| |
| |||||||
Log-Analyse und Auswertung: Win 32 Dropper-Gen noch da?/ Verbeitung über Dropbox? in dropbox.cacheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.04.2014, 13:09
| #1 |
| |  Win 32 Dropper-Gen noch da?/ Verbeitung über Dropbox? in dropbox.cache Hey, leider war auf meinem Rechner eine längerer Zeit keine Anti-Virenprogramm installiert. Als ich mir einen neuen Laptop zugelegt habe und auf diesem eine Antivirensystem und danach Dropbox installiert habe, bekam ich eine Virus Meldung von Avast: Win32  ropper-Gen[Drp] in dropbox.cache. Der Laptop wurde danach neu aufgesetzt. Ein Benutzkonto von dem der Trojaner stammen könnte wurde von dem PC Entfernt. (Die Dropbox die auf dem Laptop installiert wurde ist jedoch noch auf dem akutellen Konto vorhanden.) Auf dem PC installierte ich auch Avast und fande auch Win32 ropper-Gen. Leider kann ich aus Avast keine Logfiles erstellen hier die anderen Logfiles: Leider ist der FRST Log zu lang ich werde ihn nach Möglichkeit als Antwort posten. - Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2014
Ran by Laurin at 2014-04-30 13:34:22
Running from C:\Users\Laurin\Desktop\Anti-Vir
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
9kw.eu - Installer - Java Plugin für JDownloader (HKLM-x32\...\9kw.eu Java Plugin für JDownloader) (Version: - hxxp://www.9kw.eu/)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
America's Army 3 (HKLM-x32\...\Steam App 13140) (Version: - U.S. Army)
And Yet It Moves 1.2.3 (HKLM-x32\...\{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1) (Version: - Broken Rules)
Aquaria (HKLM-x32\...\Aquaria) (Version: - )
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Behringer BCD3000 Driver v1.3.4 (HKLM-x32\...\Behringer BCD3000 Driver v1.3.4) (Version: 1.3.4 - Behringer)
Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision)
Call of Duty Modern Warfare 3 (c) Activision version 1 (HKLM-x32\...\Call of Duty Modern Warfare 3 (c) Activision_is1) (Version: 1 - )
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Crayon Physics Deluxe - release 51 (HKLM-x32\...\Crayon Physics Deluxe_is1) (Version: - Kloonigames)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F68634D8-574F-42B2-B6D0-9B447EA9581E}) (Version: - Microsoft)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
emu8086 microprocessor emulator (HKLM-x32\...\emu8086 microprocessor emulator_is1) (Version: - emu8086)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.00 - Ubisoft)
Free Audio Converter version 5.0.20.1031 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.20.1031 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2 version 2.0a) (Version: - )
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows 8 x64 (HKLM\...\{B6047A78-062F-4C6F-A82D-B94DAF72FB73}) (Version: 1.2 - Microsoft)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.2.1142 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.1.15205 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.1.15205 - Native Instruments) Hidden
NetDrive (HKLM-x32\...\NetDrive) (Version: 1.3.4.0 - Bdrive Inc.)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.4.2 - ownCloud, Inc)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Samsung ML-1640 Series (HKLM-x32\...\Samsung ML-1640 Series) (Version: - Samsung Electronics CO.,LTD)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SimCity 4 (HKLM-x32\...\{01339AE5-04D4-43F8-008E-13AD788DC4F7}) (Version: - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TERA (HKLM-x32\...\{A2S166A0-F031-4E27-A057-C69733219434}_is1) (Version: 19.04.02.03.hf3 - Gameforge Productions GmbH)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8D84B988-2A7A-4DB6-A7A5-08DA7B3DE9EE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F9FAC8C0-20D9-4DC7-9A56-13B02BD4B724}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
17-04-2014 13:05:45 Windows Update
22-04-2014 00:17:13 Windows Update
29-04-2014 10:53:34 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-11-10 02:18 - 00000927 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D33C45B-3474-45EB-8FD4-C74B548DC597} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {0D69621E-8C1E-4357-B4D9-AFA9199B0CAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0FE4CAB0-CEE4-4DC2-BBB7-E8824449DCD5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-09] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {359E95D5-6F31-43C1-AC99-F6D3200C0CEA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-13] (AVAST Software)
Task: {368D2317-987F-4B7E-8170-9C97F3D22F55} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54DC6B0F-B8D2-4E8C-8C6D-312458D8084F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8B16D9EF-21E1-4B1F-BB4C-274F45BA5EC2} - System32\Tasks\AdobeAAMUpdater-1.0-Laurin-Pc-Laurin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FCCF747-737B-48F4-93C0-2E44D99BCCF2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A2EF1608-9B74-4F9E-A5EC-FC9E20193B21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {A40341FA-FF5B-43B1-B4C4-381C8FBD53BD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A87407CE-AB2D-4352-A15E-DAC7F7F7889C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {BF319C67-DFF2-4F5D-933F-2E69E066A409} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C333D6DC-2170-4513-B464-296A82B5F0B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-04-14 02:41 - 2011-04-14 02:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2012-11-10 02:48 - 2008-01-11 07:19 - 00022016 _____ () C:\WINDOWS\System32\ssp2ml6.dll
2011-04-14 02:40 - 2011-04-14 02:40 - 00968192 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2011-03-22 10:08 - 2011-03-22 10:08 - 00161280 _____ () C:\Program Files\NetDrive\libexpat.dll
2012-11-03 19:24 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-11-03 19:24 - 2011-10-26 18:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2012-12-18 21:08 - 2012-12-18 21:08 - 00133120 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2014-04-29 04:03 - 2014-04-29 04:03 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042801\algo.dll
2014-04-30 13:30 - 2014-04-30 13:30 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043000\algo.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Laurin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-13 23:11 - 2014-04-13 23:11 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-12 03:57 - 2014-03-20 02:47 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Laurin\Desktop\2013-10-24 13.42.08-1.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurin\Desktop\2013-10-24 13.43.58.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurin\Desktop\2014-02-05 18.45.09.mp4:com.dropbox.attributes
AlternateDataStreams: C:\Users\Laurin\Desktop\final.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Steam Client Service => 3
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/29/2014 00:54:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/26/2014 02:08:28 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: lf2.exe, Version: 0.0.0.0, Zeitstempel: 0x4a577737
Name des fehlerhaften Moduls: lf2.exe, Version: 0.0.0.0, Zeitstempel: 0x4a577737
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003f173
ID des fehlerhaften Prozesses: 0xf50
Startzeit der fehlerhaften Anwendung: 0xlf2.exe0
Pfad der fehlerhaften Anwendung: lf2.exe1
Pfad des fehlerhaften Moduls: lf2.exe2
Berichtskennung: lf2.exe3
Vollständiger Name des fehlerhaften Pakets: lf2.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: lf2.exe5
Error: (04/24/2014 11:31:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BlueberryGarden.exe, Version: 1.0.0.0, Zeitstempel: 0x4a2edb13
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xBlueberryGarden.exe0
Pfad der fehlerhaften Anwendung: BlueberryGarden.exe1
Pfad des fehlerhaften Moduls: BlueberryGarden.exe2
Berichtskennung: BlueberryGarden.exe3
Vollständiger Name des fehlerhaften Pakets: BlueberryGarden.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BlueberryGarden.exe5
Error: (04/24/2014 03:36:43 PM) (Source: Application Hang) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1624
Startzeit: 01cf5fc180308f74
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 749d77bb-cbb5-11e3-813f-001fc60ba12d
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexFinance
Error: (04/23/2014 04:45:44 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.4.11.0, Zeitstempel: 0x527d91e4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1e1566df
ID des fehlerhaften Prozesses: 0xfec
Startzeit der fehlerhaften Anwendung: 0xDropbox.exe0
Pfad der fehlerhaften Anwendung: Dropbox.exe1
Pfad des fehlerhaften Moduls: Dropbox.exe2
Berichtskennung: Dropbox.exe3
Vollständiger Name des fehlerhaften Pakets: Dropbox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Dropbox.exe5
Error: (04/22/2014 02:18:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/21/2014 11:38:45 PM) (Source: Application Hang) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 101c
Startzeit: 01cf5da955e123b6
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 4ae73eb5-c99d-11e3-813c-001fc60ba12d
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexFinance
Error: (04/21/2014 09:38:44 PM) (Source: Application Hang) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 110
Startzeit: 01cf5d9891d87811
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 8730f8ce-c98c-11e3-813c-001fc60ba12d
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexFinance
Error: (04/18/2014 05:46:32 AM) (Source: Application Hang) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4c0
Startzeit: 01cf5ab80f06d827
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 03e458a0-c6ac-11e3-813b-001fc60ba12d
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexFinance
Error: (04/17/2014 03:05:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (04/30/2014 08:27:48 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (04/30/2014 06:52:28 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JOE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{27196A46-0EB0-49CD-8047-50EB20468CCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/30/2014 04:52:18 AM) (Source: DCOM) (User: Laurin-Pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/30/2014 04:51:48 AM) (Source: DCOM) (User: Laurin-Pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (04/30/2014 01:13:41 AM) (Source: DCOM) (User: Laurin-Pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/29/2014 05:19:23 PM) (Source: DCOM) (User: Laurin-Pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/29/2014 05:18:53 PM) (Source: DCOM) (User: Laurin-Pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (04/29/2014 00:54:19 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JOE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{27196A46-0EB0-49CD-8047-50EB20468CCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/29/2014 00:53:59 PM) (Source: DCOM) (User: Laurin-Pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/29/2014 00:53:29 PM) (Source: DCOM) (User: Laurin-Pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office Sessions:
=========================
Error: (04/29/2014 00:54:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (04/26/2014 02:08:28 AM) (Source: Application Error)(User: )
Description: lf2.exe0.0.0.04a577737lf2.exe0.0.0.04a577737c00000050003f173f5001cf60e383d2e065C:\Program Files (x86)\LittleFighter2\LF2_v2.0a\lf2.exeC:\Program Files (x86)\LittleFighter2\LF2_v2.0a\lf2.exee429e84b-ccd6-11e3-8143-001fc60ba12d
Error: (04/24/2014 11:31:57 PM) (Source: Application Error)(User: )
Description: BlueberryGarden.exe1.0.0.04a2edb13KERNELBASE.dll6.3.9600.17055532943a3e0434f4d00011d4d
Error: (04/24/2014 03:36:43 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.16384162401cf5fc180308f744294967295C:\WINDOWS\system32\backgroundTaskHost.exe749d77bb-cbb5-11e3-813f-001fc60ba12dMicrosoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbweAppexFinance
Error: (04/23/2014 04:45:44 AM) (Source: Application Error)(User: )
Description: Dropbox.exe2.4.11.0527d91e4unknown0.0.0.000000000c00000051e1566dffec01cf5e9dfb5347ebC:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exeunknown5d0c2992-ca91-11e3-813e-001fc60ba12d
Error: (04/22/2014 02:18:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (04/21/2014 11:38:45 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.16384101c01cf5da955e123b64294967295C:\WINDOWS\system32\backgroundTaskHost.exe4ae73eb5-c99d-11e3-813c-001fc60ba12dMicrosoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbweAppexFinance
Error: (04/21/2014 09:38:44 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1638411001cf5d9891d878114294967295C:\WINDOWS\system32\backgroundTaskHost.exe8730f8ce-c98c-11e3-813c-001fc60ba12dMicrosoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbweAppexFinance
Error: (04/18/2014 05:46:32 AM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.163844c001cf5ab80f06d8274294967295C:\WINDOWS\system32\backgroundTaskHost.exe03e458a0-c6ac-11e3-813b-001fc60ba12dMicrosoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbweAppexFinance
Error: (04/17/2014 03:05:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 4094.55 MB
Available physical RAM: 2122.75 MB
Total Pagefile: 4798.55 MB
Available Pagefile: 2123.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.54 GB) (Free:79.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 13994481)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-30 13:50:45
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a SAMSUNG_ rev.1AA0 698,64GB
Running: 2xs1z9eh.exe; Driver: C:\Users\Laurin\AppData\Local\Temp\pxdyrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960001e1c00 15 bytes [00, 8E, 0B, 02, 80, 32, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960001e1c10 11 bytes [00, 41, FC, FF, C0, 7D, F9, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\System32\svchost.exe[668] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[756] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\System32\spoolsv.exe[1560] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[1620] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3876] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\AUDIODG.EXE[2144] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\System32\WinLogon.exe[3268] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\System32\dwm.exe[184] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\Explorer.EXE[2820] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\Explorer.EXE[2820] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe105d169a 4 bytes [5D, 10, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[2820] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe105d16a2 4 bytes [5D, 10, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[2820] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe105d181a 4 bytes [5D, 10, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[2820] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe105d1832 4 bytes [5D, 10, FE, 7F]
.text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
.text C:\WINDOWS\system32\DllHost.exe[3740] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe0efc553d 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [5036:1412] fffff9600086cb90
---- Processes - GMER 2.1 ----
Library C:\Users\Laurin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exe [796](2014-01-03 00:45:04) 0000000003b20000
Library C:\Users\Laurin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exe [796](2013-10-18 23:55:02) 000000006b740000
Library C:\Users\Laurin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exe [796] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006adb0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -909562874
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\iexplore@Count 1127
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 905
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColor -1365325488
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColorBalance 77
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationAfterglow -1365325488
Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationBlurBalance 13
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Laurin\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_lf2.exe_9a6ce7b6ab8c89e0afef53b48967b6f69cd3d5_159cd36c_0f7fe8ab
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0x2A 0x00 0x5A 0x01 ...
---- EOF - GMER 2.1 ----
Ich würde sehr gerne Dropbox auf meinem Laptop installieren will aber auf gar keinen Fall das sich der Laptop dadurch wieder infiziert. Ist der Virus noch vorhanden? Aktuelle Scans von Avira geben keine Bedrohung aus! Vielen Dank FRST.txt part1: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014
Ran by Laurin (administrator) on LAURIN-PC on 30-04-2014 13:31:26
Running from C:\Users\Laurin\Desktop\Anti-Vir
Windows 8.1 Pro (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Behringer Spezielle Studiotechnik GmbH) C:\Program Files\Behringer\BCD3000\Drivers\bcd3kcpan.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-13] (AVAST Software)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2823341736-4232270781-4214846238-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-15] ()
HKU\S-1-5-21-2823341736-4232270781-4214846238-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BCD3000 Control Panel.lnk
ShortcutTarget: BCD3000 Control Panel.lnk -> C:\Program Files\Behringer\BCD3000\Drivers\bcd3kcpan.exe (Behringer Spezielle Studiotechnik GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Laurin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Laurin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9D459A1D224DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-GB;q=0.5,en;q=0.3
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Laurin\AppData\Roaming\Mozilla\Firefox\Profiles\nbcv4yn1.default
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Laurin\AppData\Roaming\Mozilla\Firefox\Profiles\nbcv4yn1.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2012-12-15]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Laurin\AppData\Roaming\Mozilla\Firefox\Profiles\nbcv4yn1.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2014-01-15]
FF Extension: leethax.net extension - C:\Users\Laurin\AppData\Roaming\Mozilla\Firefox\Profiles\nbcv4yn1.default\Extensions\leethax@leethax.net.xpi [2013-05-12]
FF Extension: Adblock Plus - C:\Users\Laurin\AppData\Roaming\Mozilla\Firefox\Profiles\nbcv4yn1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-15]
FF Extension: DownThemAll! - C:\Users\Laurin\AppData\Roaming\Mozilla\Firefox\Profiles\nbcv4yn1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-12-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-13]
Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-03]
CHR Extension: (Adblock Plus) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-11-03]
CHR Extension: (Google-Suche) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-03]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2012-11-05]
CHR Extension: (Google Wallet) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Recently Closed Tabs) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2012-11-05]
CHR Extension: (Google Mail) - C:\Users\Laurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-03]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Laurin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-13]
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-13] (AVAST Software)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-02-25] (Bdrive Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-13] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-13] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 GemCCID; C:\Windows\system32\DRIVERS\GemCCID.sys [129792 2013-04-24] (Gemalto)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ph3xIB64; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [1627520 2011-05-31] (NXP Semiconductors)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
|
| Themen zu Win 32 Dropper-Gen noch da?/ Verbeitung über Dropbox? in dropbox.cache |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, avira, computer, converter, defender, desktop, dllhost.exe, dvdvideosoft ltd., entfernen, excel, fehler, firefox, flash player, helper, iexplore, java plugin, onedrive, outlook 2013, photoshop, programm, registry, rundll, scan, security, software, svchost.exe, system, trojaner, virus, virus meldung, windows |
Baum-Darstellung