Vielleicht ein banales Problem, aber ärgerlich. Ich habe (gegen meine Überzeugung, aber es gab Gründe) vor kurzem den Internet Explorer 11 installiert bzw. auf diesen aktualisiert. Genützt hat's eh nichts.
Aber seitdem kriege ich beim Aufrufen von Firefox (aktuelle Version 64 Bit) immer die Adresse http://www.%snf%.com/(die es nicht gibt) als Startadresse. Ich habe schon mehrmals die Startseite auf http://www.google.at eingestellt, wie ich das sonst immer mache. Nützt aber nichts. Wenn ich auf das Haus-Symbol klicke, kommt Google, aber starten tut der FF immer noch mit der obigen Adresse, obwohl die in den Einstellungen nirgends steht. Die Dateien prefs.js (das waren zwei) habe ich beide gelöscht, nützt auch nichts.
Was kann ich tun?
Danke für Eure Anregungen.
Falsche Startseite
-
nhas -
21. Januar 2018 um 21:17 -
Erledigt
-
-
mache folgendes:
● mit AdwCleaner suchen ➔ http://mozhelp.dynvpn.de/guide/mit-adwcleaner-suchenAnstatt bei Schritt 3a der Anleitung den Inhalt auf paste.nn-d.de hochzuladen,
fügst du stattdessen den Inhalt hier direkt ins Forum per Code ein. -
Danach noch Scan mit Farbar's Recovery Scan Tool (FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Kopiere den Inhalt von FRST.txt nach dem ersten Scan in den nächsten Post hier wieder als Code ins Forum -
Code
Alles anzeigen# AdwCleaner 7.0.7.0 - Logfile created on Sun Jan 21 20:48:58 2018 # Updated on 2018/18/01 by Malwarebytes # Database: 01-16-2018.1 # Running on Windows 7 Ultimate (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** PUP.Optional.Chip, chip1click ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Users\Norbert\AppData\Roaming\InetStat PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader PUP.Optional.Chip, C:\Program Files (x86)\Chip Digital GmbH PUP.Optional.Chip, C:\Users\Norbert\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362} PUP.Optional.Chip, C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A} PUP.Optional.VLCUpdaterDE, C:\ProgramData\VLC UPDATER PUP.Optional.VLCUpdaterDE, C:\ProgramData\Application Data\VLC UPDATER PUP.Optional.VLCUpdaterDE, C:\Users\All Users\VLC UPDATER PUP.Optional.VLCUpdaterDE, C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC UPDATER PUP.Optional.RegCurePro, C:\ProgramData\PARETOLOGIC PUP.Optional.RegCurePro, C:\ProgramData\Application Data\PARETOLOGIC PUP.Optional.RegCurePro, C:\Users\All Users\PARETOLOGIC PUP.Optional.RegCurePro, C:\Users\Norbert\AppData\Roaming\PARETOLOGIC PUP.Optional.OpenCandy, C:\Users\Norbert\AppData\Roaming\OpenCandy PUP.Optional.WebEnhance, C:\Program Files (x86)\WebEnhance PUP.Optional.Qweb, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qweb Symbol PUP.Optional.Qweb, C:\Program Files (x86)\Qweb Symbol ***** [ Files ] ***** PUP.Optional.Webitar, C:\Windows\SysNative\drivers\MSFT_KERNEL_WEBINSTR_01009.WDF PUP.Optional.StartFenster.ShrtCln, C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk PUP.Optional.StartFenster.ShrtCln, C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk PUP.Optional.StartFenster.ShrtCln, C:\Users\Norbert\Favorites\Startfenster.lnk PUP.Optional.StartFenster.ShrtCln, C:\Users\Norbert\Favorites\Links\Startfenster.lnk PUP.Optional.Qweb, C:\ProgramData\Microsoft\Windows\Start Menu\Qweb Converter installieren.lnk PUP.Optional.Qweb, C:\Users\All Users\Desktop\Qweb Converter installieren.lnk PUP.Optional.Qweb, C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Qweb Converter installieren.lnk PUP.Optional.Qweb, C:\Users\Norbert\Favorites\Qweb Converter installieren.lnk PUP.Optional.Qweb, C:\Users\Norbert\Favorites\Links\Qweb Converter installieren.lnk PUP.Optional.Qweb, C:\Users\Public\Desktop\Qweb Converter installieren.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** PUP.Optional.SafeFinder, C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - %SNP% PUP.Optional.SafeFinder, C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - %SNF% ***** [ Tasks ] ***** PUP.Optional.Legacy, paretologic update version3 PUP.Optional.Legacy, paretologic registration3 PUP.Optional.Legacy, ParetoLogic Update Version3_triggeronce PUP.Optional.Legacy, RegCure Pro Startup PUP.Optional.Legacy, ParetoLogic Registration3 PUP.Optional.Legacy, ParetoLogic Update Version3 ***** [ Registry ] ***** PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [http:\\feed.safefinder.com\?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPkYk3SZWA-G9IPjLKAkwy2NI,&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.istartsurf.com\?type=hp&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | IE9RunOnceCompletionTime [兺춥Ǐ:\\www.istartsurf.com\?type=hp&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | IE9TourShownTime [叺冁춥Ǐ:\\www.istartsurf.com\?type=hp&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Search | Default_Search_URL [http:\\feed.safefinder.com\?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPkYk3SZWA-G9IPjLKAkwy2NI,&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Search | SearchAssistant [http:\\feed.safefinder.com\?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPkYk3SZWA-G9IPjLKAkwy2NI,&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\SearchUrl | Default [http:\\feed.safefinder.com\?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPkYk3SZWA-G9IPjLKAkwy2NI,&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl | Default [http:\\feed.safefinder.com\?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPljA3EQ5ao1awpsB-3-72CGw,&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\www.istartsurf.com\web\?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\www.istartsurf.com\web\?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms}] PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\InetStat PUP.Optional.Legacy, [Key] - HKCU\Software\InetStat PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\ParetoLogic PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\ParetoLogic PUP.Optional.Legacy, [Key] - HKCU\Software\ParetoLogic PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\AppDataLow\Software\Re_Markit PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Re_Markit PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Mozilla\Extends PUP.Optional.Legacy, [Key] - HKCU\Software\Mozilla\Extends PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {AE07101B-46D4-4A98-AF68-0333EA26E113} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95} PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A} PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6 PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6 PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9 PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9 PUP.Optional.Chip, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9 PUP.Optional.Chip, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service PUP.Optional.Chip, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Chip Digital GmbH\chip1click\ PUP.Optional.Chip, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Chip Digital GmbH\ PUP.Optional.Chip, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}\ PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Adware.IStartSurf, [Key] - HKLM\SOFTWARE\istartsurfSoftware PUP.Optional.VLCUpdaterDE, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC Updater PUP.Optional.VLCUpdaterDE, [Value] - HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Windows\CurrentVersion\Run | VLC Updater PUP.Optional.VLCUpdaterDE, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | VLC Updater PUP.Optional.VLCUpdaterDE, [Value] - HKCU\Software\AM | VLC Updater PUP.Optional.Qweb, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Qweb.de ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: dict-cc - /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
-
Teil 1:
Code
Alles anzeigenScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018 Ran by Norbert (administrator) on NORBERT (21-01-2018 21:59:52) Running from C:\Users\Norbert\Desktop Loaded Profiles: Norbert (Available Profiles: Norbert & Gitti & Administrator & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Trust.Zone VPN Project) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Trust.Zone VPN Project) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe (aborange.de - Mathias Gerlach) C:\Program Files (x86)\DayDisplay\DayDisplay.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Users\Norbert\Desktop\adwcleaner_7.0.7.0.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Trust.Zone VPN Client UI Helper] => C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe [4617200 2017-07-23] (Trust.Zone VPN Project) HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [936056 2016-03-25] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools) HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2014-10-29] (Google) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3002048 2017-02-07] (Sony Corporation) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-03-24] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [DayDisplay] => C:\Program Files (x86)\DayDisplay\DayDisplay.exe [396288 2006-09-25] (aborange.de - Mathias Gerlach) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [EPSON BX320FW Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [Zoom] => [X] HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [VLC Updater] => C:\ProgramData\VLC Updater\vlc-updater.exe [157008 2017-12-06] () <==== ATTENTION HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: L - L:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {2ab6b1b3-c613-11e7-8f92-00ac5ea99cb9} - E:\startme.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {94d6e0f1-0f98-11e5-a68d-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {b223597b-5a2b-11e6-8305-8c89a5e3b3cb} - F:\startme.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {f5cf69f8-0f3e-11e5-bc51-8c89a5e3b3cb} - L:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {f5cf6a02-0f3e-11e5-bc51-8c89a5e3b3cb} - L:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries) AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2014-10-29] (Google) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 secure.applian.com Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 Tcpip\..\Interfaces\{2BB2DC65-9709-4A3F-9C39-383F4D758692}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{6D160250-9005-466B-95D3-C74266D91410}: [NameServer] 10.0.0.138 Tcpip\..\Interfaces\{6D160250-9005-466B-95D3-C74266D91410}: [DhcpNameServer] 10.0.0.138 10.0.0.138 Tcpip\..\Interfaces\{C2C93341-1774-4246-9160-6DA68038F284}: [NameServer] 8.8.4.4,8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPkYk3SZWA-G9IPjLKAkwy2NI,&q={searchTerms} HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=de-at HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS SearchScopes: HKLM -> DefaultScope {0E7134B3-E48D-49A2-8557-E4A6CCB13A20} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {0E7134B3-E48D-49A2-8557-E4A6CCB13A20} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPljA3EQ5ao1awpsB-3-72CGw,&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPljA3EQ5ao1awpsB-3-72CGw,&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> DefaultScope {BEE2FF96-21C4-43BB-932F-B15765CCC7F1} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3E146DC-F7C8-46FD-9EFE-9D1E1C546092&SearchSource=58&CUI=&UM=6&UP=SP6793B6F4-B4BD-4A0E-AA13-8AA7D6B328D7&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {0E7134B3-E48D-49A2-8557-E4A6CCB13A20} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=fWosyRJMSn0crA4cvX3kmbzrmyY?q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {BEE2FF96-21C4-43BB-932F-B15765CCC7F1} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {D6245854-F223-47BD-A521-96A3D4507FA1} URL = hxxps://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: iSkysoft iTube Studio 4.7.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\ProgramData\iSkysoft\iTube Studio\WSBrowserAppMgr.dll [2015-12-26] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-19] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-19] (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File FireFox: ======== FF DefaultProfile: xgx9mmzi.Norbert FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\kz46zz74.default [not found] <==== ATTENTION FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Nvu\Profiles\2ity4v04.default [2015-11-26] FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Sunbird\Profiles\en3ykd83.default [2014-09-27] FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org [2014-09-27] [Legacy] [not signed] FF Extension: (Lightning stub extension for Sunbird) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2014-09-27] [Legacy] [not signed] FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\xgx9mmzi.Norbert [2018-01-21] FF Homepage: Mozilla\Firefox\Profiles\xgx9mmzi.Norbert -> hxxp://www.google.at/ FF Extension: (Adblock Plus) - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\xgx9mmzi.Norbert\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12] FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com FF Extension: (iSkysoft iTube Studio) - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com [2016-01-02] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2135812234-3056823087-3488026263-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Norbert\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-03-24] (Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Norbert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-03] (Cisco WebEx LLC) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://at.search.yahoo.com/?type=523482&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxp://www.google.at/" CHR Profile: C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default [2018-01-21] CHR Extension: (Slides) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Adblock Edge) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\accldnaddagdpflhmpchbgioclimcjha [2014-09-25] CHR Extension: (Docs) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27] CHR Extension: (YouTube) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28] CHR Extension: (Kindle Cloud Reader) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-12-02] CHR Extension: (Google Search) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (AdBlock Plus) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlikinlmdahlejbgjadicgkolemccfof [2014-11-05] CHR Extension: (ClickOnce for Google Chrome) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeifaoomkminpbeebjdmdojbhmagnncl [2016-02-09] CHR Extension: (Blur) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2017-09-22] CHR Extension: (Sheets) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Google Docs Offline) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Kindle Cloud Reader) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-02] CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2017-01-13] CHR Extension: (Cisco WebEx Extension) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-25] CHR Extension: (Who deleted me) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldenokldcmhckjkcaolgljcjdecgpfmf [2016-11-16] CHR Extension: (Yellow highlighter pen for web) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2014-11-10] CHR Extension: (dict-cc) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] CHR Extension: (LEO Wörterbuchsuche) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2016-02-16] CHR Extension: (Adblock Plus Chrome) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihghdlmaedmkipdikamnejbeecjcim [2014-11-05] CHR Extension: (Gmail) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01] CHR Extension: (Chrome Media Router) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-12] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [epanfjkfahimkgomnigadpkobaefekcd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
-
Teil 2:
Code
Alles anzeigenScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018 Ran by Norbert (administrator) on NORBERT (21-01-2018 21:59:52) Running from C:\Users\Norbert\Desktop Loaded Profiles: Norbert (Available Profiles: Norbert & Gitti & Administrator & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Trust.Zone VPN Project) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Trust.Zone VPN Project) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe (aborange.de - Mathias Gerlach) C:\Program Files (x86)\DayDisplay\DayDisplay.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Users\Norbert\Desktop\adwcleaner_7.0.7.0.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Trust.Zone VPN Client UI Helper] => C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe [4617200 2017-07-23] (Trust.Zone VPN Project) HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [936056 2016-03-25] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools) HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2014-10-29] (Google) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3002048 2017-02-07] (Sony Corporation) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-03-24] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [DayDisplay] => C:\Program Files (x86)\DayDisplay\DayDisplay.exe [396288 2006-09-25] (aborange.de - Mathias Gerlach) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [EPSON BX320FW Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [Zoom] => [X] HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\Run: [VLC Updater] => C:\ProgramData\VLC Updater\vlc-updater.exe [157008 2017-12-06] () <==== ATTENTION HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: L - L:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {2ab6b1b3-c613-11e7-8f92-00ac5ea99cb9} - E:\startme.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {94d6e0f1-0f98-11e5-a68d-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {b223597b-5a2b-11e6-8305-8c89a5e3b3cb} - F:\startme.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {f5cf69f8-0f3e-11e5-bc51-8c89a5e3b3cb} - L:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\MountPoints2: {f5cf6a02-0f3e-11e5-bc51-8c89a5e3b3cb} - L:\AutoRun.exe HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-09] (Garmin Ltd. or its subsidiaries) AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2014-10-29] (Google) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 secure.applian.com Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 Tcpip\..\Interfaces\{2BB2DC65-9709-4A3F-9C39-383F4D758692}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{6D160250-9005-466B-95D3-C74266D91410}: [NameServer] 10.0.0.138 Tcpip\..\Interfaces\{6D160250-9005-466B-95D3-C74266D91410}: [DhcpNameServer] 10.0.0.138 10.0.0.138 Tcpip\..\Interfaces\{C2C93341-1774-4246-9160-6DA68038F284}: [NameServer] 8.8.4.4,8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPkYk3SZWA-G9IPjLKAkwy2NI,&q={searchTerms} HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=de-at HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS SearchScopes: HKLM -> DefaultScope {0E7134B3-E48D-49A2-8557-E4A6CCB13A20} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {0E7134B3-E48D-49A2-8557-E4A6CCB13A20} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPljA3EQ5ao1awpsB-3-72CGw,&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpDLIiC3wcwpHk_AWLDXos4LYY-sT-UsSMi3jwNpn8KkLY5V812R01YbRnc78E-ouJ82TlisUmBcVg2NJN_RlSZ0WFQwhe7Cq-l72kiNupG8plGLNCtKZihFeWxI47EEv4u18Ezz5IpPljA3EQ5ao1awpsB-3-72CGw,&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> DefaultScope {BEE2FF96-21C4-43BB-932F-B15765CCC7F1} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3E146DC-F7C8-46FD-9EFE-9D1E1C546092&SearchSource=58&CUI=&UM=6&UP=SP6793B6F4-B4BD-4A0E-AA13-8AA7D6B328D7&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {0E7134B3-E48D-49A2-8557-E4A6CCB13A20} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409847336&from=amt&uid=ST1000DM003-9YN162_W1D187VSXXXXW1D187VS&q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=fWosyRJMSn0crA4cvX3kmbzrmyY?q={searchTerms} SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {BEE2FF96-21C4-43BB-932F-B15765CCC7F1} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2135812234-3056823087-3488026263-1000 -> {D6245854-F223-47BD-A521-96A3D4507FA1} URL = hxxps://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: iSkysoft iTube Studio 4.7.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\ProgramData\iSkysoft\iTube Studio\WSBrowserAppMgr.dll [2015-12-26] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-19] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-19] (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File FireFox: ======== FF DefaultProfile: xgx9mmzi.Norbert FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\kz46zz74.default [not found] <==== ATTENTION FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Nvu\Profiles\2ity4v04.default [2015-11-26] FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Sunbird\Profiles\en3ykd83.default [2014-09-27] FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org [2014-09-27] [Legacy] [not signed] FF Extension: (Lightning stub extension for Sunbird) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2014-09-27] [Legacy] [not signed] FF ProfilePath: C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\xgx9mmzi.Norbert [2018-01-21] FF Homepage: Mozilla\Firefox\Profiles\xgx9mmzi.Norbert -> hxxp://www.google.at/ FF Extension: (Adblock Plus) - C:\Users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\xgx9mmzi.Norbert\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12] FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com FF Extension: (iSkysoft iTube Studio) - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com [2016-01-02] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2135812234-3056823087-3488026263-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Norbert\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-03-24] (Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Norbert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-03] (Cisco WebEx LLC) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://at.search.yahoo.com/?type=523482&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxp://www.google.at/" CHR Profile: C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default [2018-01-21] CHR Extension: (Slides) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Adblock Edge) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\accldnaddagdpflhmpchbgioclimcjha [2014-09-25] CHR Extension: (Docs) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27] CHR Extension: (YouTube) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28] CHR Extension: (Kindle Cloud Reader) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-12-02] CHR Extension: (Google Search) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (AdBlock Plus) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlikinlmdahlejbgjadicgkolemccfof [2014-11-05] CHR Extension: (ClickOnce for Google Chrome) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeifaoomkminpbeebjdmdojbhmagnncl [2016-02-09] CHR Extension: (Blur) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2017-09-22] CHR Extension: (Sheets) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Google Docs Offline) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Kindle Cloud Reader) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-02] CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2017-01-13] CHR Extension: (Cisco WebEx Extension) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-25] CHR Extension: (Who deleted me) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldenokldcmhckjkcaolgljcjdecgpfmf [2016-11-16] CHR Extension: (Yellow highlighter pen for web) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2014-11-10] CHR Extension: (dict-cc) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] CHR Extension: (LEO Wörterbuchsuche) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2016-02-16] CHR Extension: (Adblock Plus Chrome) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihghdlmaedmkipdikamnejbeecjcim [2014-11-05] CHR Extension: (Gmail) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01] CHR Extension: (Chrome Media Router) - C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-12] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [epanfjkfahimkgomnigadpkobaefekcd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
-
Und dann war da noch das:
Code
Alles anzeigenAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by Norbert (21-01-2018 22:03:41) Running from C:\Users\Norbert\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-09-04 02:31:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2135812234-3056823087-3488026263-500 - Administrator - Enabled) => C:\Users\Administrator Fernsehen (S-1-5-21-2135812234-3056823087-3488026263-1005 - Limited - Enabled) Gitti (S-1-5-21-2135812234-3056823087-3488026263-1004 - Limited - Enabled) => C:\Users\Gitti Guest (S-1-5-21-2135812234-3056823087-3488026263-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2135812234-3056823087-3488026263-1008 - Limited - Enabled) Norbert (S-1-5-21-2135812234-3056823087-3488026263-1000 - Administrator - Enabled) => C:\Users\Norbert XXX (S-1-5-21-2135812234-3056823087-3488026263-1006 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9} AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Extreme Security Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) 4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.0.2175 - Open Media LLC) Active@ UNDELETE 7 Enterprise (HKLM-x32\...\Active@ UNDELETE 7 Enterprise) (Version: - ) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon) AMD Catalyst Install Manager (HKLM\...\{F11C146C-580C-7594-B7BB-4F610202E7C3}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) ANT Drivers Installer x64 (HKLM\...\{6941244D-9995-4279-9281-4AD2EC7BD260}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - ) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - ) AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.2.571 - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.) calibre 64bit (HKLM\...\{584DA16D-72A3-4F7E-8842-09EC3B582EA0}) (Version: 3.2.1 - Kovid Goyal) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP) CDRoller 10.0 (HKLM-x32\...\CDRoller_is1) (Version: 10.0 - Digital Atlantic Corp.) chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH) <==== ATTENTION Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) DayDisplay - Deinstallation (HKLM-x32\...\DayDisplay_is1) (Version: 2.10 - Mathias Gerlach [aborange.de]) DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 1.9.3.0 - DiskInternals Research) Druckerdeinstallation für EPSON BX320FW Series (HKLM\...\EPSON BX320FW Series) (Version: - SEIKO EPSON Corporation) DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.1 - CM&V) EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies) Elevated Installer (HKLM-x32\...\{86E80D52-6DD3-4604-8CE9-4E7C2951151F}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters) EPSON BX320FW Series Handbuch (HKLM-x32\...\EPSON BX320FW Series Manual) (Version: - ) EPSON BX320FW Series Netzwerk-Handbuch (HKLM-x32\...\EPSON BX320FW Series Network Guide) (Version: - ) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION) EPubsoft Kindle MOBI AZW DRM Removal 8.3.5 (HKLM-x32\...\{61F7C273-C127-49ED-B2D4-D9A421ECEBE4}) (Version: 8.3.5 - EPUBSOFT) Finale 2012 Demo (HKLM-x32\...\Finale 2012 Demo) (Version: 2012.a.r5.1 - MakeMusic) Foxit Phantom (HKLM\...\{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}) (Version: 2.2.0225 - Foxit Software Company) FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) Freemake Video Converter Version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) FTP Commander (HKLM-x32\...\FTP Commander) (Version: - ) Garmin Express (HKLM-x32\...\{7f65fe7f-fcc6-4c75-b83f-837e06afbc8c}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{DA9DAB72-69A7-4C9A-97A5-EC5865DF72CA}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (HKLM-x32\...\{984D1622-C082-445B-8A40-4A8788616E6E}) (Version: 5.1.0.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3322.3 - Google Inc.) Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - ) iDealshare VideoGo 6.0.8.5809 (HKLM-x32\...\{CC4C06C4-7C78-4AAB-B5AF-33FB11CCD850}_is1) (Version: - iDealshare Corporation) iSkysoft Free Video Downloader(Build 4.8.0.0) (HKLM-x32\...\iSkysoft Free Video Downloader_is1) (Version: 4.8.0.0 - iSkysoft Software) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt)) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.17 - COWON) LAME v3.98.2 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes) LibreOffice 5.1.5.2 (HKLM-x32\...\{03E3A5F6-2B2C-4CF6-9C18-FBB28AFA512B}) (Version: 5.1.5.2 - The Document Foundation) LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere) MAGIX Web Designer MX (HKLM\...\{F29400C2-C498-47A2-815C-B8998E377DB6}) (Version: 8.0.2.21761 - MAGIX AG) Hidden MAGIX Web Designer MX (HKLM-x32\...\MAGIX_{F29400C2-C498-47A2-815C-B8998E377DB6}) (Version: 8.0.2.21761 - MAGIX AG) MailStore Home 8.2.1.10082 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH) MainConcept DTV Decoder Pro (HKLM-x32\...\{DFB561FC-E7F8-4774-9CF6-343F19061BC9}) (Version: 1.1.15295.1 - MainConcept AG) MediaCoder x64 0.8.40.5802 (HKLM\...\MediaCoder x64) (Version: 0.8.40.5802 - Mediatronic) MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden MergeModule_x86 (HKLM-x32\...\{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02558 - Microsoft Corporation) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MKVToolNix 17.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 17.0.0 - Moritz Bunkus) Movavi Screen Capture Studio 8 (HKLM-x32\...\Movavi Screen Capture Studio 8) (Version: 8.1.0 - Movavi) Mozilla Firefox 57.0.4 (x64 de) (HKLM\...\Mozilla Firefox 57.0.4 (x64 de)) (Version: 57.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla) Mozilla Thunderbird 52.5.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.5.2 (x86 de)) (Version: 52.5.2 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger) Nightly 51.0a1 (x64 en-US) (HKLM\...\Nightly 51.0a1 (x64 en-US)) (Version: 51.0a1 - Mozilla) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation) NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) ownCloud (HKLM-x32\...\ownCloud) (Version: 1.8.1.5050 - ownCloud) PC Tune-Up (HKLM-x32\...\PC Tune-Up) (Version: 2.2.0.1 - ZoneAlarm) Hidden PDF-Over (HKLM-x32\...\{0A842521-934A-466D-A0C9-3A3FE3B64A84}) (Version: 4.1.16 - A-SIT (Secure Information Technology Center - Austria)) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.3.01.02070 - Sony Corporation) PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (HKLM-x32\...\{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.3.01 - Sony Corporation) Hidden Qweb Symbol (HKLM-x32\...\Qweb.de) (Version: 1.0 - Qweb Symbol) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek) Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools) ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - ) RidNacs 2.0.3 (HKLM-x32\...\RidNacs_is1) (Version: - Stephan Plath) R-Studio 7.6 (HKLM-x32\...\R-Studio 7.6NSIS) (Version: 7.6.158715 - R-Tools Technology Inc.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB) Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony) Subtitle Edit 3.5.4 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.4.0 - Nikse) SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.1 - Erik Vullings) TMPGEnc Video Mastering Works 6 Testversion (HKLM\...\{E9F8DCAA-FA4C-4CDD-8C57-22CECC48F17E}) (Version: 6.0.4.14 - Pegasys Inc.) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Trust.Zone VPN Client (HKLM\...\trustzone_tztzclient) (Version: 1.00.1029 - Trust.Zone VPN Project) TSDoctor2 (HKLM-x32\...\{6D69642B-656C-4183-831A-4024CA7089B6}) (Version: 2.0.105 - Cypheros) UFS Explorer Standard Recovery, version 5.17.1 (HKLM\...\UFS Explorer Standard Recovery (version 5, 64bit)_is1) (Version: 5.17.1 - LLC "SysDev Laboratories") Ultimate EPubsoft DRM Removal 8.9.1 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.9.1 - EPUBSOFT) UltraISO Premium V9.5 (HKLM-x32\...\UltraISO_is1) (Version: - ) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX) ViceVersa Pro 2.5 64-bit (Build 2502) (HKLM\...\ViceVersa Pro 2.5_is1) (Version: 2 - TGRMN Software) Video DVD Maker v3.30.0.75 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN) VLC Updater (HKLM-x32\...\VLC Updater) (Version: 1.3 - VLC Updater) <==== ATTENTION Web Sudoku Deluxe 1.2.2 (HKLM-x32\...\Web Sudoku Deluxe_is1) (Version: 1.2.2 - Web Sudoku) WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.) WM Recorder 16 (HKLM-x32\...\WM Recorder 1616.4.0.0) (Version: 16.4.0.0 - AllAlex, Inc) Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony) Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden ZoneAlarm Antivirus (HKLM-x32\...\{D457D6C7-C040-40CB-8BF8-D8ECC8FDDACE}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 15.1.501.17249 - Check Point) ZoneAlarm Find My Laptop (HKLM-x32\...\{C7E7A446-DE1F-441D-9519-BD858266A7AB}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (HKLM-x32\...\{902E1EFE-94FC-4209-9409-EBB2CA9E8DA6}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Parental Controls (HKLM\...\{F8B59EE9-E280-46E9-AEBF-642193B8CB00}) (Version: 7.2.6.1 - ContentWatch) Hidden ZoneAlarm Security (HKLM-x32\...\{9F5DAD59-9A81-44E4-A075-0C943932FD10}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden Zoom (HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-05-06] (ownCloud Inc.) ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2013-05-27] (Online Media Technologies Ltd.) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-29] () ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-29] () ContextMenuHandlers1-x32-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-03-24] (Check Point Software Technologies Ltd.) ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-23] (EZB Systems, Inc.) ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2011-06-15] (JetAudio) ContextMenuHandlers3: [OCContextMenuHandler] -> {841A0AAD-AA11-4B50-84D9-7F8E727D77D7} => C:\Program Files (x86)\ownCloud\shellext\OCContextMenu_x64.dll [2015-05-06] (ownCloud Inc.) ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-23] (EZB Systems, Inc.) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-29] () ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-29] () ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-03-29] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation) ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files (x86)\JetAudio\JetFlExt64.dll [2011-06-15] (JetAudio) ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-23] (EZB Systems, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-29] () ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-29] () ContextMenuHandlers6-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-03-24] (Check Point Software Technologies Ltd.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06EF21A2-7606-4EE5-AA83-1AA901F793C5} - System32\Tasks\ParetoLogic Registration3 => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {18F94481-E1B4-4948-8F10-6FDAAE23AA75} - System32\Tasks\{973FB87B-8135-4737-AD36-1CC0E24A5DB3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Phantom\InstallPDFReaderPlugin.exe" -d C:\Windows\system32 -c -p C:\Program Files (x86)\Foxit Software\Foxit Phantom\plugins\ Task: {200D5B75-0D39-4FF0-B64F-AB0E801DAD84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {2DA72BBC-A5E2-4561-BC36-E6B59A620BF2} - System32\Tasks\ARP Host => C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe [2014-03-20] (Microsoft Corporation) Task: {30D8F3AA-7158-4454-921D-4386A6ACB571} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION Task: {37743ECB-C83F-4C02-9417-ABC85CA65166} - System32\Tasks\Product Updater => C:\Program Files (x86)\FreeTrim MP3\FFProductUpdater.exe Task: {447EECD6-C228-4C94-A519-DDE77B463BAD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {5402707F-F170-4449-A8A9-77C2B8448C60} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe [2011-01-28] (PC Tools) Task: {5BE8678E-9129-4F9A-A92B-659E5736340B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-09] () Task: {6F49227C-D587-4B5F-812F-43FC5F503CC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {70ED5146-BB7B-462D-A594-F81C8F35E0AF} - \KMS Activation for Office -> No File <==== ATTENTION Task: {7BAC55BA-EC03-4904-90CC-37BA4AB36167} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2011-04-11] (PC Tools) Task: {8D2F37BB-1BE2-4BA8-83C9-C2BE4D3C2A6A} - System32\Tasks\{42EA06A3-57D3-4C95-AC60-246A92C7D134} => C:\Windows\system32\pcalua.exe -a C:\Users\Norbert\AppData\Local\Temp\7zSEC64.tmp\MicroInstallerNative.exe -d C:\Users\Norbert\AppData\Local\Temp\7zSEC64.tmp <==== ATTENTION Task: {97EDC783-EC0A-4C4C-9A19-40EB4D775382} - System32\Tasks\{1B911D4A-CC66-4F5F-BBC0-73E6F9B6583B} => C:\Windows\system32\pcalua.exe -a C:\Users\Norbert\Desktop\Sat-Connexion\PC2Box\pc2boxInstall.exe -d C:\Users\Norbert\Desktop\Sat-Connexion\PC2Box Task: {C5C49108-E889-4E5B-A4D7-F65C7EC02FFF} - System32\Tasks\_viceversapr2_task_Norbert => c:\program files\viceversa pro 2\schedstub.exe [2011-01-24] (TGRMN Software) Task: {CA6EE682-0BF9-45FA-8907-E128A59A1A7A} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe <==== ATTENTION Task: {D858A3FE-5B73-4E49-B8F7-AB3E4419AF27} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe <==== ATTENTION Task: {F0A5D8BC-38DD-4B0D-8DBC-CC3FB2042A25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe Task: C:\Windows\Tasks\_viceversapr2_task_Norbert.job => c:\program files\viceversa pro 2\schedstub.exe c:\users\norbert\documents\viceversa pro 2\norbert_daten_auf_nas.fsf ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk -> hxxp://jdownloader.org/knowledge/inde ShortcutWithArgument: C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Norbert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ==================== Loaded Modules (Whitelisted) ============== 2016-12-14 17:41 - 2016-11-14 13:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2014-09-05 19:25 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-05-06 02:30 - 2015-05-06 02:30 - 000059904 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-09-04 04:43 - 2011-05-29 06:05 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll 2017-03-22 08:06 - 2017-03-22 08:06 - 000865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll 2016-12-14 17:41 - 2016-11-14 13:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD [971] AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD [971] AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD [971] AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [145] AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32 [336] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-10-08 21:20 - 000000854 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 secure.applian.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2135812234-3056823087-3488026263-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: BstHdAndroidSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: Garmin Device Interaction Service => 3 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: LPTSystemUpdater => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Sony PC Companion => 3 MSCONFIG\Services: XperiaCompanionService => 2 MSCONFIG\startupfolder: C:^Users^Norbert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^nL94gD8hIi9.lnk => C:\Windows\pss\nL94gD8hIi9.lnk.Startup MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Norbert\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: uTorrent => "C:\Users\Norbert\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E7C013A6-C7F4-4172-987D-C79BB082AE27}] => (Allow) C:\Users\Norbert\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E5F76F6D-291F-43AB-9C66-23FF6033D672}] => (Allow) C:\Users\Norbert\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{1750EADB-39CD-4934-A740-3172A06B5194}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{14D0D033-65F6-41C2-B8CA-C339F8DE981D}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [TCP Query User{BD2EE84F-F6A0-4BC3-A845-38CD127C1DEE}C:\users\norbert\appdata\local\temp\kmsact\pack\keygen\keygen.exe] => (Allow) C:\users\norbert\appdata\local\temp\kmsact\pack\keygen\keygen.exe FirewallRules: [UDP Query User{657B5C18-CF04-4FBF-A53B-5DA6B30EBBC5}C:\users\norbert\appdata\local\temp\kmsact\pack\keygen\keygen.exe] => (Allow) C:\users\norbert\appdata\local\temp\kmsact\pack\keygen\keygen.exe FirewallRules: [{F2E1E9DD-1354-4B22-8873-4B0F17AC436A}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{7B4B6B5E-9A0B-4EC8-8CC6-C463F0E4E4C1}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [TCP Query User{87044BF8-8B0C-4BFF-A761-BBE56AB85501}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [UDP Query User{127F79C4-1AB7-4C91-8181-C98371ECCA75}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe FirewallRules: [{82F2864A-E2D6-4E9B-ADC5-A5A4D8C4F377}] => (Allow) C:\Users\Norbert\AppData\Local\Temp\nsm81DA.tmp\CnetInstaller-75330519.exe FirewallRules: [{FD56D02B-90C9-43F8-BD24-65CA38A8D369}] => (Allow) C:\Users\Norbert\AppData\Local\Temp\nsm81DA.tmp\CnetInstaller-75330519.exe FirewallRules: [{BB04082E-E2DF-4696-9E91-846A9FE379F2}] => (Allow) C:\Program Files (x86)\deepinvent\MailStore Home\MailStoreLocal.exe FirewallRules: [{42D6C7F5-DBB7-4BB1-B9BA-E190EA05B5EC}] => (Allow) C:\Program Files (x86)\deepinvent\MailStore Home\MailStoreLocal.exe FirewallRules: [{449F9151-28A0-40A4-9C68-17FE4EDE234D}] => (Allow) C:\Users\Norbert\AppData\Local\Temp\nsnFF19.tmp\CnetInstaller-163866.exe FirewallRules: [{F337D0A4-3DD5-4AC4-98C9-DA2900366528}] => (Allow) C:\Users\Norbert\AppData\Local\Temp\nsnFF19.tmp\CnetInstaller-163866.exe FirewallRules: [{1D759310-AAD3-4409-A829-414E2A1BF367}] => (Allow) C:\Users\Norbert\AppData\Local\Temp\nsd9ACB.tmp\CnetInstaller-163866.exe FirewallRules: [{D81186E0-D4AB-4501-81BE-856F0D4E94F5}] => (Allow) C:\Users\Norbert\AppData\Local\Temp\nsd9ACB.tmp\CnetInstaller-163866.exe FirewallRules: [{1087A09B-1DB0-4094-862B-7031CC801EED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{75036F54-BC48-4945-9C28-2D12052E50D5}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{CCCDD7D1-FDAA-42D6-886C-B275F1410B86}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{15A11FB0-84EE-4D6B-AA5C-96D4F6FDE923}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{1B1D3125-E122-4116-9009-0A5BAA7313E3}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{9F22ECDB-CBE8-4BBF-9485-7CCF4710D493}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3F56DFD1-0E6C-43E7-9B44-473D954B2CD1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{9E63088F-DA41-4BE2-9653-ED9D19A41C57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{21826D72-9B3E-46A1-BF4D-FE101AD2E198}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6C11BFE9-EAB1-4310-9E05-0BF7FE9A984D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C5635285-8236-462E-BFE8-66530F019343}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DE898DCF-7191-4883-8D46-8CEFB06C78B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4E4CFEC2-EEB8-4A76-A7BB-93D8180F6601}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{7D2FC4EB-9EEA-4894-824C-E07DDC0F4863}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{47F0EE68-FEFF-459C-88F9-CA28DADD8647}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone_x64.exe FirewallRules: [{10C984BD-6D19-4919-860D-9A72F8B28EAD}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone.exe FirewallRules: [{426EEB3B-4468-4053-9EBD-CA1CF6777A9F}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe FirewallRules: [{92594572-6891-4C8E-AA2A-07FD89BDE80C}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient.exe FirewallRules: [{1D8BE44B-5D91-427C-9080-3CD7704C0FD7}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe FirewallRules: [{48576A6B-A524-43BD-B8F5-A5B3AAA31DB0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{BCD20897-5C9E-4380-B7E5-9D268C855840}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{50FAA8CA-6786-4F7B-AC2E-4B712018A902}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{B4804613-751D-411B-AB93-D0D9CBF58ACE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{53F10629-0C58-4A92-A833-24EE9CCA65FF}] => (Allow) C:\Program Files (x86)\Cypheros\TSDoctor2\TSDoctor.exe FirewallRules: [{A8D122BC-C9E9-4B32-95E2-EF29114C17D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 16-01-2018 00:06:41 Windows Update 16-01-2018 00:14:19 Windows Update 16-01-2018 00:15:19 Windows Update 16-01-2018 00:16:01 Windows Update 21-01-2018 16:22:51 Windows Modules Installer 21-01-2018 16:24:11 Windows Modules Installer ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Semiconductor Corp. Service: RTL8192su Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2018 09:44:05 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/21/2018 07:49:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist. Error: (01/21/2018 04:24:42 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetVolumeComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80073bc3, The requested system device cannot be found. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {b5de6d33-c460-43cd-9599-7014b936b5e8} Error: (01/21/2018 04:22:52 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetVolumeComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80073bc3, The requested system device cannot be found. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {b5de6d33-c460-43cd-9599-7014b936b5e8} Error: (01/21/2018 03:16:01 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/21/2018 03:14:36 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/21/2018 03:03:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist. Error: (01/21/2018 01:40:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist. Error: (01/21/2018 12:31:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist. Error: (01/21/2018 11:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist. System errors: ============= Error: (01/21/2018 09:48:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung empfangen: 70. Error: (01/21/2018 09:48:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung empfangen: 70. Error: (01/21/2018 08:54:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a171\??\Volume{515991b3-338c-11e4-88c5-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B41F52F3-AB7C-4B4E-B261-489F71F35CFB} Error: (01/21/2018 08:49:53 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a171\??\Volume{515991b3-338c-11e4-88c5-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{FEEF57C0-34AF-4416-BA4F-730646335216} Error: (01/21/2018 07:47:55 PM) (Source: Service Control Manager) (EventID: 7016) (User: ) Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0 Error: (01/21/2018 07:47:55 PM) (Source: Service Control Manager) (EventID: 7016) (User: ) Description: Der Dienst "chip 1-click download service" hat einen ungültigen aktuellen Status gemeldet: 0 Error: (01/21/2018 07:47:54 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183. Error: (01/21/2018 04:21:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung empfangen: 20. Error: (01/21/2018 03:07:40 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "E:" den Befehl "chkdsk" aus. Error: (01/21/2018 03:07:37 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "Windows 10" den Befehl "chkdsk" aus. CodeIntegrity: =================================== Date: 2014-09-06 13:13:08.297 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Live Stick\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-06 13:13:08.208 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Live Stick\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 59% Total physical RAM: 4073.09 MB Available physical RAM: 1660.53 MB Total Virtual: 8144.34 MB Available Virtual: 5045.41 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:821.82 GB) (Free:445.84 GB) NTFS Drive d: (Daten) (Fixed) (Total:540.88 GB) (Free:372.73 GB) NTFS Drive e: (Windows 10) (Fixed) (Total:390.63 GB) (Free:378.22 GB) NTFS Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)] Drive k: (WIN10BOOT) (Removable) (Total:58.61 GB) (Free:53.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DAD0363C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=821.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=109.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 478B1C83) Partition 1: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=390.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 58.6 GB) (Disk ID: 00122478) Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
-
Zitronella, dieser FRST-txt ist zu lang, kann ich Dir das irgendwie anders schicken? Danke jedenfalls für Deine Hilfe, ich geh jetzt schlafen.
-
nein, das was ich gesehen habe reicht mir. Dein Rechner ist total verseucht. Setze ihn komplett neu auf.
Die falsche Startseite ist dein geringstes Problem dabei, das kannst mir glauben. Nur eine lästige Randerscheinung von dem ganzen Desaster auf deinem PC.
Und hiermit endet auch meine Hilfe, denn du willst Lizenzen von Software klauen und nutzt dazu Cracking Tools. Das ist illegal und wird hier nicht geduldet.Wie gesagt. Setze dein System komplett neu auf. Denn:
ZitatDie einzige Möglichkeit zum Säubern eines befallenen Systems besteht darin, es vollkommen neu aufzubauen. So viel ist gewiss. Wenn Ihr System vollständig kompromittiert wurde, gibt es nur noch einen Weg: Systemfestplatte formatieren und System neu aufsetzen (d. h. Windows und sämtliche Anwendungen neu installieren).
Danach befolge dies:
● installieren NUR was du wirklich brauchst.
●Lade Software ausschließlich vom Hersteller herunter und nicht von anderen Download Portalen.
●Installiere immer benutzerdefiniert, sprich: wähle beim installieren immer "Optionen" bzw. "benutzerdefiniert" dann kannst du Dinge abwählen oder verweigern.
●halte alle Programme auf deinem PC auf den aktuellen Stand - mache Updates, insbesondere alle Windows Updates.
●nutze einen eingeschränkten Account und nicht den Admin Account.
●Erstelle BackupsAm besten findet man die Original Hersteller Seite (ohne irgendwelchen Referer Kram) auf der Seite https://www.heise.de/download/. Dort dann auf die entsprechende Software klicken und dann den original Hersteller - Link aufrufen.
Siehe: http://mozhelp.dynvpn.de/dateien/forum/…ller-finden.gif
Aber selbst dort ist man vor Ad/Malware nicht gefeit, da manche Hersteller diese selbst in ihre Installations Software mit einbauen.Dass du danach keine Cracktools zum Software Lizenzen umgehen mehr herunter lädst/nutzt, sollte selbstverständlich sein.
-
Erstelle BackupsFalls du noch kein Backuptool hast: Ich kann Drive Snapshot empfehlen, und zwar auch deshalb, weil es nicht installiert werden muss und nur um die 400 KB groß ist.
Und wsusoffline für die Windows-Updates. (Ich lade mir nur die reinen Sicherheitsupdates, die C-Runtime-Libraries und das Netframework herunter.) Falls du einen virusfreien Zweitrechner hast, kannst du das schon vor der Neuaufsetzung von Windows auf dem befallenen Rechner herunterladen, nach der Installation von Windows auf den befallenen Rechner kopieren und offline installieren.
Außerdem würde ich mir, falls dein Prozessor PCID unterstützt, überlegen, direkt auf Windows 10 umzusteigen, weil Windows 7 PCID nicht unterstützt und du mit PCID weniger Performance einbüßt, wenn du die Sicherheitsupdates für Spectre und Meltdown einspielst.
-
Ich kann Drive Snapshot empfehlenhm, naja auf deren Seite steht
ZitatDiese Testlizenz ist eine auf ca. 30 Tage zeitlich limitierte, ansonsten aber nicht eingeschränkte Version von Snapshot.
Nach diesen 30 Tagen ist nur noch Explore/Restore Ihrer Partition möglich; das Backup nicht mehr.Danach müssen Sie Snapshot KAUFEN - oder die Nutzung einstellen.
also eher nix für den Dauergebrauch, es sei denn, man kauft es. -
es sei denn, man kauft es.
Spätestens nach 30 Tagen will man das kaufen. Und ganz im Ernst: Ich erleb das nicht häufig, dass ich vom ersten Moment an in Software verliebt bin. Von Drive Snapshot bin ich aber ziemlich angetan. Und du hattest (sinngemäß) geschrieben, man solle sich gut überlegen, ob man sich die Festplatte mit Software zuknallen will. Ich seh das genauso und überleg mir vor einer Installation dreimal, ob ich die Software wirklich brauche. Ich weiß nicht, was der Output des Malware-Scanners, den du empfohlen hast, zu bedeuten hat. Aber die Liste der Programme, die ich hier insgesamt installiert habe, ist deutlich kürzer.
Und klar, es wird auch kostenlose Backuptools geben. Oder man macht das ganze mit Boardmitteln. Das geht, soweit ich mich erinnere, unter Windows 7 auch. Sah aber nicht so komfortabel aus, als ich mich über Backuptools informierte. Und ich wollte was haben, in das ich mich nicht erst groß einarbeiten muss.
-
Naja, jedenfalls danke für die wertvollen Hinweise, die zumindest mein aktuelles Problem bereits gelöst haben. Im Übrigen bewege ich mich ohnehin in die Richtung, die Zitronella hier vehement einfordert (obwohl ich die Sache etwas gelassener sehe als sie, aber das will ich hier gar nicht diskutieren).
-
Im Übrigen bewege ich mich ohnehin in die Richtung, die Zitronella hier vehement einfordert (obwohl ich die Sache etwas gelassener sehe als sie, aber das will ich hier gar nicht diskutieren).
Gelassenheit kannst du solange haben, bis du auffliegst.Vielleicht prallt diese Info ja nicht an dir ab:
-
Fox2Fox: Da sind schon einige valide Argumente drin. Andererseits: Wenn mich jemand mit dem Satz "Microsoft sieht das genauso" überzeugen möchte, hat er mich eigentlich schon wieder von seiner Naivität überzeugt. Manchmal ist Unfähigkeit genauso schlimm wie Bösartigkeit, insbesondere dann, wenn eine Riesenfirma wie Microsoft nicht einmal imstande ist, nach dem Kauf eines Windows 10 um 259 Euro (ja, stell Dir vor, das hab ich gemacht) einen funktionierenden Download-Link bereitzustellen. Nein, der Link führt ins Leere. Da sind mir in gewisser Weise intelligente "illegale" Hacker und Cracker lieber als idiotische "legale" Firmen, die im Übrigen auch nichts anderes wollen als Dich ausspionieren. Nur die "dürfen" das. Wieso eigentlich?
Und diese Law-and-Order-Mentalität, die Ihr Leute da habt, die hab ich nie wirklich verstanden. Aber egal, eigentlich wollte ich genau diese Diskussion gar nicht führen. -
Manchmal ist Unfähigkeit genauso schlimm wie Bösartigkeit, insbesondere dann, wenn eine Riesenfirma wie Microsoft nicht einmal imstande ist, nach dem Kauf eines Windows 10 um 259 Euro (ja, stell Dir vor, das hab ich gemacht) einen funktionierenden Download-Link bereitzustellen.
Demnach müsstest du dich selber von deiner eigenen Naivität überzeugt haben. Windows 10 ist legal per DL zu beziehen. Und einen passenden Produktschlüssel bekommst du auch zu einem Bruchteil des Preises, den du hier anführst.Ansonsten ist deine Argumentation für die Tonne.
-
der Preis von 259€ ist schon korrekt. So viel nimmt Microsoft für eine Einzelplatzlizenz für Win10 Pro. https://www.microsoft.com/de-de/store/d/…77X4D43RKT/48DN
Für die Home Version sind es 145€. https://www.microsoft.com/de-de/store/d/…6QX4BZNWK4/1NT3Das es bis (offiziell) zum 16.01.2018 natürlich noch kostenfreie Lizenzumwandlungen gab, sei mal dahin gestellt. Dafür muss(te) man ja freilich nur seine vorhandene (legale) Win7/8.1 Lizenz opfern. Geht halt schlecht bei einem Dualboot System, wie beim TE. Da müsste man dann ja vorher mal für ca. 15...30€ eine Win7-Lizenz kaufen Aber so muss man ja nun reichlich Zeit für die Bereinigung seines Systems opfern. Also bei einem normalen Stundenlohnsatz (als normaler Arbeiter), wäre da die Win7-Lizenz günstiger und alle mal drin
Und die Seite von der man Win10 kostenlos runter laden kann, die ist natürlich ein Geheimnis (aber psst): https://www.microsoft.com/de-de/software-download/windows10
Achja... der Link funktioniert (laut TE) nicht -
...der Preis von 259€ ist schon korrekt. So viel nimmt Microsoft für eine Einzelplatzlizenz für Win10 Pro.
Das mag ja sein, aber Produktschlüssel gibt es nun mal von anderen Anbietern günstiger.
Meine Empfehlung, kauft bei MS, kann ich nicht geben.ZitatUnd die Seite von der man Win10 kostenlos runter laden kann, die ist natürlich ein Geheimnis (aber psst): https://www.microsoft.com/de-de/software-download/windows10
Achja... der Link funktioniert (laut TE) nicht
Bei ihm und diesem verhunzten System vielleicht nicht.Es gibt aber noch andere legale Möglichkeiten, an Windows zu gelangen.
-
Das mag ja sein, aber Produktschlüssel gibt es nun mal von anderen Anbietern günstiger.
Bei eBay werden Lizenzschlüssel für 5 Euro angeboten. Finde ich verdächtig günstig. Ist das legal?
Die SystemBuilder-Version (Pro) kostet jedenfalls um die 140 Euro.
-
Bei eBay werden Lizenzschlüssel für 5 Euro angeboten. Finde ich verdächtig günstig. Ist das legal?
Woher soll ich das wissen? Du könntest ja mal den Anbieter befragen.Aber bei diesem Preis dürfte es sich um eine Volumenlizenz handeln. Diese Lizenz zu verscherbeln wäre nicht legal, schon mal es oft so aussieht, dass das Volumen "aufgebraucht" wurde und der Käufer sein Windows damit nicht aktivieren kann.