Hir die Gewünschten Textdateien. Code:
Zoek.exe v5.0.0.1 Updated 24-December-2015
Tool run by Holger on 26.12.2015 at 15:59:22,31.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Holger\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26.12.2015 16:00:05 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Intel deleted successfully
C:\PROGRA~3\PDF Architect deleted successfully
C:\Users\Holger\AppData\Roaming\AdobeUM deleted successfully
C:\Users\Holger\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Holger\AppData\Local\EmieSiteList deleted successfully
C:\Users\Holger\AppData\Local\EmieUserList deleted successfully
C:\Users\Holger\AppData\Local\Skype deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000\Software\Mozilla\Firefox\Extensions\cliqz@cliqz.com deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\cliqz@cliqz.com deleted successfully
HKEY_USERS\S-1-5-21-996742013-728706295-4149775853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Mozilla\Firefox\Extensions\cliqz@cliqz.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-004-752");
user_pref("browser.search.defaulturl", "https://www.google.com/search?trackid=sp-004-752");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine", "Google (avast)");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "https://www.google.com/search?trackid=sp-004-752");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default
user.js not found
---- Lines extensions.DCizJ2UY removed from prefs.js ----
user_pref("extensions.DCizJ2UY.epoch", "1389438033");
user_pref("extensions.DCizJ2UY.url", "hxxp://installsunny.us/sync2/?q=hfZ9oeJQAchEAen0rchTB6lKDzt4okmxtNtVh7n0rjrFrTrErdn9rjw7tMFHhd9FqdaFrjaFrjaErTkM
---- Lines extensions.yYxgt removed from prefs.js ----
user_pref("extensions.yYxgt.epoch", "1389438033");
---- Lines cliqz@cliqz.com removed from prefs.js ----
user_pref("extensions.cliqz@cliqz.com.install-event-fired", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Holger\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Pr
---- FireFox user.js and prefs.js backups ----
prefs__1611_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Intel not found
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{13A787AD-5A45-3CFB-1ED4-797E22BF5D46} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{C961D12A-AC9E-7746-4446-0618B0EBE19D} deleted
C:\PROGRA~3\df0d0536289b6aa deleted
C:\PROGRA~2\ProtectDisc Driver Installer deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\avast! BCU UpdateS-1-5-21-996742013-728706295-4149775853-1000 deleted
C:\windows\SysNative\Tasks\avastBCLS-1-5-21-996742013-728706295-4149775853-1000 deleted
C:\Windows\TMPTMP.TMP deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\searchplugins\google-avast.xml deleted
C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\jetpack deleted
C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\extensions\abs@avira.com deleted
"C:\Users\Holger\AppData\Roaming\Ambience" deleted
"C:\Users\Holger\AppData\Roaming\grep" deleted
"C:\Users\Holger\AppData\Roaming\howto" deleted
"C:\Users\Holger\AppData\Roaming\images" deleted
"C:\ProgramData\Analog Swirl" deleted
"C:\ProgramData\libiconv" deleted
"C:\ProgramData\manual" deleted
"C:\ProgramData\programs" deleted
"C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\extensions\cliqz@cliqz.com.xpi" deleted
==== Orphaned Tasks deleted from Registry ======================
avast BCU UpdateS-1-5-21-996742013-728706295-4149775853-1000 deleted
avastBCLS-1-5-21-996742013-728706295-4149775853-1000 deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [25.03.2013 15:44]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default
8EF356DA145F60C3F11DF7EF03B97449 - D:\Programme\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat
5DF56521E8985BFD8F21A3D97A4D4574 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll - Shockwave Flash
5E186625C3E195C1D28A0C1E6E8DEED8 - C:\Users\Holger\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll - Protect Disc License Acquisition Plugin
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[21.02.2013 02:59]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://goggle.de/"
"Default_Search_URL"="https://search.avira.net/#web/result?source=art&q="
"Default_Page_URL"="https://search.avira.net/#web/result?source=art&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://search.avira.net/#web/result?source=art&q="
"Default_Page_URL"="https://search.avira.net/#web/result?source=art&q="
"Start Page"="https://search.avira.net/#web/result?source=art&q="
"Search Page"="https://search.avira.net/#web/result?source=art&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://search.avira.net/#web/result?source=art&q="
"Default_Page_URL"="https://search.avira.net/#web/result?source=art&q="
"Start Page"="https://search.avira.net/#web/result?source=art&q="
"Search Page"="https://search.avira.net/#web/result?source=art&q="
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://goggle.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - hxxp://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2764D06-DA1C-4A76-A89D-923E69956FF0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC574EE5-A149-3E1C-4639-9B33F34E0AEC} deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Holger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Holger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Holger\AppData\Local\Mozilla\Firefox\Profiles\2pfbnhja.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=168 folders=61 18777572 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Holger\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Holger\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 26.12.2015 at 16:16:57,96 ====================== Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-12-2015
durchgeführt von Holger (2015-12-26 16:18:19)
Gestartet von C:\Users\Holger\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-01-21 14:54:59)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-996742013-728706295-4149775853-500 - Administrator - Disabled)
Gast (S-1-5-21-996742013-728706295-4149775853-501 - Limited - Disabled)
Holger (S-1-5-21-996742013-728706295-4149775853-1000 - Administrator - Enabled) => C:\Users\Holger
UpdatusUser (S-1-5-21-996742013-728706295-4149775853-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - EFG) (Version: 7.1.0 - Adobe Systems)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
ALDI Bestellsoftware 4.13 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.13 - ORWO Net)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.6.0 - SlySoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Browser Cleanup (HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Avast Browser Cleanup) (Version: 10.4.2233.107 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CHIPDRIVE Smartcard Commander (HKLM-x32\...\CHIPDRIVE Smartcard Commander_CDInst21) (Version: - SCM Microsystems)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Crystal Reports XI Runtime Library (HKLM-x32\...\{C87EF9DB-603B-4EC2-8539-7575770AD5A8}) (Version: 3.1.2 - MP-SOFT-4-U)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EAS (HKLM-x32\...\EAS) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.2.7.7 - Siber Systems)
INSTAR Camera Tool (HKLM-x32\...\{630473B5-3AA9-4477-B6DD-F9EA5BEEDD42}) (Version: 2.0.1.0 - INSTAR)
iSpy (64 bit) (HKLM\...\{80B5D461-F6A8-4969-93C8-586838A5A82D}) (Version: 5.9.9 - iSpy)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Neoteris_Host_Checker) (Version: 8.0.9.34921 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.9.34921 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Juniper_Setup_Client) (Version: 8.0.9.53397 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KONICA MINOLTA magicolor 4690MF (HKLM\...\KONICA MINOLTA magicolor 4690MF) (Version: - )
KONICA MINOLTA magicolor 4690MF LSU (HKLM-x32\...\{D6DEF199-833A-45BE-AECD-6F84FF00F18E}) (Version: 1.00.0000 - KONICA MINOLTA)
KONICA MINOLTA magicolor 4690MF Scanner (HKLM-x32\...\InstallShield_{C99C29CC-EA33-4D15-8E2E-BF2D75A46598}) (Version: - )
KONICA MINOLTA magicolor 4690MF Scanner (Version: 1.01.0000 - KONICA MINOLTA) Hidden
LinkMagic for magicolor 4690MF (HKLM-x32\...\{B0A75C02-B3E5-46C1-B7CF-152E01389668}) (Version: 1.00.0000 - KONICA MINOLTA)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{7288E099-BD31-43AC-BBAA-0434B813642B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX USB-Videowandler 2 (HKLM-x32\...\{38874054-65D0-45D0-9486-FBEFD42A2251}) (Version: 1.03.0000 - Ihr Firmenname)
MAGIX Video easy Retten Sie Ihre Videokassetten! (HKLM-x32\...\MX.{FBDCB56E-2A25-4053-9E0C-C8E345DE0CA7}) (Version: 5.0.1.104 - MAGIX AG)
MAGIX Video easy Retten Sie Ihre Videokassetten! (Version: 5.0.1.104 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
MP-FEUER 2014 - Profi (HKLM-x32\...\{1A371A86-7C6D-4EEE-B800-A3563184A364}) (Version: 3.6.5 - MP-SOFT-4-U)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.9 - Nikon)
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{09D8042A-8297-4895-BE2F-2E2512F8BAB1}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SCR3xxx Smart Card Reader (HKLM-x32\...\{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}) (Version: 8.41 - SCM Microsystems)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.1 - Nikon)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WISO Hausverwalter 2013 (HKLM-x32\...\{BAA9D87C-DA6A-48D0-BC07-135E5B2DE5A2}) (Version: 7.00.7718 - Buhl Data Service GmbH)
WISO Hausverwalter 2014 (HKLM-x32\...\{F7DA791F-5149-4520-92F9-69379E72436F}) (Version: 8.00.8332 - Buhl Data Service GmbH)
WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH)
WISO Hausverwalter 2016 (HKLM-x32\...\{FF698809-CD68-4A77-BAD9-C1D5DD9AEF5B}) (Version: 10.00.8837 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{26848B86-6FE1-4B48-8DC1-9B1C3EAA3A0D}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{8FE88833-D331-4173-A9CF-D72C9AE7293C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{4C3F3A70-1166-4F4B-991A-3A384E16ECAE}) (Version: 22.00.8811 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-996742013-728706295-4149775853-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1ED3F444-9468-D082-1264-A2EF85889A47} => Keine Datei
CustomCLSID: HKU\S-1-5-21-996742013-728706295-4149775853-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {5D3EAD80-9468-D082-D63D-4FAC85889A47} => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1C0597F5-A38D-439E-983C-468FE0B7FC40} - \avastBCLS-1-5-21-996742013-728706295-4149775853-1000 -> Keine Datei <==== ACHTUNG
Task: {2F8671DC-EE99-4C77-9B1E-29978C129F26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {3353E02A-CC81-4491-8003-765C24CA52F4} - \avast! BCU UpdateS-1-5-21-996742013-728706295-4149775853-1000 -> Keine Datei <==== ACHTUNG
Task: {3508AC33-4339-4A56-B0FA-DE2AE4C2F9BB} - System32\Tasks\{36C26E70-926C-4770-B511-9E142405C5A9} => D:\EigeneDaten\PRIVAT\Sonstiges_PC\Treiber\LabelDrucker\Dymo PC 10\SETUP.EXE [1995-08-15] (Microsoft Corporation)
Task: {3A7BF78D-8A44-4D25-98C1-BA3BF52A3067} - System32\Tasks\{AB1E8ECD-7BEF-4171-AD11-66E20719BD42} => D:\EigeneDaten\PRIVAT\Sonstiges_PC\Treiber\LabelDrucker\Dymo PC 10\SETUP.EXE [1995-08-15] (Microsoft Corporation)
Task: {6A01B3FC-176F-4817-A4CF-DB3F03714EA2} - System32\Tasks\{A898D90C-D64B-4FBB-B2BF-C70C429AF163} => D:\EigeneDaten\PRIVAT\Sonstiges_PC\Treiber\LabelDrucker\Dymo PC 10\SETUP.EXE [1995-08-15] (Microsoft Corporation)
Task: {7A6F9036-2944-4F0A-A227-934558B636C7} - System32\Tasks\{9734F637-86E8-48C8-B813-1088B3B3742A} => D:\EigeneDaten\PRIVAT\Sonstiges_PC\Treiber\LabelDrucker\Dymo PC 10\SETUP.EXE [1995-08-15] (Microsoft Corporation)
Task: {9B671164-CACC-4A9C-9766-FE4B3269EF68} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-996742013-728706295-4149775853-1000Core => C:\Users\Holger\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D15D6075-A6DC-4115-8ED0-60E7A52C35C0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-996742013-728706295-4149775853-1000UA => C:\Users\Holger\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {F050A7E5-43D9-4F13-BB36-C9D0A83CCDDF} - System32\Tasks\{DF6F1EE6-4041-4DDE-9D2B-24B89002BD72} => D:\EigeneDaten\PRIVAT\Sonstiges_PC\Treiber\LabelDrucker\Dymo PC 10\SETUP.EXE [1995-08-15] (Microsoft Corporation)
Task: {F60E7880-C4A4-4EA2-BC2F-20A953F3DD3A} - System32\Tasks\{34312C68-06B4-4C7A-B74F-068CCCBA8762} => C:\Users\Holger\Downloads\jxpiinstall.exe
Task: {F780C72A-F4E5-4650-99CA-80027D741EBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {FA975BC7-4FF3-4C1C-B784-29ED259F2330} - System32\Tasks\{897593FE-C1BD-4355-8F7E-9ED4AD5515D7} => pcalua.exe -a C:\Users\Holger\AppData\Local\Temp\Temp2_MC4690MFGDIWin7x86_2100DE.zip\MC4690MFGDIWin7x86_2100DE\setup.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-996742013-728706295-4149775853-1000Core.job => C:\Users\Holger\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-996742013-728706295-4149775853-1000UA.job => C:\Users\Holger\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-01-21 15:54 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-25 16:13 - 2011-02-17 21:25 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-02-01 09:54 - 2008-02-01 09:54 - 00070656 _____ () C:\Windows\system32\M4690WDV.dll
2014-09-30 01:51 - 2014-09-30 01:51 - 00074664 _____ () D:\Programme\AnyDVD\ADvdDiscHlp64.exe
2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2013-01-27 13:05 - 2006-01-12 21:20 - 00019968 _____ () D:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.deu
2013-01-27 13:05 - 2006-01-12 21:13 - 00019968 _____ () D:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-996742013-728706295-4149775853-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7866 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-12-24 12:03 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15463 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-996742013-728706295-4149775853-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{4E44C614-33B1-49B8-9520-9A1DE9C9EA6F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{34DF4217-7998-4C19-AA0A-992EB0E57736}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{271A58BE-F9DD-4264-B875-9BE1FD20C180}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{BD1D4050-A542-4B4E-AEC2-9507FBD18E22}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{291E1270-66F2-4E29-B635-B3E74110BD90}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{EC3939D6-7FC2-4E12-8526-B911A26EACF5}D:\programme\instarvision\instarvision.exe] => (Allow) D:\programme\instarvision\instarvision.exe
FirewallRules: [UDP Query User{D91A4C08-EFEE-40A3-927D-B36A8EF68B44}D:\programme\instarvision\instarvision.exe] => (Allow) D:\programme\instarvision\instarvision.exe
FirewallRules: [{6F485C65-AC6B-4713-86F6-C4C33340B247}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{0BE4D20D-701C-4DD7-8932-23FE96284F61}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{E4437AC4-09B5-4739-B539-2B77810A57DC}] => (Allow) LPort=26675
FirewallRules: [{5F8D1E5F-CA9C-4728-9429-A67D2F30CC74}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{460ECF31-D471-444D-9B08-3A44CED05DC8}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{91167085-E1D9-4D26-8B44-8C0651DEAA24}] => (Allow) LPort=26675
FirewallRules: [{4741681C-907A-462D-B699-AE08A85188DD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0F69DCAD-161A-414B-8B7F-D0178A866784}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09DA6E6D-3BEB-48B1-A327-8240DAB01258}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D19315C-35D5-4200-AFC4-F7E9CD3FC747}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{534D6452-D6EF-47E7-A5B3-30956E4D0984}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A5802D20-03CF-4A91-BD36-A7AD07F67EC2}D:\programme\eas\jre\bin\java.exe] => (Allow) D:\programme\eas\jre\bin\java.exe
FirewallRules: [UDP Query User{6FD6C5E5-051A-4950-83C6-C9B9D83CA439}D:\programme\eas\jre\bin\java.exe] => (Allow) D:\programme\eas\jre\bin\java.exe
FirewallRules: [TCP Query User{E321EB15-9F59-48A4-832C-B80748A01C16}C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{80399076-3113-42F9-B2F1-39D1330D3782}C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{879FC112-0962-4040-8A18-32C37B7C53BD}D:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) D:\program files (x86)\instar\instar camera tool\instar camera tool.exe
FirewallRules: [UDP Query User{78081F4B-CE6E-4E25-9A04-43E55C87032A}D:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) D:\program files (x86)\instar\instar camera tool\instar camera tool.exe
FirewallRules: [{5AEB2CFF-DDE1-4779-B006-ECB5EC818D61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{42A6625F-8480-40D5-913D-970E2A52B0A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{48C6BB9C-9480-4A42-A24E-102DD456C7DD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E05B7C3A-CCEE-4364-AA20-B54102FE69F4}] => (Allow) LPort=2869
FirewallRules: [{B45028F3-6A3E-4969-B020-A397DE1FB688}] => (Allow) LPort=1900
FirewallRules: [{1ABB49A9-7F3D-4E9F-9383-819A0B1DFC6F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F9986AFD-14DE-4245-A31A-282D63314727}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7D0B5B49-9C35-429F-8DC5-73247AB0934F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{D6DFB9D8-7F56-47D5-8297-4952AC3AF834}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{6BE62CE4-A785-4C40-B615-446EA12E5324}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{18033454-1D0F-4DBB-BCB4-4924CDA2CDD4}D:\programme\instarvision\instarvision.exe] => (Allow) D:\programme\instarvision\instarvision.exe
FirewallRules: [UDP Query User{B9629A44-68C3-43BC-94AA-48172AF21E5D}D:\programme\instarvision\instarvision.exe] => (Allow) D:\programme\instarvision\instarvision.exe
FirewallRules: [{5EBBD0CD-D43E-436F-8701-C7A39F615DC0}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [{CEA20F1D-2FF3-4321-97E0-31680823C3AC}] => (Allow) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe
FirewallRules: [TCP Query User{C06AE92D-B324-41BB-8239-23C24801EF1E}C:\program files\instar\instarvision\instarvision.exe] => (Allow) C:\program files\instar\instarvision\instarvision.exe
FirewallRules: [UDP Query User{19722C57-CF04-45BC-A9F9-EF0BF951A63A}C:\program files\instar\instarvision\instarvision.exe] => (Allow) C:\program files\instar\instarvision\instarvision.exe
FirewallRules: [TCP Query User{FA81CD97-627F-4191-92B5-9D59ACDBE483}C:\instar\instarvision\instarvision.exe] => (Allow) C:\instar\instarvision\instarvision.exe
FirewallRules: [UDP Query User{7B1E726E-0B28-4DE2-B97F-4B1543FAF1F6}C:\instar\instarvision\instarvision.exe] => (Allow) C:\instar\instarvision\instarvision.exe
FirewallRules: [TCP Query User{6C384CE4-030C-4766-8C66-75F86817D7C6}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [UDP Query User{A2C8569C-198E-448F-A4E1-A76295FC2F04}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [{7C961A6F-E681-4CFF-9D31-9A03A1DAAA96}] => (Allow) E:\fsetup.exe
FirewallRules: [{C11EEECF-1536-4930-A9F4-6F40BA95F799}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{B4618482-0CA1-43D9-B2E8-AEDDB579DCA9}C:\instar\instarvision\instarvision.exe] => (Allow) C:\instar\instarvision\instarvision.exe
FirewallRules: [UDP Query User{F0EAEC06-22D4-41B1-90EB-A71252A9C5BB}C:\instar\instarvision\instarvision.exe] => (Allow) C:\instar\instarvision\instarvision.exe
FirewallRules: [TCP Query User{78337395-A842-483D-938F-33CC42A0E903}D:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) D:\program files (x86)\instar\instar camera tool\instar camera tool.exe
FirewallRules: [UDP Query User{11D1D3FD-9333-4CA1-96D3-6D8141DDD434}D:\program files (x86)\instar\instar camera tool\instar camera tool.exe] => (Allow) D:\program files (x86)\instar\instar camera tool\instar camera tool.exe
FirewallRules: [TCP Query User{ACF15AF7-C30F-4D5F-9F32-94DF8CE68ADB}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [UDP Query User{63796009-0849-4E3E-B6FC-CB411350B18F}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [TCP Query User{67EA2844-6558-4F7C-9CFC-E251FC70668D}C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{344FB163-36EF-4EDD-88F2-3DD8D9E71F49}C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\holger\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{3F61A494-ADDC-406E-ABB1-68B00EBBB645}D:\programme\eas\jre\170_65\bin\java.exe] => (Allow) D:\programme\eas\jre\170_65\bin\java.exe
FirewallRules: [UDP Query User{61226256-FBCD-47DF-ABF2-0A5EDE70069F}D:\programme\eas\jre\170_65\bin\java.exe] => (Allow) D:\programme\eas\jre\170_65\bin\java.exe
FirewallRules: [{D876E733-452C-4C45-98DD-56AAA20D433C}] => (Allow) C:\Users\Holger\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FEE3442C-8CEC-45DC-AD69-6926529EAB73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B12284D9-3ADB-4943-82BE-5E494E198539}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E176F0F2-C83E-49E5-B204-4265E9734DF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4E4CB108-93C4-4D39-B463-44C8B55E7C00}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F7E1D699-A4C3-45F6-9F95-776888DC0BEA}C:\users\holger\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\holger\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{FEC019C8-8BEC-4A53-951D-659584F6E71D}C:\users\holger\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\holger\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [TCP Query User{3FD3C486-5EDF-496E-AA29-0D03CACDFDCA}D:\programme\eas\jre\170_65\bin\javaw.exe] => (Allow) D:\programme\eas\jre\170_65\bin\javaw.exe
FirewallRules: [UDP Query User{1F7C8B9F-5CB6-450F-8842-F579CDE5BA18}D:\programme\eas\jre\170_65\bin\javaw.exe] => (Allow) D:\programme\eas\jre\170_65\bin\javaw.exe
FirewallRules: [{FA9A7D20-4EB0-4C4C-9FCB-0237D6BB7B6A}] => (Block) D:\programme\eas\jre\170_65\bin\javaw.exe
FirewallRules: [{95526456-D1AF-425B-A928-D3E932CEC6BD}] => (Block) D:\programme\eas\jre\170_65\bin\javaw.exe
FirewallRules: [{3FBC22E9-353D-40AF-B044-3AEA1CB487A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9C40B997-1E8D-452D-9137-0FEF3D7A722C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FDA389B0-D27D-48F3-8C0C-118F341DFD55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D3F23459-E228-42E7-8B2C-01E9ED865306}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{65FCC293-99BB-4305-9371-AB0623E106A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C2AF9AF-B76E-4323-ADEC-DBC5DA8F00F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{58F745A9-37C7-4AA6-9905-E9FD0EBDC674}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8CAF458-63DB-4D8E-9A6D-3A14D5D0C5A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB1F9D6E-A677-4502-9250-9EF6505231AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B297746C-39BB-49DE-A6BB-ABB48D08DD4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{084E268E-64D1-40D6-BD8B-4BA3017BD21D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
23-12-2015 18:07:09 Prüfpunkt von HitmanPro
23-12-2015 18:07:52 Prüfpunkt von HitmanPro
25-12-2015 12:31:39 Prüfpunkt von HitmanPro
25-12-2015 15:14:02 Regestry test gelöscht virus
25-12-2015 17:37:40 Removed Evernote v. 5.0.3
26-12-2015 14:18:04 Revo Uninstaller's restore point - TrojanHunter 6.0
26-12-2015 14:19:29 Revo Uninstaller's restore point - Spybot - Search & Destroy
26-12-2015 16:00:00 zoek.exe restore point
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/26/2015 04:14:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/26/2015 03:30:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9797
Error: (12/26/2015 03:30:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9797
Error: (12/26/2015 03:30:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/26/2015 02:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea5f
ID des fehlerhaften Prozesses: 0xd7c
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3
Error: (12/26/2015 02:22:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/26/2015 07:14:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea5f
ID des fehlerhaften Prozesses: 0x1848
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3
Error: (12/26/2015 07:09:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2015 05:40:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2015 03:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (12/26/2015 04:11:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/26/2015 04:11:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/26/2015 04:11:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/26/2015 04:11:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/26/2015 04:11:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/26/2015 02:21:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (12/26/2015 02:21:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/25/2015 05:40:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (12/25/2015 05:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/25/2015 05:40:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2015-12-25 12:42:27.407
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 12:41:42.033
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 12:28:56.423
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 12:23:46.548
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 12:18:44.297
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 12:10:53.399
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 11:58:54.547
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 11:51:55.411
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 11:45:18.438
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-12-25 11:35:31.663
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 8125.49 MB
Verfügbarer physikalischer RAM: 4628.27 MB
Summe virtueller Speicher: 16249.18 MB
Verfügbarer virtueller Speicher: 12952.52 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:15.69 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1582.25 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D4992628)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D4992620)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================ Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
durchgeführt von Holger (Administrator) auf HOLGER-ARLT (26-12-2015 16:18:02)
Gestartet von C:\Users\Holger\Downloads
Geladene Profile: Holger & UpdatusUser (Verfügbare Profile: Holger & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SlySoft, Inc.) D:\Programme\AnyDVD\AnyDVDtray.exe
(Adobe Systems Incorporated) D:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(SlySoft, Inc.) D:\CloneCD\CloneCDTray.exe
(Adobe Systems Inc.) D:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() D:\Programme\AnyDVD\ADvdDiscHlp64.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-06-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-06-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [CloneCDTray] => D:\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [(default)] => [X]
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Run: [AnyDVD] => D:\Programme\AnyDVD\AnyDVD.exe [109480 2015-12-12] (SlySoft, Inc.)
HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Run: [Facebook Update] => "C:\Users\Holger\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-21-996742013-728706295-4149775853-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2013-12-17]
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D74150B1-20B7-486B-A7F7-7FA0B73016CF}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-996742013-728706295-4149775853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://goggle.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-996742013-728706295-4149775853-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: TAkeThECooaupOn -> {13A787AD-5A45-3CFB-1ED4-797E22BF5D46} -> C:\ProgramData\TAkeThECooaupOn\sJRLhb.x64.dll => Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-996742013-728706295-4149775853-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Holger\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin HKU\S-1-5-21-996742013-728706295-4149775853-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Holger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Keine Datei]
FF SearchPlugin: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\searchplugins\google-images.xml [2014-12-06]
FF SearchPlugin: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\searchplugins\google-maps.xml [2014-12-06]
FF SearchPlugin: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\searchplugins\youtube.xml [2015-11-12]
FF Extension: Video DownloadHelper - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF Extension: Adblock Plus - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\2pfbnhja.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-25] [ist nicht signiert]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-12-02] (Adobe Systems) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [Datei ist nicht signiert]
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [650200 2012-09-14] (Intel Corporation)
S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2009-07-15] (TechniSat Provide)
S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM)
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] ()
S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] ()
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.)
S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] ()
S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] ()
S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] ()
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (VIA Technologies, Inc.)
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]
S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X]
S3 oxser; \SystemRoot\system32\drivers\oxser.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-26 16:18 - 2015-12-26 16:18 - 00022358 _____ C:\Users\Holger\Downloads\FRST.txt
2015-12-26 16:13 - 2015-12-26 15:59 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-12-26 15:59 - 2015-12-26 16:14 - 00000000 ____D C:\zoek_backup
2015-12-26 15:58 - 2015-12-26 15:58 - 01309184 _____ C:\Users\Holger\Downloads\zoek.exe
2015-12-26 14:41 - 2015-12-26 14:41 - 00001199 _____ C:\Users\Holger\Desktop\mbam.txt
2015-12-26 14:31 - 2015-12-26 14:31 - 22908888 _____ (Malwarebytes ) C:\Users\Holger\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-26 14:28 - 2015-12-25 17:40 - 00000936 _____ C:\Users\Holger\Desktop\AdwCleaner[C18].txt
2015-12-26 14:17 - 2015-12-26 14:17 - 00001264 _____ C:\Users\Holger\Desktop\Revo Uninstaller.lnk
2015-12-26 14:17 - 2015-12-26 14:17 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-26 14:17 - 2015-12-26 14:17 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-26 14:16 - 2015-12-26 14:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Holger\Downloads\revosetup95.exe
2015-12-26 11:34 - 2015-12-26 16:18 - 00000000 ____D C:\FRST
2015-12-26 11:33 - 2015-12-26 11:34 - 02370560 _____ (Farbar) C:\Users\Holger\Downloads\FRST64.exe
2015-12-25 14:44 - 2015-12-25 14:44 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Holger\Downloads\rkill.exe
2015-12-25 14:32 - 2015-12-25 14:32 - 00000000 ____D C:\Users\Holger\Documents\ProcAlyzer Dumps
2015-12-25 11:09 - 2015-12-25 11:09 - 00001066 _____ C:\Users\Holger\Desktop\Avast Browser Cleanup.lnk
2015-12-25 11:09 - 2015-12-25 11:09 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-12-25 11:09 - 2015-12-25 11:09 - 00000000 ____D C:\Users\Holger\AppData\Roaming\AVAST Software
2015-12-25 11:08 - 2015-12-25 11:08 - 03840080 _____ (AVAST Software) C:\Users\Holger\Downloads\avast-browse104-cleanup-sfx.exe
2015-12-25 08:12 - 2015-12-25 08:12 - 01466656 _____ C:\Users\Holger\Downloads\HijackThis - CHIP-Installer.exe
2015-12-24 12:03 - 2015-10-26 20:36 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20151224-120339.backup
2015-12-24 10:48 - 2015-12-26 14:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-24 10:48 - 2015-12-26 14:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-24 10:48 - 2015-12-24 10:48 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-12-24 10:48 - 2015-12-24 10:48 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-24 10:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-12-24 10:46 - 2015-12-24 10:46 - 01466656 _____ C:\Users\Holger\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-12-24 05:26 - 2015-12-24 05:29 - 00000000 ____D C:\Users\Holger\AppData\Local\NPE
2015-12-24 05:26 - 2015-12-24 05:26 - 00000000 ____D C:\ProgramData\Norton
2015-12-24 05:25 - 2015-12-24 05:25 - 10079720 _____ (Symantec Corporation) C:\Users\Holger\Downloads\NPE.exe
2015-12-23 18:05 - 2015-12-23 18:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-23 18:04 - 2015-12-25 12:32 - 06772128 _____ C:\Users\Holger\Downloads\HitmanPro_3.7.10.251.zip
2015-12-23 18:03 - 2015-12-23 18:03 - 01466656 _____ C:\Users\Holger\Downloads\Hitman Pro - CHIP-Installer.exe
2015-12-23 13:15 - 2015-12-23 13:15 - 01466656 _____ C:\Users\Holger\Downloads\TrojanHunter - CHIP-Installer.exe
2015-12-23 12:45 - 2015-12-26 16:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 12:45 - 2015-12-26 14:32 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-23 12:45 - 2015-12-26 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 12:45 - 2015-12-26 14:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 12:45 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-23 12:45 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-23 12:45 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-23 12:41 - 2015-12-23 12:41 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Holger\Downloads\mbam-setup-2.1.8.1057.exe
2015-12-22 17:31 - 2015-12-22 17:31 - 00231422 _____ C:\Windows\ntbtlog.txt
2015-12-22 17:27 - 2015-12-22 17:28 - 137719056 _____ (Microsoft Corporation) C:\Users\Holger\Downloads\msert.exe
2015-12-21 21:31 - 2015-12-21 21:31 - 01743360 _____ C:\Users\Holger\Desktop\adwcleaner_5.026.exe
2015-12-20 09:21 - 2015-12-20 09:21 - 00004096 ____H C:\Users\Holger\AppData\Local\keyfile3.drm
2015-12-19 12:02 - 2015-12-24 06:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-16 17:27 - 2015-12-16 17:27 - 01059983 _____ C:\Users\Holger\Downloads\blickpunktsteuern_2015_12.pdf
2015-12-16 05:21 - 2015-12-16 05:21 - 00002092 _____ C:\Users\Holger\Desktop\Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK
2015-12-15 20:11 - 2015-12-15 20:11 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-15 20:11 - 2015-12-15 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-15 20:11 - 2015-12-15 20:11 - 00000000 ____D C:\Program Files\iTunes
2015-12-15 20:11 - 2015-12-15 20:11 - 00000000 ____D C:\Program Files\iPod
2015-12-15 20:11 - 2015-12-15 20:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-11 05:02 - 2015-12-11 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 19:30 - 2015-12-10 19:30 - 00000000 ____D C:\MP-Soft-4-U
2015-12-03 15:07 - 2015-12-03 15:07 - 00469375 _____ C:\Users\Holger\Documents\Dokument (4).pdf
2015-12-02 17:10 - 2015-12-02 17:10 - 00150440 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2015-12-02 17:10 - 2015-12-02 17:10 - 00150440 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2015-12-01 20:50 - 2015-12-01 20:50 - 00143946 _____ C:\Users\Holger\Downloads\Vortrag_Trainees_Grdl_2007.pdf
2015-11-30 13:31 - 2015-11-30 13:31 - 00095848 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2015-11-26 19:15 - 2015-11-26 19:15 - 00000980 _____ C:\Users\Public\Desktop\WISO steuer Sparbuch 2016.lnk
2015-11-26 19:15 - 2015-11-26 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-26 16:17 - 2013-01-27 18:40 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Skype
2015-12-26 16:14 - 2013-01-21 15:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-26 16:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 16:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-26 16:11 - 2013-01-21 15:55 - 00000000 ____D C:\Users\Holger
2015-12-26 16:05 - 2013-01-21 15:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-26 16:02 - 2009-07-14 05:45 - 00028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 16:02 - 2009-07-14 05:45 - 00028720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 14:45 - 2014-11-22 20:38 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-996742013-728706295-4149775853-1000UA.job
2015-12-26 14:26 - 2010-11-21 07:50 - 00717182 _____ C:\Windows\system32\perfh007.dat
2015-12-26 14:26 - 2010-11-21 07:50 - 00154798 _____ C:\Windows\system32\perfc007.dat
2015-12-26 14:26 - 2009-07-14 06:13 - 01656152 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 14:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-26 14:23 - 2013-01-22 19:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-25 17:42 - 2013-01-21 15:54 - 00000000 ____D C:\Users\UpdatusUser
2015-12-25 17:40 - 2014-01-11 13:51 - 00000000 ____D C:\AdwCleaner
2015-12-25 12:43 - 2014-04-13 06:08 - 00000000 ____D C:\Windows\CryptoGuard
2015-12-24 20:45 - 2014-11-22 20:38 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-996742013-728706295-4149775853-1000Core.job
2015-12-23 12:45 - 2014-01-07 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-22 17:29 - 2013-01-22 19:09 - 00000000 ____D C:\Users\Holger\AppData\Roaming\TeamViewer
2015-12-22 14:14 - 2013-02-07 22:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-21 19:28 - 2013-02-11 17:24 - 00000000 ____D C:\TEMP
2015-12-20 20:29 - 2015-08-27 17:16 - 00000116 ____H C:\Users\Holger\Documents\maxdesk.ini2
2015-12-20 20:29 - 2015-08-27 16:02 - 00000084 ____H C:\Users\Holger\Documents\PP11Thumbs.ptn2
2015-12-20 20:29 - 2015-08-27 16:00 - 00334883 ____H C:\Users\Holger\Documents\PP11Thumbs.ptn
2015-12-17 20:11 - 2013-02-12 18:26 - 00000642 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2015-12-17 16:14 - 2013-01-24 22:01 - 00000000 ____D C:\Users\Holger\AppData\Roaming\GoodSync
2015-12-17 13:46 - 2015-03-05 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-15 20:11 - 2013-01-31 16:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-15 17:26 - 2013-01-31 16:25 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Apple Computer
2015-12-12 12:20 - 2013-02-01 17:23 - 00001023 _____ C:\Windows\wiso.ini
2015-12-11 05:02 - 2014-10-12 05:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 05:02 - 2014-03-16 06:48 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-11 05:02 - 2013-01-27 18:40 - 00000000 ____D C:\ProgramData\Skype
2015-12-09 17:05 - 2013-01-21 15:54 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 17:05 - 2013-01-21 15:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 17:05 - 2013-01-21 15:54 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-01 16:12 - 2013-05-20 06:04 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 16:12 - 2013-05-20 06:04 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 16:12 - 2013-05-20 06:04 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-11-26 19:15 - 2013-02-01 17:21 - 00000000 ____D C:\Users\Holger\AppData\Local\Buhl
2015-11-26 19:13 - 2013-01-21 15:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-10-20 18:19 - 2014-03-23 09:28 - 0003584 _____ () C:\Users\Holger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-20 09:21 - 2015-12-20 09:21 - 0004096 ____H () C:\Users\Holger\AppData\Local\keyfile3.drm
2013-02-12 18:27 - 2015-06-16 07:33 - 0000125 ___SH () C:\ProgramData\.zreglib
2013-01-27 10:36 - 2013-01-27 10:36 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-01-27 10:37 - 2014-09-12 10:47 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-01-27 10:36 - 2015-09-06 17:32 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-01-27 10:36 - 2014-05-25 12:10 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Einige Dateien in TEMP:
====================
C:\Users\Holger\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-20 08:11
==================== Ende von FRST.txt ============================ |