:\Windows\setupact.log
2015-09-12 12:20 - 2014-06-30 21:04 - 00000352 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-09-12 12:18 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 10:34 - 2011-06-19 18:31 - 00000000 ____D C:\Users\Sabine\Documents\Outlook-Dateien
2015-09-11 10:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-11 10:13 - 2014-06-21 19:53 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3643237689-3054303543-624020848-1001
2015-09-09 12:22 - 2015-01-11 10:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-09 12:22 - 2015-01-10 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-07 10:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-05 16:13 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-05 15:49 - 2015-01-10 21:19 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-05 15:49 - 2015-01-10 21:19 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-05 15:39 - 2015-01-19 12:21 - 00000000 ____D C:\ProgramData\ProductData
2015-09-05 15:37 - 2014-06-30 21:04 - 00000000 ____D C:\Users\Sabine\AppData\Roaming\DiskDefrag
2015-08-23 10:59 - 2014-07-01 20:10 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-23 10:58 - 2013-08-22 16:44 - 00482952 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-20 18:42 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 18:42 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 18:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-20 18:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-20 16:51 - 2014-06-26 10:59 - 00000000 ____D C:\Windows\system32\MRT
2015-08-20 16:48 - 2014-06-26 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-20 16:48 - 2014-06-21 20:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-20 16:45 - 2015-01-03 12:03 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-20 16:45 - 2014-07-12 20:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-20 16:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 16:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 16:43 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini
2015-08-19 16:33 - 2014-06-21 19:47 - 00000000 ____D C:\Users\Sabine\AppData\Local\Packages
2015-08-19 16:24 - 2014-07-01 19:50 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-17 18:17 - 2014-06-21 21:35 - 00000000 ____D C:\Users\Sabine\AppData\Local\Deployment
2015-08-14 03:50 - 2014-06-30 20:23 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 03:50 - 2014-06-30 20:23 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-20 16:25 - 2015-08-20 16:25 - 0004096 ____H () C:\Users\Sabine\AppData\Local\keyfile3.drm
2014-04-25 10:05 - 2014-04-25 10:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-21 21:37 - 2015-07-17 16:51 - 0005142 _____ () C:\ProgramData\hpzinstall.log
Einige Dateien in TEMP:
====================
C:\Users\Sabine\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-06 20:41
==================== Ende von FRST.txt ============================ Addition Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
durchgeführt von Sabine (2015-09-12 12:25:59)
Gestartet von C:\Users\Sabine\Desktop
Windows 8.1 (X64) (2014-06-21 17:47:11)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3643237689-3054303543-624020848-500 - Administrator - Disabled)
Gast (S-1-5-21-3643237689-3054303543-624020848-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3643237689-3054303543-624020848-1003 - Limited - Enabled)
Sabine (S-1-5-21-3643237689-3054303543-624020848-1001 - Administrator - Enabled) => C:\Users\Sabine
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.205 - Alps Electric)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Glary Utilities 5.2 (HKLM-x32\...\Glary Utilities 5) (Version: 5.2.0.5 - Glarysoft Ltd)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{6122CE5C-9DD3-402D-8413-57B681739FA7}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.2 - Tracker Software Products Ltd)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.20 - Qualcomm Atheros Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.23 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1600 - ) <==== ACHTUNG
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 10.1 - Abelssoft)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
20-08-2015 16:39:55 Windows Update
06-09-2015 20:40:58 Windows Update
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2014-07-01 17:48 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
Da befinden sich 1000 zusätzliche Einträge.
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {055DE900-F414-4D04-A84C-B6D5269C5E38} - System32\Tasks\Uninstaller_SkipUac_Sabine => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {0BA6CC5A-A530-4C51-AF2E-7DB9BD8058BD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {1B4F6440-170A-4FED-B348-A5E5F984715F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {2F2D8E3B-8F31-483E-BBDF-66E290D43974} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {8450791E-7CCE-4777-8C60-D3853D8BC232} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-20] (Microsoft Corporation)
Task: {887D6A2F-DB36-4752-A86B-D1ACE9A9B129} - System32\Tasks\ASC8_SkipUac_Sabine => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-30] (IObit)
Task: {A4D027BB-5C58-4FBC-B72A-8669E1439E2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {A9523DF1-0BE8-433B-A5C7-CD3B026BC6D4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-06-16] (Glarysoft Ltd)
Task: {B39D7FAF-9E8B-4669-8297-C6BBEA0B7414} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-12-10] (IObit)
Task: {C7367FE1-8BF0-4530-88D7-78C8A382C5C8} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-06-16] (Glarysoft Ltd)
Task: {D12E2152-613F-4025-9482-323C852238AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {DB0C766B-B19F-4EE7-91AA-25DB1D6823E1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {E7D73102-ABD7-406E-87E2-0695663C636B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-19] (Adobe Systems Incorporated)
Task: {F9FE13F4-9D0B-4D4A-B111-C6941F364A4B} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {FA55746F-44B0-4A61-971B-6EB668E95B97} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASC8_SkipUac_Sabine.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Sabine.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-01-10 21:15 - 2015-01-07 22:20 - 00539648 _____ () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
2013-12-24 02:22 - 2013-12-24 02:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 02:20 - 2013-12-24 02:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-15 06:57 - 2013-09-30 16:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-24 02:26 - 2013-12-24 02:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-06-01 19:28 - 2015-06-01 19:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-19 12:20 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-01-19 12:21 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-06-30 21:02 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-30 21:02 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-30 21:02 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-30 21:37 - 2013-12-09 16:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-06-30 21:37 - 2013-12-09 16:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-06-30 21:37 - 2013-12-09 16:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-06-30 21:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-30 21:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-19 12:20 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-01-19 12:20 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-01-19 12:20 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-01-19 12:20 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2015-01-19 12:21 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-01-19 12:21 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-01-19 12:21 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-01-19 12:20 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-07-24 19:12 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2015-07-24 19:12 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2014-04-25 10:02 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-30 21:37 - 2013-12-09 16:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-30 21:37 - 2013-12-09 16:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7865 mehr eingeschränkte Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3643237689-3054303543-624020848-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sabine\Desktop\Jerry\DSC03571.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{609E3F17-ECE0-498B-A0E3-B7015F965A79}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{C6776762-CD4E-466E-841C-F8C9F31873AC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{55EB4496-9CB7-48A7-908F-642A57AC41A4}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D2C74F5D-E7CF-431C-90DA-CDBDCC860084}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{FA669E17-8C36-4B54-BFA8-31D12A531DED}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8555C297-C161-499A-8689-D73B67F62FFA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5250BBA5-3F2E-40D9-A2A1-F662EFA58702}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7B2A8946-C6FF-4854-BCC5-36A641943B51}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5EDB2B91-A528-4854-9773-948097DCC623}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6B2D7E6B-8734-455A-98F2-A9AFDF97EC8E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{648136F9-56F6-4CFC-BD11-870A4B67F6EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{5B76A029-B7F2-42F7-A253-62651945DCE0}] => (Allow) C:\Users\Sabine\AppData\Local\Temp\7zS7304\setup\hpznui40.exe
FirewallRules: [{29F010D3-D7E8-49DB-8476-F154D6ADB0C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{41C0AE93-FAA1-4750-8DFA-F7CB81DCD0D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C60DF2C0-DC2E-4AFF-85E6-B199796DA76B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{5C3B5E25-853D-4659-87F6-E0094E462FB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{A56227F8-9AC9-4CFE-B97E-81596878F524}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{40F4CB0F-FE86-4553-8EB3-036CDB0C08AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{05B0BC82-1CFF-4B52-BABE-DD78E51CD80C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E9E73B91-BFC2-4D3F-BE96-A0ECD5757E71}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{461ABA86-AB8E-443E-A334-984E0045104E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DEA23E5C-7AC1-4C2B-9512-8A4F531D25F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8CD13024-0330-4536-8CF0-46B9A068D8C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{627E686E-5A4C-4BC8-9F1F-B7FAB1C89A1A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{9C48CC7C-0397-4B72-BC4C-B0C7D29F1600}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7D3EE871-7582-4D50-84CF-72581B0C78E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{5DA71B0D-9BB2-406E-8301-43E506D1819B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{21D5C7FF-0EBA-4E1A-97E4-B15498AF8BD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{79EBF9FD-56DC-4661-8DBB-E4E33CB4DE50}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{80FFD463-0E9E-4ED4-BCD7-56BDB8F8F3BE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{5918431B-1F86-4FDA-A957-7CD654C53DC6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{B7488D6A-719F-4D77-881A-8683B072FA01}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{260127B8-F911-4D86-AD3D-756EAB5CC7F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{A7FE4A1E-7D12-4089-9288-A56A7B286F7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{5A74249A-0EDE-4CBC-B65B-2BC874F65406}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/12/2015 12:24:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm 2FRST64.exe, Version 10.9.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 678
Startzeit: 01d0ed451880a378
Endzeit: 0
Anwendungspfad: C:\Users\Sabine\Desktop\2FRST64.exe
Berichts-ID: 68a25361-5938-11e5-830e-202564c25877
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/12/2015 12:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000d290fd8
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (09/11/2015 10:34:33 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/11/2015 10:34:33 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:25:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:25:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:22:46 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:22:46 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/08/2015 10:28:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/08/2015 10:19:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Systemfehler:
=============
Error: (09/12/2015 12:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/12/2015 12:19:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/11/2015 10:08:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/11/2015 10:08:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/08/2015 10:31:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home
Error: (09/06/2015 08:41:44 PM) (Source: DCOM) (EventID: 10010) (User: Susanne)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/06/2015 08:41:14 PM) (Source: DCOM) (EventID: 10010) (User: Susanne)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/06/2015 07:47:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home
Error: (09/05/2015 03:51:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home
Error: (08/23/2015 10:58:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office:
=========================
Error: (09/12/2015 12:24:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 2FRST64.exe10.9.2015.167801d0ed451880a3780C:\Users\Sabine\Desktop\2FRST64.exe68a25361-5938-11e5-830e-202564c25877
Error: (09/12/2015 12:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2unknown0.0.0.000000000c0000005000000000d290fd8ec801d0ed44875b1f9aC:\Windows\Explorer.EXEunknown5aafe9f2-5938-11e5-830e-202564c25877
Error: (09/11/2015 10:34:33 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/11/2015 10:34:33 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:25:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:25:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:22:46 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/09/2015 12:22:46 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (09/08/2015 10:28:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/08/2015 10:19:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8074.27 MB
Verfügbarer physikalischer RAM: 5779.05 MB
Summe virtueller Speicher: 9354.27 MB
Verfügbarer virtueller Speicher: 3920.25 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:913.7 GB) (Free:843.04 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 32C5E42C)
Partition: GPT.
==================== Ende von Addition.txt ============================ Malwarebytes hat 61 Funde gehabt. Leider gabs da kein Log. Zumindestens habe ich es nicht gefunden oder ausversehen gelöscht. Malwarebytes hat auch einen Rootkit gefunden, da weiss ich allerdings nicht, ob der gelöscht wurde.
ADWCleaner Code:
# AdwCleaner v5.007 - Bericht erstellt am 12/09/2015 um 12:59:54
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-10.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Sabine - SUSANNE
# Gestartet von : C:\Users\Sabine\Desktop\4AdwCleaner_5.007.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner Gefunden : C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Schlüssel Gefunden : HKU\.DEFAULT\Software\Avg Secure Update
Schlüssel Gefunden : HKCU\Software\Avg Secure Update
Schlüssel Gefunden : HKLM\SOFTWARE\SecurityUtility
Schlüssel Gefunden : [x64] HKCU\Software\Avg Secure Update
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\SecurityUtility
***** [ Internetbrowser ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2242 Bytes] ########## JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 8.1 x64
Ran by Sabine on 12.09.2015 at 13:05:03,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Sabine
Successfully deleted: [Task] C:\Windows\Tasks\Uninstaller_SkipUac_Sabine.job
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Sabine\AppData\Roaming\productdata
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\uk1t2rz5.default\extensions\iobitascsurfingprotection@iobit.com
Successfully deleted: [Folder] C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\uk1t2rz5.default\extensions\staged
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.09.2015 at 13:07:18,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |