|
Log-Analyse und Auswertung: Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.08.2015, 15:27 | #1 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Guten Tag, seit circa zwei Wochen friert der Laptop beim Surfen mit Firefox in unregelmäßigen Abständen ein. Tastenkombinationen funktionieren nicht und die Maus reagiert auch nicht mehr. Langes Warten bringt kein Ergebnis. Bisher habe ich immer einen manuellen Neustart durchgeführt. Oft fährt der Laptop danach aber nicht normal hoch, sodass ich den Desktop zwar sehen und die Maus bewegen kann, jedoch keine Anwendung und keine Tastenkombinationen reagieren. Nach erneutem manuellem Neustart fährt dann das Gerät wieder normal hoch. Ich habe das Gefühl, dass das Einfrieren oft bei Videos und sonstigen Flash-Anwendungen auftritt. Auch im IE und Chrome tritt das Problem auf. Auch gibt es Probleme mit der Stromzufuhr, wobei definitiv kein Wackelkontakt im/am Kabel besteht. Erst nach mehrmaligem Ein- und Ausstecken des Netzkabels reagiert der Laptop und "erkennt" des Strom/das Kabel (10-15 min.). Ist diese Hürde genommen, gibt es keine Stromprobleme mehr. Avast hat keine Viren gefunden. Malwarebytes hat hingegen schon Funde vermerkt (siehe Log). Malwarebytes Anti-Rootkit und AdWCleaner habe ich auch laufen lassen, wobei ich vom Anti-Rootkit keine Log-Datei habe. Vielen Dank und viele Grüße! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:14 on 16/08/2015 (User) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read SafeBoot.sys SPTD -> Already disabled -=E.O.F=- Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2015 01 durchgeführt von User (Administrator) auf MARKUS-PC (16-08-2015 10:18:10) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User & Gast) Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Mixesoft Project) C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-01] (AVAST Software) HKLM\...\Run: [] => [X] HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ACHTUNG HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ACHTUNG HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [appnhost] => C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-01] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) GroupPolicyScripts: Gruppenrichtline erkannt <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.olb.de/ HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation) BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28] (Bioscrypt Inc.) DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{36A8F4FD-5D7C-480D-8366-A1FB38261D64}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{68BA203E-F22F-40DE-8CB4-5A4DD3559AB0}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A932B982-2288-40CA-927E-99E81CFBAD8A}: [DhcpNameServer] 139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{C8359547-F363-4034-9C61-EC80907567BD}: [DhcpNameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836 FF NewTab: about:blank FF Homepage: tagesschau.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_142.dll [2015-08-12] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei] FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1406830839-1458410200-2704653683-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll Keine Datei FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\searchplugins\dudende-suche.xml [2015-01-07] FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\youtubeunblocker@unblocker.yt [2015-08-05] FF Extension: OLB - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2015-05-19] FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-20] FF Extension: anonymoX - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\client@anonymox.net.xpi [2014-12-20] FF Extension: Blur - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\donottrackplus@abine.com.xpi [2015-07-14] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20] FF Extension: Session Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-20] FF Extension: LeechBlock - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2015-03-03] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-11] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-26] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-06] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Click&Clean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-08-06] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2015-08-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) S4 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-01] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-21] (Avast Software) S4 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [Datei ist nicht signiert] S4 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) S4 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677408 2007-02-15] (Infineon Technologies AG) S4 IFXTCS; C:\Windows\system32\ifxtcs.exe [849440 2007-01-23] (Infineon Technologies AG) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140832 2007-02-15] (Infineon Technologies AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 Service_Desktop; C:\Program Files\Virtual Desktop\Desktop.exe [414208 2004-08-20] () [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-01] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-01] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-01] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-01] (AVAST Software) S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-13] (DT Soft Ltd) S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.) S3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5707744 2007-05-16] (Intel Corporation) [Datei ist nicht signiert] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [Datei ist nicht signiert] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2203520 2007-03-01] (Intel Corporation) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-01] (AVAST Software) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2007-01-23] (Infineon Technologies AG) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International) R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [Datei ist nicht signiert] R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-02-08] (Duplex Secure Ltd.) S2 trackcam; C:\Windows\System32\DRIVERS\trackcam.sys [78152 2009-10-09] (Eagletron Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-21] (Avast Software) U1 eabfiltr; kein ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 WebCamDV; system32\DRIVERS\WebCamDV.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-16 10:18 - 2015-08-16 10:18 - 00021153 _____ C:\Users\User\Desktop\FRST.txt 2015-08-16 10:17 - 2015-08-16 10:18 - 00000000 ____D C:\FRST 2015-08-16 10:17 - 2015-08-16 10:17 - 01678336 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2015-08-16 10:17 - 2015-08-16 10:17 - 00380416 _____ C:\Users\User\Desktop\Gmer-19357.exe 2015-08-16 10:14 - 2015-08-16 10:15 - 00000580 _____ C:\Users\User\Desktop\defogger_disable.log 2015-08-16 10:14 - 2015-08-16 10:14 - 00000000 _____ C:\Users\User\defogger_reenable 2015-08-16 10:13 - 2015-08-16 10:13 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe 2015-08-15 09:14 - 2015-08-15 09:15 - 00398832 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-15 09:14 - 2015-08-15 09:14 - 00001100 _____ C:\Windows\PFRO.log 2015-08-14 13:09 - 2015-08-14 13:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-14 12:09 - 2015-08-14 12:09 - 02248704 _____ C:\Users\User\Downloads\adwcleaner_4.208.exe 2015-08-14 09:45 - 2015-08-14 09:46 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-14 09:44 - 2015-08-14 09:50 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-14 09:44 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-13 17:03 - 2015-07-21 22:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-13 17:03 - 2015-07-21 18:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-13 17:03 - 2015-07-21 18:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-13 17:03 - 2015-07-21 18:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-13 17:01 - 2015-07-31 21:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 17:00 - 2015-07-09 16:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-13 16:59 - 2015-07-10 21:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-13 16:55 - 2015-07-11 17:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-13 16:27 - 2015-07-18 18:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-13 16:21 - 2015-08-01 00:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-13 16:21 - 2015-07-31 22:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-13 16:21 - 2015-07-31 22:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-13 16:21 - 2015-07-31 22:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-13 16:21 - 2015-07-31 22:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-13 16:17 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 21:48 - 2015-07-22 22:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-12 21:48 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 21:48 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 21:48 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 21:48 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-12 21:48 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 21:48 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-06 09:21 - 2015-08-06 09:21 - 00000000 ____D C:\Users\User\AppData\Local\Mixesoft 2015-08-05 21:31 - 2015-08-05 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 21:29 - 2015-08-16 09:46 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 21:29 - 2015-08-15 21:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ___RD C:\Program Files\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-01 10:07 - 2015-08-01 10:07 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-01 10:07 - 2015-08-01 10:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-07-30 13:03 - 2015-07-30 13:03 - 00000826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000814 _____ C:\Users\Public\Desktop\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000000 ____D C:\Users\User\AppData\Roaming\com.mmm.app.schattauer.skillstraining1 2015-07-30 13:02 - 2015-07-30 13:03 - 00000000 ____D C:\Program Files\SkillsTraining 1.1 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-07-25 12:56 - 2015-07-25 12:56 - 00000000 ____D C:\Program Files\Common Files\Java 2015-07-24 12:31 - 2015-08-14 16:11 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\TDSSKiller.exe 2015-07-21 18:56 - 2015-08-01 10:07 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-07-21 18:55 - 2015-08-01 10:07 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-16 09:53 - 2008-01-21 10:32 - 01576088 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-16 09:52 - 2008-01-21 03:39 - 01623040 _____ C:\Windows\WindowsUpdate.log 2015-08-16 09:49 - 2011-09-22 22:16 - 00000000 ___RD C:\Users\User\Documents\Dropbox 2015-08-16 09:49 - 2011-09-22 22:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2015-08-16 09:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-16 09:45 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-16 09:45 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-15 21:34 - 2015-05-09 10:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-15 21:31 - 2015-06-18 06:21 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA.job 2015-08-15 20:31 - 2015-06-18 06:21 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core.job 2015-08-15 12:43 - 2010-06-23 16:30 - 00003204 _____ C:\Windows\bthservsdp.dat 2015-08-15 12:43 - 2006-11-02 15:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-15 09:14 - 2012-04-25 18:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-14 14:41 - 2013-07-29 13:50 - 00001738 ____H C:\Users\User\Documents\Default.rdp 2015-08-14 12:34 - 2010-06-23 20:13 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-08-14 12:30 - 2013-08-20 10:50 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-14 12:13 - 2013-09-27 10:09 - 00000000 ____D C:\AdwCleaner 2015-08-14 12:08 - 2013-07-26 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-14 11:10 - 2013-07-31 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2015-08-14 10:30 - 2014-04-03 13:28 - 00000000 ____D C:\Users\User\AppData\Roaming\CDisplayEx 2015-08-13 20:42 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-13 19:40 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-13 17:04 - 2010-10-28 10:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-13 16:54 - 2013-07-24 10:00 - 00000000 ____D C:\Windows\system32\MRT 2015-08-13 16:31 - 2006-11-02 12:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-12 22:34 - 2015-03-18 16:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-12 22:34 - 2015-03-18 16:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-05 21:31 - 2011-03-28 10:37 - 00000000 ____D C:\Users\User\AppData\Local\Google 2015-08-05 21:30 - 2011-03-28 10:38 - 00000000 ____D C:\Program Files\Google 2015-08-04 21:39 - 2010-07-17 18:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-08-04 20:12 - 2010-07-17 18:46 - 00000000 ____D C:\ProgramData\Skype 2015-08-01 10:07 - 2014-04-22 23:25 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-30 13:01 - 2010-06-23 20:14 - 00000000 ____D C:\Program Files\Adobe 2015-07-26 09:29 - 2014-12-30 15:51 - 00000000 ____D C:\ProgramData\Unified Remote 2015-07-25 13:04 - 2013-10-21 22:29 - 00000000 ____D C:\ProgramData\Oracle 2015-07-25 12:57 - 2007-12-30 19:26 - 00000000 ____D C:\Program Files\Java 2015-07-25 12:54 - 2014-12-20 12:43 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-07-22 19:17 - 2014-11-19 21:44 - 00000000 ____D C:\Windows\system32\vbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-09-25 12:32 - 2014-09-25 12:33 - 0000102 _____ () C:\Users\User\AppData\Roaming\.ptbt0 2012-04-24 00:10 - 2012-04-25 07:30 - 0002844 _____ () C:\Users\User\AppData\Roaming\alarms.ini 2012-04-24 00:06 - 2012-04-25 09:05 - 0000749 _____ () C:\Users\User\AppData\Roaming\AtomicAlarmClock.ini 2013-11-07 17:53 - 2013-11-07 17:53 - 0000393 _____ () C:\Users\User\AppData\Roaming\plugins.xml 2010-12-13 12:13 - 2010-12-13 12:13 - 0001274 _____ () C:\Users\User\AppData\Roaming\SAS7_000.DAT 2014-04-26 12:31 - 2014-04-26 12:31 - 0000043 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\AtStart.txt 2010-06-11 18:27 - 2014-07-25 23:51 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2010-06-23 18:42 - 2014-12-17 12:22 - 0161280 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\DSwitch.txt 2010-06-23 18:18 - 2014-07-30 10:44 - 0000000 _____ () C:\Users\User\AppData\Local\FnF4.txt 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\QSwitch.txt 2012-06-13 17:06 - 2013-06-23 23:42 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db 2015-01-10 10:08 - 2015-01-10 10:08 - 0000000 _____ () C:\Users\User\AppData\Local\{450253B0-D9A8-4DE1-8853-F31AB41BDA42} 2011-11-15 00:41 - 2011-11-15 00:41 - 0000000 _____ () C:\Users\User\AppData\Local\{C809EE78-F2BE-46C1-9A6D-F71D1F35D882} 2012-06-13 22:50 - 2012-06-13 22:56 - 0028344 _____ () C:\ProgramData\1339620595.1168.bin 2012-06-13 22:50 - 2012-06-13 22:56 - 0007795 _____ () C:\ProgramData\1339620595.1512.bin 2012-06-13 22:50 - 2012-06-13 22:56 - 0001322 _____ () C:\ProgramData\1339620595.1868.bin 2012-06-13 22:50 - 2012-06-13 22:56 - 0009108 _____ () C:\ProgramData\1339620595.2120.bin 2012-06-13 22:51 - 2012-06-13 22:56 - 0003255 _____ () C:\ProgramData\1339620595.2456.bin 2012-06-13 22:50 - 2012-06-13 22:56 - 0001311 _____ () C:\ProgramData\1339620595.3320.bin 2012-06-13 22:54 - 2012-06-13 22:56 - 0028968 _____ () C:\ProgramData\1339620595.3420.bin 2012-06-13 22:51 - 2012-06-13 22:56 - 0030712 _____ () C:\ProgramData\1339620595.3668.bin 2012-06-13 22:50 - 2012-06-13 22:56 - 0046205 _____ () C:\ProgramData\1339620595.3776.bin 2012-06-13 22:49 - 2012-06-13 22:56 - 0066965 _____ () C:\ProgramData\1339620595.4060.bin 2012-06-13 22:57 - 2012-06-13 22:57 - 0015692 _____ () C:\ProgramData\1339621020.bdinstall.bin 2012-06-13 23:10 - 2012-06-13 23:10 - 0157029 _____ () C:\ProgramData\1339621387.bdinstall.bin 2012-06-15 10:36 - 2012-06-15 10:36 - 0489446 _____ () C:\ProgramData\1339749066.bdinstall.bin 2012-06-15 10:49 - 2012-06-15 10:49 - 0448508 _____ () C:\ProgramData\1339749859.bdinstall.bin 2012-06-15 13:29 - 2012-06-15 13:35 - 0008624 _____ () C:\ProgramData\1339759721.1784.bin 2012-06-15 13:30 - 2012-06-15 13:35 - 0000507 _____ () C:\ProgramData\1339759721.2436.bin 2012-06-15 13:28 - 2012-06-15 13:35 - 0032945 _____ () C:\ProgramData\1339759721.2568.bin 2012-06-15 13:29 - 2012-06-15 13:35 - 0031402 _____ () C:\ProgramData\1339759721.3316.bin 2012-06-15 13:29 - 2012-06-15 13:35 - 0004200 _____ () C:\ProgramData\1339759721.3940.bin 2012-06-15 13:32 - 2012-06-15 13:35 - 0028284 _____ () C:\ProgramData\1339759721.6068.bin 2012-06-15 13:29 - 2012-06-15 13:35 - 0013037 _____ () C:\ProgramData\1339759721.668.bin 2012-06-15 13:29 - 2012-06-15 13:35 - 0001825 _____ () C:\ProgramData\1339759721.812.bin 2012-06-15 16:05 - 2012-06-15 16:05 - 0488769 _____ () C:\ProgramData\1339768779.bdinstall.bin 2013-01-12 14:25 - 2013-01-12 14:25 - 0383593 _____ () C:\ProgramData\1357993146.bdinstall.bin 2013-07-26 09:54 - 2013-07-26 09:54 - 0030139 _____ () C:\ProgramData\1374825230.bdinstall.bin 2013-07-26 10:04 - 2013-07-26 10:20 - 0005896 _____ () C:\ProgramData\1374825814.3476.bin 2013-07-26 10:04 - 2013-07-26 10:20 - 0037813 _____ () C:\ProgramData\1374825814.3512.bin 2013-07-26 10:03 - 2013-07-26 10:20 - 0033606 _____ () C:\ProgramData\1374825814.3524.bin 2013-07-26 10:05 - 2013-07-26 10:20 - 0012104 _____ () C:\ProgramData\1374825814.4480.bin 2013-07-26 10:06 - 2013-07-26 10:20 - 0004272 _____ () C:\ProgramData\1374825814.5124.bin 2013-07-26 10:06 - 2013-07-26 10:20 - 0060095 _____ () C:\ProgramData\1374825814.5232.bin 2013-07-26 10:17 - 2013-07-26 10:17 - 0001440 _____ () C:\ProgramData\1374825814.5384.bin 2013-07-26 10:05 - 2013-07-26 10:20 - 0018401 _____ () C:\ProgramData\1374825814.808.bin 2013-07-26 10:51 - 2013-07-26 10:51 - 0003496 _____ () C:\ProgramData\1374828684.bdinstall.bin 2013-07-26 10:52 - 2013-07-26 10:52 - 0003496 _____ () C:\ProgramData\1374828768.bdinstall.bin 2013-07-26 12:03 - 2013-07-26 12:03 - 0003496 _____ () C:\ProgramData\1374833019.bdinstall.bin 2013-07-28 16:31 - 2013-07-28 16:31 - 0003496 _____ () C:\ProgramData\1375021915.bdinstall.bin 2012-01-27 10:26 - 2012-01-27 10:26 - 0000088 __RSH () C:\ProgramData\691E1E24EF.sys 2014-08-20 09:22 - 2014-08-20 09:22 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-14 13:20 - 2015-03-09 15:25 - 0016726 _____ () C:\ProgramData\hpzinstall.log 2012-01-27 10:26 - 2012-01-27 12:48 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job Einige Dateien in TEMP: ==================== C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhwd5h.dll C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-16 09:54 ==================== Ende vom raportu ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:14-08-2015 01 durchgeführt von User (2015-08-16 10:19:29) Gestartet von C:\Users\User\Desktop Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1406830839-1458410200-2704653683-500 - Administrator - Disabled) Gast (S-1-5-21-1406830839-1458410200-2704653683-501 - Limited - Disabled) => C:\Users\Gast User (S-1-5-21-1406830839-1458410200-2704653683-1000 - Administrator - Enabled) => C:\Users\User ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden 32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.142 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation) AppNHost 1.0.5.1 (HKLM\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd) AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software) BIOS Configuration for HP ProtectTools (HKLM\...\{1960BE46-E85A-4933-B10A-6D8516585288}) (Version: 4.00 E1 - Hewlett-Packard) Broadcom NetXtreme Ethernet Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.15 - Broadcom Corporation) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden c4200_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) CDisplayEx 1.10.11 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com) Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Credential Manager for HP ProtectTools (Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.0.0316.0317 - DT Soft Ltd) DDBAC (HKLM\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign) DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC) dradio-Recorder Version 3.02.6 (HKLM\...\dradio-Recorder_is1) (Version: - ) Drive Encryption for HP ProtectTools (Version: 4.0.24 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.) DSL Connection Manager (Version: 1.1.1116 - o2 (Germany) GmbH & Co. OHG) Hidden Duden-Rechtschreibprüfung PLUS (HKLM\...\{B2893419-47C2-4A15-B1CE-80C2939EA8EE}) (Version: 9.0.0 - Bibliographisches Institut GmbH) Embedded Security for HP ProtectTools (HKLM\...\{20A1D306-CE83-492A-8525-D6DF50B5944A}) (Version: 5.0.1 - Hewlett-Packard) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM) Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) HP 3D DriveGuard (HKLM\...\{429E92A4-159F-4AEC-85A1-D693E1E4274D}) (Version: 1.00 A4 - ) HP PCMCIA Smart Card Reader (HKLM\...\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}) (Version: 1.01.0001 - HP) HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{86D3D561-D1FD-4d57-8395-20030467E0F9}) (Version: 10.0 - HP) HP Quick Launch Buttons 6.40 C2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 C2 - Hewlett-Packard) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects) Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt)) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - ) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 40.0.2 (x86 de) (HKLM\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) OpenAL (HKLM\...\OpenAL) (Version: - ) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) pdfsam (HKLM\...\pdfsam) (Version: 1.2.0 - ) PS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden SkillsTraining für Borderline-Patienten (HKLM\...\com.mmm.app.schattauer.skillstraining1) (Version: 1.1.34 - Schattauer GmbH) SkillsTraining für Borderline-Patienten (Version: 1.1.34 - Schattauer GmbH) Hidden Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Sony Ericsson Device Data (Version: 1.0.32 - Sony Ericsson) Hidden Sony Ericsson Drivers (Version: 1.0.28 - Sony Ericsson) Hidden Sony Ericsson PC Suite (Version: 2.10.37 - Sony Ericsson) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5160 - Analog Devices) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics) System Requirements Lab for Intel (HKLM\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC) TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TreeSize Free V3.2.1 (HKLM\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software) Unified Remote (HKLM\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.0 - Unified Intents AB) UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Winamp (HKLM\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{25EE6EB9-0CE5-3070-924F-79BCFFE7D1AF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{388F93A0-9310-3EBA-90FB-361A2C5D8447}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden-Rechtschreibpruefung\adxloader.dll () CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll Keine Datei CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\COMDLG32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\User\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.) ==================== Wiederherstellungspunkte ========================= 14-08-2015 19:53:17 Geplanter Prüfpunkt 15-08-2015 09:21:15 Windows Update ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {088C1634-7D7C-42E6-B460-56E8B230EE4D} - System32\Tasks\{2ABCDC30-4EDE-48EB-8490-063F08105F05} => pcalua.exe -a "C:\Program Files\JDownloader\uninstall.exe" Task: {0A2ABF3B-B609-4E18-AAF1-BECCAFDE9A21} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-01] (AVAST Software) Task: {170BE8B9-DF00-4DEC-A794-89C97804893C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {1E065170-25D7-455E-AED7-490260911CAD} - System32\Tasks\{E3346D24-1D94-42CD-BDA3-39B5938B573B} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/go/help.faq.installer?LastError=1603 Task: {26541D7A-A7CF-4D51-8713-31407C49CFFB} - System32\Tasks\At2 => C:\Users\User\Desktop\mccleanup.exe <==== ACHTUNG Task: {28DBB056-A53F-49CC-8900-CA0DA0CA245A} - System32\Tasks\{CA003EC3-A38B-4791-838A-8B7E33195F4F} => pcalua.exe -a "C:\Program Files\FreePDF_XP\fpsetup.exe" -d "C:\Program Files\FreePDF_XP" Task: {30E33857-D27D-49B3-AECC-C5CF2BD0A541} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {3A8C4736-D755-4865-ACB5-124B3FC9205E} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Task: {3D31CB84-7093-44E8-8579-360B3BCBAEB6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {3F47119D-C3F3-4A6D-9DE8-5C63E8654657} - System32\Tasks\{200A1E47-ED5D-4BC6-955A-32502D4EC4C9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.22.64.106/de/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {443435E3-1EAB-4196-95B6-2C04E7D91150} - System32\Tasks\{1E1F30D2-CA6F-4ADA-92CE-C096EEFED3A1} => C:\Program Files\Skype\Phone\Skype.exe [2015-06-29] (Skype Technologies S.A.) Task: {50BD8AA9-BE76-4DE4-9A8E-37893E6DDD22} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation) Task: {603FA348-6183-4324-AE5F-4C3B5BC638D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {6DC82286-30B3-44CC-B6B2-D4A88C797FB9} - System32\Tasks\{6503EB76-D51E-4A35-8CA2-D196031D7AD6} => pcalua.exe -a "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl" -c HP Quick Launch Buttons Task: {6E6155F4-A92D-4813-9276-A1EF544619BC} - System32\Tasks\{BA4D39A0-FC69-4BB1-A646-7620245C5688} => pcalua.exe -a C:\Users\User\Desktop\PSYCHONAUTS\directx\dxsetup.exe -d C:\Users\User\Desktop\PSYCHONAUTS\directx Task: {784E7A51-CC7A-4120-B949-984EC6A80306} - System32\Tasks\{CECDAA86-E939-4344-A868-C6E8ACE23BAC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.59.104/de/go/help.faq.installer?LastError=1603 Task: {817405A1-8899-45F9-B640-C7E53792442A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.) Task: {85B1E238-31B2-4C28-8663-A41C9966E696} - System32\Tasks\At1 => C:\Users\User\Desktop\Desktop\mccleanup.exe <==== ACHTUNG Task: {86266392-2C5F-46FD-9F32-F19CB2C3980E} - System32\Tasks\Auslogics\Disk Defrag\Scheduled Defragmentation => Rundll32.exe TaskSchedulerHelper.dll,RunTask "DiskDefrag.exe" "-UseTray -Scheduler" Task: {91AC4D78-04A1-4284-95BF-7A6DB299F869} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {9F607CF1-2FA9-46D9-A0CF-9DD9176B7646} - System32\Tasks\{953BC633-6031-4FC5-B74C-949EFA8173B2} => pcalua.exe -a C:\Users\User\Downloads\DDBAC.EXE -d "C:\Program Files\Mozilla Firefox" Task: {A588C31E-05C1-436A-AD2E-F8DA2654406C} - System32\Tasks\{EA95F134-14F4-40CD-A4E1-8970AA8BE8B8} => pcalua.exe -a C:\Users\User\Desktop\winvista_15124.exe -d C:\Windows\system32 Task: {AACC6056-A5A1-4E93-8D81-4E9F050E2B32} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {B3B1F7B0-2A23-4CCA-91F2-341CCE0D1F2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.) Task: {B4142E1C-59A4-47AF-8221-99B99C880F67} - System32\Tasks\{9676862A-92D4-4128-B3F9-479C7A433CEC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.22.64.106&LastError=12002 Task: {DE44D286-3FA0-4B28-99D0-7187258BE70B} - System32\Tasks\{220493FB-7F1B-495B-BAE0-C260D0E95D97} => pcalua.exe -a D:\SWSETUP\APPINSTL\setup.exe -d D:\ Task: {F1819B53-C343-4529-B89B-F6BFF9E15063} - System32\Tasks\{A2DEA1B8-B243-4306-86C1-BF8C9C694C81} => pcalua.exe -a C:\Windows\system32\TABLET.CPL Task: {F35C0C67-1FDF-46EA-B6FB-1A59D6E6F7B6} - System32\Tasks\{E2199510-0BC9-4A3C-9FDF-4D49A9B6A032} => pcalua.exe -a C:\Users\User\Desktop\sp36881.exe -d C:\Users\User\Desktop Task: {F90F0D7F-74A1-4129-B833-D8F82AA83479} - System32\Tasks\{FDB3CEA0-5D69-4A90-A861-C4774651FC76} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.80.102/de/abandoninstall?page=tsProgressBar Task: {FBC36C1F-03B9-4FF3-A68C-D88F5B551935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\At1.job => C:\Users\User\Desktop\Desktop\mccleanup.exe Task: C:\Windows\Tasks\At2.job => C:\Users\User\Desktop\mccleanup.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-03-17 19:22 - 2015-08-01 10:07 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-17 19:22 - 2015-08-01 10:07 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-15 20:06 - 2015-08-15 20:06 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15081502\algo.dll 2010-06-23 22:14 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2007-09-13 22:11 - 2007-09-13 23:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll 2013-10-21 09:40 - 2015-03-17 19:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-08-16 09:47 - 2015-08-16 09:47 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhwd5h.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 AlternateDataStreams: C:\ProgramData\TEMP:D282699C ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\olb.de -> hxxps://www.olb.de ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: ) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: ac.sharedstore => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AEADIFilters => 2 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: ATService => 2 MSCONFIG\Services: Com4QLBEx => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gzserv => 2 MSCONFIG\Services: HP ProtectTools Service => 3 MSCONFIG\Services: HpFkCryptService => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: IFXSpMgtSrv => 2 MSCONFIG\Services: IFXTCS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PersonalSecureDriveService => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: Service_Desktop => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SpyHunter 4 Service => 2 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: accrdsub => "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" MSCONFIG\startupreg: acevents => "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrowserChoice => "C:\Windows\System32\browserchoice.exe" /run MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CognizanceTS => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule MSCONFIG\startupreg: dradio-RecorderTimer => "C:\Program Files\dradio-Recorder\phonostarTimer.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IFXSPMGT => C:\Windows\system32\ifxspmgt.exe /NotifyLogon MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PTHOSTTR => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: UVS12 Preload => C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: Wireless Presenter => C:\Program Files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe /NOSPLASH ==================== FirewallRules (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe FirewallRules: [TCP Query User{FDE35F9D-7C40-4ADB-A8A9-7ED93FF4AA18}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [UDP Query User{39354786-2C72-4C41-86EE-9DDCD1727C47}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [TCP Query User{058EBF3E-3CDC-4D3C-A796-D1674397F966}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [UDP Query User{314BE380-2FD5-40B2-AA25-40DBDD89B7C0}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [{7019809E-E444-404B-964A-CE89DE1137C7}] => (Allow) LPort=80 FirewallRules: [{D4409992-2939-4C1B-B2C5-B4AE0F8F6EEB}] => (Allow) LPort=80 FirewallRules: [{1AFF866C-E7E7-470E-8161-DAD5B8A3547F}] => (Allow) LPort=80 FirewallRules: [{6239CF52-0ABF-4B4F-87E2-F5DC19B2F252}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{3EBCA5AC-2AC9-44C4-B1C1-A384EA2BACD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{7E149324-2CA7-4B66-8B51-9D3F452EF8CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{E581E90D-CE1E-4351-A0B4-F3094587258D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{A87CE0D6-3874-490F-AF64-2234C3E73A44}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [TCP Query User{64FF59ED-ECA2-4159-B5A9-1A9034B0E5A3}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{B1739CBE-4050-4CA4-9B83-ED5F36A1F0AB}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{60E18149-A02F-4F42-86E6-6E62F717BCFB}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{9E49ABB5-738E-467B-B3FC-EDBD3AFC9C23}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{ABD7E779-F19B-49F8-B1C1-31C2830DE074}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{34AC894D-6E3B-4826-A179-559B5DF325DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{C75E78D7-F34E-4A2D-933F-8FFE6ACD76D2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{684525F4-858C-4AB4-8F0D-6FAB1D36C9E4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{5A2D865D-6CC0-49A2-8171-1F6A26ECEA4A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe FirewallRules: [{2A1B0BB3-A03A-4556-AD0F-E981EF3764CB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe FirewallRules: [{4FFE6BC9-0C01-4936-8D16-B71BABCBB0A6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{E04AE090-7A5D-430D-A223-FCEA90AD31B0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{3D85D8DE-469B-445E-89D7-D2A389E46552}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D729D316-2528-41F1-AC71-894BC4789492}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [TCP Query User{A16F0A55-8F4F-4B17-A5AF-A8830A982352}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{735CA497-913E-4BFA-BB9C-F5A1840DE54D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{2440FBEB-DC62-4333-A9B2-C2F2B0E08B12}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{1179AD72-E8CD-47B2-8DED-BA7E86B2906C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{FF4ACF4A-9C9A-480D-AB5B-2E9C78C3EDB8}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{626E4915-501D-432D-9161-48905E743DFA}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{D3002601-D47F-425F-92AF-894AE54AD324}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{4CFFF3F3-93EB-4A7A-A8F5-294B5905FA02}C:\program files\gpadserver\gpadserver.exe] => (Allow) C:\program files\gpadserver\gpadserver.exe FirewallRules: [UDP Query User{E09BB758-1C2C-40BB-B845-0B58D6FCC8DC}C:\program files\gpadserver\gpadserver.exe] => (Allow) C:\program files\gpadserver\gpadserver.exe FirewallRules: [{52275643-074B-4913-A3B5-8AD4D6406AF5}] => (Allow) C:\Program Files\Unified Remote 3.0\RemoteServerWin.exe FirewallRules: [{113114C0-C5CE-4361-8506-5B030889F046}] => (Allow) C:\Program Files\Unified Remote 3.0\RemoteServerWin.exe FirewallRules: [TCP Query User{46CDEE1E-FB92-4F18-8465-17D1833C5130}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{35FE80B9-504B-4A6E-B4B2-52D71AA52F62}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{6C9BAC6E-F270-4071-978E-72163442ABE4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{B246A8EC-4106-414F-9C45-71A2D8A3CDC4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{9D9E5F56-AC33-41ED-B74F-9B34FF616DA6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AACEAD9A-9A9C-4E93-B71A-DD9D56D3A9FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{915955DC-14F7-43A4-A5F0-86F641B127F3}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [UDP Query User{CB40139B-606A-4846-9C00-2FB7E4068F16}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [TCP Query User{43EAF8FC-074E-4F3E-98FD-EEFD26AA0D10}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{B2E82716-29E7-4D9A-B4A0-9368C7E64194}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{C7C14880-179F-4DE5-9425-7B9D6764214B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{2D1E54E6-E4BC-4ABC-8E77-115D383F8805}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{E8685FCD-7F51-44F4-904C-DCD364CB94E8}C:\windows\system32\mstsc.exe] => (Allow) C:\windows\system32\mstsc.exe FirewallRules: [UDP Query User{437F5F77-CD00-46F3-8E42-E95E7D9C4B46}C:\windows\system32\mstsc.exe] => (Allow) C:\windows\system32\mstsc.exe FirewallRules: [TCP Query User{C430E09E-71D6-4448-828E-BB685AF1AB0C}C:\windows\system32\mstsc.exe] => (Allow) C:\windows\system32\mstsc.exe FirewallRules: [UDP Query User{B1D57E9D-DDB2-422C-B816-3AB11E7556B5}C:\windows\system32\mstsc.exe] => (Allow) C:\windows\system32\mstsc.exe FirewallRules: [{FE0530C3-78E7-42D1-9744-D6707B2CE1EA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{391797DF-3E71-4220-9BC3-026138A5764F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{8A522C00-94F2-4E14-B394-3D04454CCF58}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{37B528DF-0842-42E8-96C5-746D52840265}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-ISATAP-Adapter #22 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-ISATAP-Adapter #25 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-ISATAP-Adapter #24 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/16/2015 09:41:06 AM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/14/2015 06:16:47 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KEZS2HFL.DEFAULT-1419069984836\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/14/2015 12:51:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm PTHost.exe, Version 4.10.10.3 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: ea8 Anfangszeit: 01d0d67f1926aa33 Zeitpunkt der Beendigung: 2 Error: (08/14/2015 12:24:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung plugin-container.exe, Version 39.0.0.5659, Zeitstempel 0x55934d06, fehlerhaftes Modul mozalloc.dll, Version 39.0.0.5659, Zeitstempel 0x55933a83, Ausnahmecode 0x80000003, Fehleroffset 0x00001aa1, Prozess-ID 0xc04, Anwendungsstartzeit plugin-container.exe0. Error: (08/14/2015 08:39:53 AM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/13/2015 04:58:02 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (08/13/2015 04:58:02 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Error: (08/13/2015 04:53:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (08/13/2015 04:53:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (08/13/2015 04:53:45 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Systemfehler: ============= Error: (08/16/2015 09:47:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/16/2015 09:47:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (08/16/2015 09:46:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: WebCamDV DV to Webcam Converter%%2 Error: (08/16/2015 09:46:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: TrackerCam Video Capture Driver%%1058 Error: (08/16/2015 09:42:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1068 Error: (08/16/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (08/16/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (08/16/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (08/16/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068 Error: (08/16/2015 09:42:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: AFD AswRdr aswRvrt aswSnx aswSP aswVmm CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss RsvLock Smb spldr tdx Wanarpv6 Microsoft Office: ========================= Error: (03/12/2015 11:00:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2808 seconds with 0 seconds of active time. This session ended with a crash. Error: (09/09/2014 11:23:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2387 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/14/2012 04:04:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3719 seconds with 720 seconds of active time. This session ended with a crash. Error: (02/28/2012 07:14:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10181 seconds with 2460 seconds of active time. This session ended with a crash. Error: (01/19/2012 07:54:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.6514.5001. This session lasted 30403 seconds with 4140 seconds of active time. This session ended with a crash. Error: (07/05/2011 01:42:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.6514.5001. This session lasted 15604 seconds with 5340 seconds of active time. This session ended with a crash. Error: (05/27/2011 09:51:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.6514.5001. This session lasted 310 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/29/2010 02:19:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6514.5001. This session lasted 426 seconds with 360 seconds of active time. This session ended with a crash. Error: (10/29/2010 01:08:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.6514.5001. This session lasted 50794 seconds with 4260 seconds of active time. This session ended with a crash. CodeIntegrity: =================================== Date: 2015-08-16 10:19:17.649 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:17.321 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:17.009 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:16.635 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:15.979 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:15.652 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:15.340 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:19:15.028 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:18:37.323 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-08-16 10:18:36.933 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz Prozentuale Nutzung des RAM: 60% Installierter physikalischer RAM: 3062.33 MB Verfügbarer physikalischer RAM: 1206.61 MB Summe virtueller Speicher: 6337.63 MB Verfügbarer virtueller Speicher: 4504.04 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:232.88 GB) (Free:87.05 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C87A52B7) Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== Ende vom raportu ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-08-16 15:21:04 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0 232,89GB Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\pwdiypoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x93C1DAD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x93CDA83C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x93C1E5B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x93C2A6B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x93C2A704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x93C2A89E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x93C2A626] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x93CDAC16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x93C2A66E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x93CDAEA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x93C2A858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x93C1F3A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x93C1DB3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x93CDB094] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x93CDA914] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x93CD7AA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x93CDACF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x93C1DBA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x93C22FE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x93C1FEE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x93C2A6E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x93C2A726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x93C2A8C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x93C2A64C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x93C224EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x93C2A7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x93C2A696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x93C228D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x93C2A87C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x93CDAA94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x93C1FCFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x93C1F854] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x93C1DC08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x93C1DC6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x93CDADF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x93C1D7C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x93C1D994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x93C1D922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x93C1F56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x93C1F6CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x93C1DA1C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x93CDAB62] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x93C1F1FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x93CD7AD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x93C1DCD4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x93CDA9C6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x93CDAF90] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 83AC5790 4 Bytes [D6, DA, C1, 93] {SALC ; FCMOVB ST0, ST1; XCHG EBX, EAX} .text ntkrnlpa.exe!KeSetEvent + 131 83AC57B4 4 Bytes [3C, A8, CD, 93] {CMP AL, 0xa8; INT 0x93} .text ntkrnlpa.exe!KeSetEvent + 191 83AC5814 4 Bytes [B4, E5, C1, 93] .text ntkrnlpa.exe!KeSetEvent + 1D1 83AC5854 2 Bytes [B8, A6] .text ntkrnlpa.exe!KeSetEvent + 1D4 83AC5857 5 Bytes [93, 04, A7, C2, 93] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83C531C9 4 Bytes CALL 93C205CD \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83C56E3D 4 Bytes CALL 93C205E3 \SystemRoot\system32\drivers\aswSnx.sys ? C:\Windows\System32\Drivers\SafeBoot.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 7744A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3472] kernel32.dll!SetUnhandledExceptionFilter 7744A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys Device \Driver\tdx \Device\Tcp aswStmXP.sys AttachedDevice \Driver\tdx \Device\Tcp aswRdr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ngvss.sys Device \Driver\tdx \Device\RawIp6 aswStmXP.sys Device \Driver\tdx \Device\Tcp6 aswStmXP.sys Device \Driver\tdx \Device\Tdx aswStmXP.sys Device \Driver\tdx \Device\Udp aswStmXP.sys Device \Driver\tdx \Device\RawIp aswStmXP.sys Device \Driver\tdx \Device\Udp6 aswStmXP.sys ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4BF5F1B-9E2C-ADB7-EB95-1B100536C35F} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4BF5F1B-9E2C-ADB7-EB95-1B100536C35F}@ianocmfcelmfnmclgj 0x66 0x61 0x64 0x67 ... ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.08.2015 Suchlaufzeit: 09:46:40 Protokolldatei: MWB.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.14.01 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: User Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 370377 Abgelaufene Zeit: 1 Std., 54 Min., 9 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MySearchDial, Löschen bei Neustart, [6f4a37d193f82a0c1f4741d8f211fa06], Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{A9387BE8-BF25-4A92-9FB2-600E19E306F2}, In Quarantäne, [7940b058ed9ebf77654928740cf836ca], Registrierungswerte: 1 Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{a9387be8-bf25-4a92-9fb2-600e19e306f2}|ItemData, C:\Program Files\Avira\AntiVir Desktop\avnotify.exe, In Quarantäne, [7940b058ed9ebf77654928740cf836ca] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 14/08/2015 um 12:13:19 # Aktualisiert 09/07/2015 von Xplode # Datenbank : 2015-08-12.1 [Server] # Betriebssystem : Windows Vista (TM) Business Service Pack 2 (x86) # Benutzername : User - MARKUS-PC # Gestarted von : C:\Users\User\Desktop\adwcleaner_4.208.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\user.js ***** [ Geplante Tasks ] ***** Task Gelöscht : PrivacyDR_Start Task Gelöscht : PrivacyDR_Popup ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** -\\ Internet Explorer v9.0.8112.16684 -\\ Mozilla Firefox v39.0 (x86 de) -\\ Google Chrome v44.0.2403.155 ************************* AdwCleaner[R0].txt - [1934 Bytes] - [27/09/2013 10:09:14] AdwCleaner[R1].txt - [2739 Bytes] - [03/04/2014 13:52:54] AdwCleaner[R2].txt - [4589 Bytes] - [10/04/2014 16:32:52] AdwCleaner[R3].txt - [3188 Bytes] - [04/05/2014 13:58:04] AdwCleaner[R4].txt - [1561 Bytes] - [16/05/2014 11:43:00] AdwCleaner[R5].txt - [2368 Bytes] - [09/03/2015 09:14:35] AdwCleaner[R6].txt - [1748 Bytes] - [14/08/2015 09:53:07] AdwCleaner[R7].txt - [1807 Bytes] - [14/08/2015 12:10:29] AdwCleaner[S0].txt - [2001 Bytes] - [27/09/2013 10:11:51] AdwCleaner[S1].txt - [2806 Bytes] - [03/04/2014 13:56:45] AdwCleaner[S2].txt - [3843 Bytes] - [10/04/2014 16:34:03] AdwCleaner[S3].txt - [3257 Bytes] - [04/05/2014 14:05:20] AdwCleaner[S4].txt - [363 Bytes] - [16/05/2014 11:47:55] AdwCleaner[S5].txt - [2399 Bytes] - [09/03/2015 09:17:39] AdwCleaner[S6].txt - [1697 Bytes] - [14/08/2015 12:13:19] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1756 Bytes] ########## |
16.08.2015, 15:32 | #2 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig hi,
__________________Scan mit Combofix
__________________ |
16.08.2015, 21:00 | #3 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Hallo,
__________________und danke für die schnelle Antwort. ComboFix musste ich nach ca. 2 Stunden Laufzeit unterbrechen und hoffe, nichts Schlimmes angerichtet zu haben. Ich werde morgen nach der Arbeit einen zweiten Versuch starten und mehr Zeit für das Programm einplanen. Viele Grüße. |
17.08.2015, 14:29 | #4 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Ok, und bitte sicherstellen dass das AV PRogramm aus ist.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.08.2015, 20:00 | #5 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig N'abend, ComboFix ist gelaufen. Diesmal in den angekündigten 10-20 Minuten. Combofix Logfile: Code:
ATTFilter ComboFix 15-08-14.01 - User 17.08.2015 20:12:30.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3062.1941 [GMT 2:00] ausgeführt von:: c:\users\User\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1339759721.812.bin c:\programdata\1339768779.bdinstall.bin c:\programdata\1357993146.bdinstall.bin c:\programdata\1374825230.bdinstall.bin c:\programdata\1374825814.3476.bin c:\programdata\1374825814.3512.bin c:\programdata\1374825814.3524.bin c:\programdata\1374825814.4480.bin c:\programdata\1374825814.5124.bin c:\programdata\1374825814.5232.bin c:\programdata\1374825814.5384.bin c:\programdata\1374825814.808.bin c:\programdata\1374828684.bdinstall.bin c:\programdata\1374828768.bdinstall.bin c:\programdata\1374833019.bdinstall.bin c:\programdata\1375021915.bdinstall.bin c:\programdata\691E1E24EF.sys c:\windows\IsUn0407.exe c:\windows\system32\pthreadVC.dll c:\windows\system32\shsvcs.dll.vgorg c:\windows\system32\themeui.dll.vgorg c:\windows\system32\uxtheme.dll.vgorg . . ((((((((((((((((((((((( Dateien erstellt von 2015-07-17 bis 2015-08-17 )))))))))))))))))))))))))))))) . . 2015-08-17 18:21 . 2015-08-17 18:21 -------- d-----w- c:\users\Gast\AppData\Local\temp 2015-08-16 08:17 . 2015-08-16 08:21 -------- d-----w- C:\FRST 2015-08-14 12:40 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDD47CD7-C485-4082-BAE4-20ED7A3C445D}\mpengine.dll 2015-08-14 07:45 . 2015-08-16 13:30 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-14 07:44 . 2015-08-14 07:50 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-08-14 07:44 . 2015-08-14 07:44 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware 2015-08-14 07:44 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-08-14 07:44 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-08-13 15:03 . 2015-07-21 20:55 1206192 ----a-w- c:\windows\system32\ntdll.dll 2015-08-13 15:03 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-08-13 15:03 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys 2015-08-13 15:03 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll 2015-08-13 15:03 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll 2015-08-13 15:03 . 2015-07-21 16:07 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-08-13 15:03 . 2015-07-21 16:07 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-08-13 15:03 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll 2015-08-13 15:01 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 15:00 . 2015-07-09 14:20 304640 ----a-w- c:\windows\system32\drivers\srv.sys 2015-08-13 14:59 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll 2015-08-13 14:27 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll 2015-08-13 14:24 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll 2015-08-13 14:24 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll 2015-08-13 14:21 . 2015-07-31 21:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-08-13 14:21 . 2015-07-31 21:46 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-08-13 14:21 . 2015-07-31 21:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-08-13 14:21 . 2015-07-31 20:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-08-13 14:21 . 2015-07-31 20:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-08-13 14:21 . 2015-07-31 20:33 297472 ----a-w- c:\windows\system32\atmfd.dll 2015-08-13 14:21 . 2015-07-31 22:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-08-13 14:21 . 2015-07-31 20:35 682496 ----a-w- c:\windows\system32\d2d1.dll 2015-08-13 14:21 . 2015-07-31 21:46 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-08-13 14:21 . 2015-07-31 20:33 2066944 ----a-w- c:\windows\system32\win32k.sys 2015-08-13 14:21 . 2015-07-31 20:33 1072640 ----a-w- c:\windows\system32\DWrite.dll 2015-08-13 14:21 . 2015-07-31 20:33 802304 ----a-w- c:\windows\system32\FntCache.dll 2015-08-13 14:17 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll 2015-08-13 14:17 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe 2015-08-13 14:17 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe 2015-08-06 07:21 . 2015-08-06 07:21 -------- d-----w- c:\users\User\AppData\Local\Mixesoft 2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll 2015-08-04 18:11 . 2015-08-04 18:11 -------- d-----w- c:\program files\Common Files\Skype 2015-08-04 18:11 . 2015-08-04 18:11 -------- d-----r- c:\program files\Skype 2015-08-01 08:07 . 2015-08-01 08:07 313472 ----a-w- c:\windows\system32\aswBoot.exe 2015-08-01 08:07 . 2015-08-01 08:07 43112 ----a-w- c:\windows\avastSS.scr 2015-07-30 11:03 . 2015-07-30 11:03 -------- d-----w- c:\users\User\AppData\Roaming\com.mmm.app.schattauer.skillstraining1 2015-07-30 11:02 . 2015-07-30 11:03 -------- d-----w- c:\program files\SkillsTraining 1.1 2015-07-30 11:01 . 2015-07-30 11:01 -------- d-----w- c:\program files\Common Files\Adobe AIR 2015-07-25 10:56 . 2015-07-25 10:56 -------- d-----w- c:\program files\Common Files\Java 2015-07-22 11:04 . 2015-07-22 11:04 17318592 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL 2015-07-21 18:57 . 2015-07-21 18:57 1375896 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll 2015-07-21 16:56 . 2015-08-01 08:07 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys 2015-07-21 16:55 . 2015-08-01 08:07 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-08-12 20:34 . 2015-03-18 14:46 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-08-12 20:34 . 2015-03-18 14:46 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-08-01 08:07 . 2014-04-22 21:25 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-08-01 08:07 . 2013-07-26 09:09 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-08-01 08:07 . 2013-07-26 09:09 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2015-08-01 08:07 . 2013-07-26 09:09 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2015-08-01 08:07 . 2013-07-26 09:09 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-08-01 08:07 . 2013-07-26 09:09 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-08-01 08:07 . 2013-07-26 09:09 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-08-01 08:07 . 2013-07-26 09:09 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-07-25 10:54 . 2014-12-20 10:43 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-07-03 16:04 . 2015-07-16 05:48 1316864 ----a-w- c:\windows\system32\ole32.dll 2015-06-27 16:03 . 2015-07-16 05:34 783872 ----a-w- c:\windows\system32\rpcrt4.dll 2015-06-27 16:02 . 2015-07-16 05:34 218112 ----a-w- c:\windows\system32\msv1_0.dll 2015-06-27 16:02 . 2015-07-16 05:34 501248 ----a-w- c:\windows\system32\kerberos.dll 2015-06-27 16:01 . 2015-07-16 05:34 801280 ----a-w- c:\windows\system32\advapi32.dll 2015-06-27 14:21 . 2015-07-16 05:34 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2015-06-27 14:21 . 2015-07-16 05:34 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2015-06-23 11:27 . 2010-06-11 17:52 246952 ------w- c:\windows\system32\MpSigStub.exe 2015-06-17 16:50 . 2015-07-16 05:48 2264576 ----a-w- c:\windows\system32\msi.dll 2015-06-17 15:09 . 2015-07-16 05:48 73216 ----a-w- c:\windows\system32\msiexec.exe 2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\system32\FM20.DLL 2015-06-12 16:01 . 2015-07-16 05:47 298496 ----a-w- c:\windows\system32\gdi32.dll 2015-06-12 13:13 . 2015-07-16 05:34 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2015-05-31 08:11 . 2015-07-16 05:35 225792 ----a-w- c:\windows\system32\cewmdm.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-08-01 08:07 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-08-05 22:53 189464 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-08-05 22:53 189464 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-08-05 22:53 189464 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-08-05 22:53 189464 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="c:\users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-18 134512] "appnhost"="c:\users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe" [2014-08-08 453176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-01 6109776] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 39179912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\bin\APSHook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub] 2009-06-03 15:13 400936 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acevents] 2009-06-03 15:16 153640 ----a-w- c:\program files\ActivIdentity\ActivClient\acevents.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice] 2010-02-12 10:48 293376 ----a-w- c:\windows\System32\browserchoice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2015-01-20 21:02 5496600 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS] 2009-07-28 01:59 24848 ----a-w- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer] 2012-10-13 15:05 42496 ----a-w- c:\program files\dradio-Recorder\phonostarTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-09-13 21:38 154136 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT] 2007-02-15 13:00 677408 ----a-w- c:\windows\System32\IFXSPMGT.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-09-13 21:38 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2014-07-25 16:42 311616 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-09-13 21:38 129560 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR] 2009-08-07 16:03 354360 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-02-26 07:36 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-02-21 17:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2008-03-28 00:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2013-07-23 22:57 84576 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "IgfxTray"=c:\windows\system32\igfxtray.exe "atwtusb"=atwtusb.exe "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel Bioscrypt REG_MULTI_SZ ASChannel . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Duden ADXRegistrator on] 2012-08-30 10:52 132968 ----a-w- c:\program files\Duden\Duden-Rechtschreibpruefung\adxregistrator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Duden csapi on] 2012-10-26 10:56 154728 ----a-w- c:\programdata\Duden\DKReg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Duden dkClean install] 2012-10-26 10:56 105064 ----a-w- c:\program files\Duden\Duden-Rechtschreibpruefung\DKClean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Duden dktray on] 2012-10-26 10:56 154728 ----a-w- c:\programdata\Duden\DKReg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-08-13 19:35 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-18 20:34] . 2015-08-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core.job - c:\users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 04:21] . 2015-08-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA.job - c:\users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 04:21] . 2015-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-08-05 19:29] . 2015-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-08-05 19:29] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.olb.de/ mStart Page = hxxp://www.google.com IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: olb.de\www TCP: DhcpNameServer = 192.168.0.1 DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} - hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\ FF - prefs.js: browser.startup.homepage - tagesschau.de . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MSConfigStartUp-UVS12 Preload - c:\program files\Corel\Corel VideoStudio 12\uvPL.exe MSConfigStartUp-Wireless Presenter - c:\program files\Nokia\Nokia Wireless Presenter\Wireless Presenter.exe AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />" . [HKEY_USERS\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4BF5F1B-9E2C-ADB7-EB95-1B100536C35F}*] "ianocmfcelmfnmclgj"=hex:66,61,64,67,62,6b,6a,64,69,66,65,6e,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(732) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\windows\system32\conime.exe c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-08-17 20:30:10 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-08-17 18:28 . Vor Suchlauf: 13 Verzeichnis(se), 89.888.075.776 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 90.188.173.312 Bytes frei . - - End Of File - - E814A4B5C066F0A063BB2FC5DF71B4CC --- --- --- 5C616939100B85E558DA92B899A0FC36 |
18.08.2015, 11:15 | #6 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig |
19.08.2015, 20:00 | #7 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig N'Abend, grad komme ich leider eher selten dazu, schnell alle Scans durchzuführen. Aber hier sind nun alle Log-Dateien: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.08.2015 Suchlaufzeit: 09:46:40 Protokolldatei: MWB.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.14.01 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: User Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 370377 Abgelaufene Zeit: 1 Std., 54 Min., 9 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MySearchDial, Löschen bei Neustart, [6f4a37d193f82a0c1f4741d8f211fa06], Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{A9387BE8-BF25-4A92-9FB2-600E19E306F2}, In Quarantäne, [7940b058ed9ebf77654928740cf836ca], Registrierungswerte: 1 Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{a9387be8-bf25-4a92-9fb2-600e19e306f2}|ItemData, C:\Program Files\Avira\AntiVir Desktop\avnotify.exe, In Quarantäne, [7940b058ed9ebf77654928740cf836ca] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.001 - Bericht erstellt 19/08/2015 um 19:27:38 # Aktualisiert 17/08/2015 von Xplode # Datenbank : 2015-08-18.2 [Server] # Betriebssystem : Windows Vista (TM) Business Service Pack 2 (x86) # Benutzername : User - MARKUS-PC # Gestarted von : C:\Users\User\Desktop\AdwCleaner_5.001.exe # Option : Suchlauf ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ Verknüpfungen ] ***** ***** [ Geplante Tasks ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] ***** [ Internetbrowser ] ***** ************************* C:\AdwCleaner[S9].txt - [719 Bytes] - [19/08/2015 19:27:38] ########## EOF - C:\AdwCleaner[S9].txt - [780 Bytes] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.6 (08.10.2015:1) OS: Windows Vista (TM) Business x86 Ran by User on 19.08.2015 at 20:49:10,13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Classes\TypeLib\{006ad7b2-968a-11de-88c9-5bde55d89593} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{1A39978E-EE23-4A5F-9AC4-B03B33F6307F} Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{2DFA77DE-A532-40F8-8D79-6EF4E8F3CEF9} Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{44F39FC1-A4BC-496D-9AF6-63602372F83A} Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{D25A2201-FACE-4A53-A546-C7CE448DF2F4} Successfully deleted: [Folder] C:\ProgramData\esellerate Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\getrighttogo ~~~ FireFox Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\kezs2hfl.default-1419069984836\minidumps [47 files] ~~~ Chrome [C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.08.2015 at 20:52:32,38 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2015 durchgeführt von User (Administrator) auf MARKUS-PC (19-08-2015 20:56:16) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User & Gast) Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_19_0_0_142.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_19_0_0_142.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-01] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ACHTUNG HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ACHTUNG HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [appnhost] => C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-01] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) GroupPolicyScripts: Gruppenrichtline erkannt <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.olb.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation) BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28] (Bioscrypt Inc.) DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{36A8F4FD-5D7C-480D-8366-A1FB38261D64}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{68BA203E-F22F-40DE-8CB4-5A4DD3559AB0}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A932B982-2288-40CA-927E-99E81CFBAD8A}: [DhcpNameServer] 139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{C8359547-F363-4034-9C61-EC80907567BD}: [DhcpNameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836 FF NewTab: about:blank FF Homepage: tagesschau.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_142.dll [2015-08-12] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei] FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1406830839-1458410200-2704653683-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll Keine Datei FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\searchplugins\dudende-suche.xml [2015-01-07] FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\youtubeunblocker@unblocker.yt [2015-08-05] FF Extension: OLB - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2015-05-19] FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-20] FF Extension: anonymoX - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\client@anonymox.net.xpi [2014-12-20] FF Extension: Blur - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\donottrackplus@abine.com.xpi [2015-07-14] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20] FF Extension: Session Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-20] FF Extension: LeechBlock - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2015-03-03] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-11] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-26] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-06] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Click&Clean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-08-06] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2015-08-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) S4 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-01] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-21] (Avast Software) S4 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [Datei ist nicht signiert] S4 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) S4 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677408 2007-02-15] (Infineon Technologies AG) S4 IFXTCS; C:\Windows\system32\ifxtcs.exe [849440 2007-01-23] (Infineon Technologies AG) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140832 2007-02-15] (Infineon Technologies AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 Service_Desktop; C:\Program Files\Virtual Desktop\Desktop.exe [414208 2004-08-20] () [Datei ist nicht signiert] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation) R5 ACPI; C:\Windows\System32\drivers\acpi.sys [265688 2009-04-11] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-01] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-01] (AVAST Software) R5 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-01] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-01] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-01] (AVAST Software) R5 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-01] (AVAST Software) R5 atapi; C:\Windows\System32\drivers\atapi.sys [19944 2009-04-11] (Microsoft Corporation) S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.) R5 CLFS; C:\Windows\System32\CLFS.sys [244152 2015-03-05] (Microsoft Corporation) R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-21] (Microsoft Corporation) R5 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [24632 2008-01-21] (Microsoft Corporation) R5 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-11] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-13] (DT Soft Ltd) R5 Ecache; C:\Windows\System32\drivers\ecache.sys [140224 2015-07-21] (Microsoft Corporation) R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-21] (Microsoft Corporation) R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Microsoft Corporation) R5 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [17920 2006-07-24] (Hewlett-Packard Corporation) S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.) S3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5707744 2007-05-16] (Intel Corporation) [Datei ist nicht signiert] R5 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [304920 2007-03-21] (Intel Corporation) R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [Datei ist nicht signiert] R5 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-01-21] (Microsoft Corporation) R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440768 2015-06-12] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R5 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [56256 2015-07-21] (Microsoft Corporation) R5 msahci; C:\Windows\System32\drivers\msahci.sys [28728 2008-01-21] (Microsoft Corporation) R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-21] (Microsoft Corporation) R5 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-11] (Microsoft Corporation) R5 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-11] (Microsoft Corporation) S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2203520 2007-03-01] (Intel Corporation) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R5 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-01] (AVAST Software) R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] (Microsoft Corporation) R5 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-11] (Microsoft Corporation) R5 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [177640 2009-04-11] (Microsoft Corporation) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2007-01-23] (Infineon Technologies AG) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International) R5 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [Datei ist nicht signiert] R5 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.) R5 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International) R5 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-21] (Microsoft Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-02-08] (Duplex Secure Ltd.) R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [915392 2014-04-05] (Microsoft Corporation) S2 trackcam; C:\Windows\System32\DRIVERS\trackcam.sys [78152 2009-10-09] (Eagletron Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-21] (Avast Software) R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-21] (Microsoft Corporation) R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-11] (Microsoft Corporation) R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [224640 2012-08-21] (Microsoft Corporation) R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-27] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U1 eabfiltr; kein ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 WebCamDV; system32\DRIVERS\WebCamDV.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-19 20:53 - 2015-08-19 20:53 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2015-08-19 20:52 - 2015-08-19 20:52 - 00001987 _____ C:\Users\User\Desktop\JRT.txt 2015-08-19 20:48 - 2015-08-19 19:28 - 00000847 _____ C:\Users\User\Desktop\AdwCleaner[S9].txt 2015-08-19 20:46 - 2015-08-19 20:46 - 00001143 _____ C:\AdwCleaner[C10].txt 2015-08-19 20:45 - 2015-08-19 20:46 - 00000972 _____ C:\AdwCleaner[S11].txt 2015-08-19 20:44 - 2015-08-19 20:44 - 00000000 ____D C:\Users\User\Desktop\Neuer Ordner 2015-08-19 20:40 - 2015-08-19 20:40 - 00001016 _____ C:\AdwCleaner[C9].txt 2015-08-19 20:39 - 2015-08-19 20:39 - 00000848 _____ C:\AdwCleaner[S10].txt 2015-08-19 20:38 - 2015-08-19 20:38 - 00001063 _____ C:\AdwCleaner[C8].txt 2015-08-19 19:27 - 2015-08-19 19:28 - 00000847 _____ C:\AdwCleaner[S9].txt 2015-08-18 17:46 - 2015-08-18 17:47 - 01791580 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT.exe 2015-08-18 17:46 - 2015-08-18 17:46 - 01573888 _____ C:\Users\User\Desktop\AdwCleaner_5.001.exe 2015-08-17 20:30 - 2015-08-17 20:30 - 00025225 _____ C:\ComboFix.txt 2015-08-16 20:12 - 2015-08-16 20:12 - 00116576 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-16 16:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-08-16 16:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-08-16 16:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-08-16 16:42 - 2015-08-17 20:30 - 00000000 ____D C:\Qoobox 2015-08-16 16:37 - 2015-08-17 20:27 - 00000000 ____D C:\Windows\erdnt 2015-08-16 16:34 - 2015-08-16 16:35 - 05634818 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2015-08-16 15:37 - 2015-08-16 15:37 - 00001750 _____ C:\Users\User\Desktop\MalwareBytes.txt 2015-08-16 15:36 - 2015-08-16 15:36 - 00001750 _____ C:\MWB.txt 2015-08-16 15:21 - 2015-08-16 15:21 - 00013182 _____ C:\Users\User\Desktop\Gmer.log 2015-08-16 10:19 - 2015-08-16 10:21 - 00053626 _____ C:\Users\User\Desktop\Addition.txt 2015-08-16 10:18 - 2015-08-19 20:56 - 00023333 _____ C:\Users\User\Desktop\FRST.txt 2015-08-16 10:17 - 2015-08-19 20:56 - 00000000 ____D C:\FRST 2015-08-16 10:17 - 2015-08-19 20:53 - 01677312 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2015-08-16 10:17 - 2015-08-16 10:17 - 00380416 _____ C:\Users\User\Desktop\Gmer-19357.exe 2015-08-16 10:14 - 2015-08-16 10:15 - 00000580 _____ C:\Users\User\Desktop\defogger_disable.log 2015-08-16 10:14 - 2015-08-16 10:14 - 00000000 _____ C:\Users\User\defogger_reenable 2015-08-16 10:13 - 2015-08-16 10:13 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe 2015-08-15 09:14 - 2015-08-17 20:22 - 00002198 _____ C:\Windows\PFRO.log 2015-08-15 09:14 - 2015-08-15 09:15 - 00398832 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-14 13:09 - 2015-08-14 13:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-14 09:45 - 2015-08-18 17:44 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-14 09:44 - 2015-08-14 09:50 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-14 09:44 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-13 17:03 - 2015-07-21 22:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-13 17:03 - 2015-07-21 18:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-13 17:03 - 2015-07-21 18:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-13 17:03 - 2015-07-21 18:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-13 17:01 - 2015-07-31 21:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 17:00 - 2015-07-09 16:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-13 16:59 - 2015-07-10 21:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-13 16:55 - 2015-07-11 17:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-13 16:27 - 2015-07-18 18:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-13 16:21 - 2015-08-01 00:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-13 16:21 - 2015-07-31 22:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-13 16:21 - 2015-07-31 22:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-13 16:21 - 2015-07-31 22:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-13 16:21 - 2015-07-31 22:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-13 16:17 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 21:48 - 2015-07-22 22:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-12 21:48 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 21:48 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 21:48 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 21:48 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-12 21:48 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 21:48 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-06 09:21 - 2015-08-06 09:21 - 00000000 ____D C:\Users\User\AppData\Local\Mixesoft 2015-08-05 21:31 - 2015-08-05 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 21:29 - 2015-08-19 20:42 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 21:29 - 2015-08-19 20:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ___RD C:\Program Files\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-01 10:07 - 2015-08-01 10:07 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-01 10:07 - 2015-08-01 10:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-07-30 13:03 - 2015-07-30 13:03 - 00000826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000814 _____ C:\Users\Public\Desktop\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000000 ____D C:\Users\User\AppData\Roaming\com.mmm.app.schattauer.skillstraining1 2015-07-30 13:02 - 2015-07-30 13:03 - 00000000 ____D C:\Program Files\SkillsTraining 1.1 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-07-25 12:56 - 2015-07-25 12:56 - 00000000 ____D C:\Program Files\Common Files\Java 2015-07-24 12:31 - 2015-08-14 16:11 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\TDSSKiller.exe 2015-07-21 18:56 - 2015-08-01 10:07 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-07-21 18:55 - 2015-08-01 10:07 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-19 20:54 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-19 20:54 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-19 20:46 - 2008-01-21 03:39 - 01747155 _____ C:\Windows\WindowsUpdate.log 2015-08-19 20:45 - 2011-09-22 22:16 - 00000000 ___RD C:\Users\User\Documents\Dropbox 2015-08-19 20:45 - 2011-09-22 22:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2015-08-19 20:42 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-19 20:41 - 2010-06-23 16:30 - 00003204 _____ C:\Windows\bthservsdp.dat 2015-08-19 20:41 - 2006-11-02 15:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-19 20:34 - 2015-05-09 10:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-19 20:31 - 2015-06-18 06:21 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA.job 2015-08-19 20:31 - 2015-06-18 06:21 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core.job 2015-08-18 17:46 - 2013-07-29 13:50 - 00001738 ____H C:\Users\User\Documents\Default.rdp 2015-08-17 20:30 - 2007-12-24 21:33 - 00000000 ___RD C:\Users\Markus kann weg 2015-08-17 20:30 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2015-08-17 20:30 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2015-08-17 20:23 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2015-08-16 21:45 - 2008-01-21 10:32 - 01576088 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-15 09:14 - 2012-04-25 18:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-14 12:34 - 2010-06-23 20:13 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-08-14 12:30 - 2013-08-20 10:50 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-14 12:13 - 2013-09-27 10:09 - 00000000 ____D C:\AdwCleaner 2015-08-14 12:08 - 2013-07-26 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-14 11:10 - 2013-07-31 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2015-08-14 10:30 - 2014-04-03 13:28 - 00000000 ____D C:\Users\User\AppData\Roaming\CDisplayEx 2015-08-13 20:42 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-13 19:40 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-13 17:04 - 2010-10-28 10:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-13 16:54 - 2013-07-24 10:00 - 00000000 ____D C:\Windows\system32\MRT 2015-08-13 16:31 - 2006-11-02 12:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-12 22:34 - 2015-03-18 16:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-12 22:34 - 2015-03-18 16:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-05 21:31 - 2011-03-28 10:37 - 00000000 ____D C:\Users\User\AppData\Local\Google 2015-08-05 21:30 - 2011-03-28 10:38 - 00000000 ____D C:\Program Files\Google 2015-08-04 21:39 - 2010-07-17 18:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-08-04 20:12 - 2010-07-17 18:46 - 00000000 ____D C:\ProgramData\Skype 2015-08-01 10:07 - 2014-04-22 23:25 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-30 13:01 - 2010-06-23 20:14 - 00000000 ____D C:\Program Files\Adobe 2015-07-26 09:29 - 2014-12-30 15:51 - 00000000 ____D C:\ProgramData\Unified Remote 2015-07-25 13:04 - 2013-10-21 22:29 - 00000000 ____D C:\ProgramData\Oracle 2015-07-25 12:57 - 2007-12-30 19:26 - 00000000 ____D C:\Program Files\Java 2015-07-25 12:54 - 2014-12-20 12:43 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-07-22 19:17 - 2014-11-19 21:44 - 00000000 ____D C:\Windows\system32\vbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-09-25 12:32 - 2014-09-25 12:33 - 0000102 _____ () C:\Users\User\AppData\Roaming\.ptbt0 2012-04-24 00:10 - 2012-04-25 07:30 - 0002844 _____ () C:\Users\User\AppData\Roaming\alarms.ini 2012-04-24 00:06 - 2012-04-25 09:05 - 0000749 _____ () C:\Users\User\AppData\Roaming\AtomicAlarmClock.ini 2013-11-07 17:53 - 2013-11-07 17:53 - 0000393 _____ () C:\Users\User\AppData\Roaming\plugins.xml 2010-12-13 12:13 - 2010-12-13 12:13 - 0001274 _____ () C:\Users\User\AppData\Roaming\SAS7_000.DAT 2014-04-26 12:31 - 2014-04-26 12:31 - 0000043 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\AtStart.txt 2010-06-11 18:27 - 2014-07-25 23:51 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2010-06-23 18:42 - 2014-12-17 12:22 - 0161280 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\DSwitch.txt 2010-06-23 18:18 - 2014-07-30 10:44 - 0000000 _____ () C:\Users\User\AppData\Local\FnF4.txt 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\QSwitch.txt 2012-06-13 17:06 - 2013-06-23 23:42 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db 2015-01-10 10:08 - 2015-01-10 10:08 - 0000000 _____ () C:\Users\User\AppData\Local\{450253B0-D9A8-4DE1-8853-F31AB41BDA42} 2011-11-15 00:41 - 2011-11-15 00:41 - 0000000 _____ () C:\Users\User\AppData\Local\{C809EE78-F2BE-46C1-9A6D-F71D1F35D882} 2014-08-20 09:22 - 2014-08-20 09:22 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-14 13:20 - 2015-03-09 15:25 - 0016726 _____ () C:\ProgramData\hpzinstall.log 2012-01-27 10:26 - 2012-01-27 12:48 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys Einige Dateien in TEMP: ==================== C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqe2cxi.dll C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-19 20:48 ==================== Ende vom raportu ============================ |
20.08.2015, 12:51 | #8 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötigESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.08.2015, 10:23 | #9 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Hallo, leider muss ich die nächsten Scans auf Montag verschieben, da ich übers Wochenende keine Zeit habe/hatte. Viele Grüße. |
23.08.2015, 19:33 | #10 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.08.2015, 21:53 | #11 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=030f7cce52e59e4f98f3f22bea7ffdee # end=init # utc_time=2015-08-20 07:16:42 # local_time=2015-08-20 09:16:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.0.6002 NT Service Pack 2 Update Init Update Download esets_scanner_update returned -1 esets_gle=45315 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download esets_scanner_update returned -1 esets_gle=45315 Update Finalize Updated modules version: 0 Old modules - delete modules Update Init Update Download esets_scanner_update returned -1 esets_gle=45315 Update Finalize Updated modules version: 0 'Can not update to actual engine, exiting Update Init Update Download Update Finalize Updated modules version: 25373 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=030f7cce52e59e4f98f3f22bea7ffdee # end=updated # utc_time=2015-08-20 07:25:36 # local_time=2015-08-20 09:25:36 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.0.6002 NT Service Pack 2 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=030f7cce52e59e4f98f3f22bea7ffdee # engine=25373 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-20 08:27:00 # local_time=2015-08-20 10:27:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='avast! Internet Security' # compatibility_mode=779 16777213 85 67 1667637 204522910 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 189103 277635122 0 0 # scanned=107923 # found=4 # cleaned=0 # scan_time=3683 sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Temp\OCS\ocs_v8.exe.vir" sh=1305DE2BFA54D0A13AFA7E1DC139B3B9AE262A56 ft=1 fh=87358e7751ff4371 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir" sh=AC5E1E29B902662A40DE4206ED3B49595F22E671 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.MobWin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\chronos_salvation.apk" sh=58785FB4E3FC9C2A8F1CAE2889BC664B6A970E5F ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AppFlood.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\shipwrecked.apk" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=030f7cce52e59e4f98f3f22bea7ffdee # end=init # utc_time=2015-08-24 06:17:40 # local_time=2015-08-24 08:17:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.0.6002 NT Service Pack 2 Update Init Update Download Update Finalize Updated modules version: 25427 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=030f7cce52e59e4f98f3f22bea7ffdee # end=updated # utc_time=2015-08-24 06:19:54 # local_time=2015-08-24 08:19:54 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.0.6002 NT Service Pack 2 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=030f7cce52e59e4f98f3f22bea7ffdee # engine=25427 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-24 08:42:12 # local_time=2015-08-24 10:42:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='avast! Internet Security' # compatibility_mode=779 16777213 85 67 2014149 204869422 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776573 100 100 18801 277981634 0 0 # scanned=210647 # found=4 # cleaned=0 # scan_time=8538 sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Temp\OCS\ocs_v8.exe.vir" sh=1305DE2BFA54D0A13AFA7E1DC139B3B9AE262A56 ft=1 fh=87358e7751ff4371 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir" sh=AC5E1E29B902662A40DE4206ED3B49595F22E671 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.MobWin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\chronos_salvation.apk" sh=58785FB4E3FC9C2A8F1CAE2889BC664B6A970E5F ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AppFlood.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\shipwrecked.apk" Code:
ATTFilter Results of screen317's Security Check version 1.006 Windows Vista Service Pack 2 x86 Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 51 HP JavaCard for HP ProtectTools Adobe Flash Player 19.0.0.142 Adobe Reader XI Mozilla Firefox (40.0.2) Google Chrome (44.0.2403.155) Google Chrome (44.0.2403.157) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015 durchgeführt von User (Administrator) auf MARKUS-PC (24-08-2015 22:49:50) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User & Gast) Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Mixesoft Project) C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-01] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ACHTUNG HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ACHTUNG HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [appnhost] => C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-01] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) GroupPolicyScripts: Gruppenrichtline erkannt <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.olb.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation) BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28] (Bioscrypt Inc.) DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{36A8F4FD-5D7C-480D-8366-A1FB38261D64}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{68BA203E-F22F-40DE-8CB4-5A4DD3559AB0}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A932B982-2288-40CA-927E-99E81CFBAD8A}: [DhcpNameServer] 139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{C8359547-F363-4034-9C61-EC80907567BD}: [DhcpNameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836 FF NewTab: about:blank FF Homepage: tagesschau.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_142.dll [2015-08-12] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei] FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1406830839-1458410200-2704653683-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll Keine Datei FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\searchplugins\dudende-suche.xml [2015-01-07] FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\youtubeunblocker@unblocker.yt [2015-08-05] FF Extension: OLB - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2015-05-19] FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-20] FF Extension: anonymoX - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\client@anonymox.net.xpi [2014-12-20] FF Extension: Blur - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\donottrackplus@abine.com.xpi [2015-07-14] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20] FF Extension: Session Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-20] FF Extension: LeechBlock - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2015-03-03] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-11] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-26] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-06] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Click&Clean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-08-06] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2015-08-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) S4 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-01] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-21] (Avast Software) S4 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [Datei ist nicht signiert] S4 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) S4 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677408 2007-02-15] (Infineon Technologies AG) S4 IFXTCS; C:\Windows\system32\ifxtcs.exe [849440 2007-01-23] (Infineon Technologies AG) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140832 2007-02-15] (Infineon Technologies AG) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 Service_Desktop; C:\Program Files\Virtual Desktop\Desktop.exe [414208 2004-08-20] () [Datei ist nicht signiert] R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-01] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-01] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-01] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-01] (AVAST Software) S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-13] (DT Soft Ltd) R3 eapihdrv; C:\Users\User\AppData\Local\Temp\ehdrv.sys [135760 2015-08-24] (ESET) S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.) S3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5707744 2007-05-16] (Intel Corporation) [Datei ist nicht signiert] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [Datei ist nicht signiert] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2203520 2007-03-01] (Intel Corporation) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-01] (AVAST Software) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2007-01-23] (Infineon Technologies AG) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International) R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [Datei ist nicht signiert] R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-02-08] (Duplex Secure Ltd.) S2 trackcam; C:\Windows\System32\DRIVERS\trackcam.sys [78152 2009-10-09] (Eagletron Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-21] (Avast Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U1 eabfiltr; kein ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 WebCamDV; system32\DRIVERS\WebCamDV.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-20 21:16 - 2015-08-20 21:16 - 00000000 ____D C:\Program Files\ESET 2015-08-20 21:15 - 2015-08-20 21:16 - 00852684 _____ C:\Users\User\Desktop\SecurityCheck.exe 2015-08-20 21:14 - 2015-08-20 21:14 - 02870984 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe 2015-08-20 07:40 - 2015-08-15 01:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 07:40 - 2015-08-15 00:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-20 07:40 - 2015-08-15 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-19 20:53 - 2015-08-24 22:49 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2015-08-19 20:52 - 2015-08-19 20:52 - 00001987 _____ C:\Users\User\Desktop\JRT.txt 2015-08-19 20:48 - 2015-08-19 19:28 - 00000847 _____ C:\Users\User\Desktop\AdwCleaner[S9].txt 2015-08-19 20:46 - 2015-08-19 20:46 - 00001143 _____ C:\AdwCleaner[C10].txt 2015-08-19 20:45 - 2015-08-19 20:46 - 00000972 _____ C:\AdwCleaner[S11].txt 2015-08-19 20:44 - 2015-08-19 20:44 - 00000000 ____D C:\Users\User\Desktop\Neuer Ordner 2015-08-19 20:40 - 2015-08-19 20:40 - 00001016 _____ C:\AdwCleaner[C9].txt 2015-08-19 20:39 - 2015-08-19 20:39 - 00000848 _____ C:\AdwCleaner[S10].txt 2015-08-19 20:38 - 2015-08-19 20:38 - 00001063 _____ C:\AdwCleaner[C8].txt 2015-08-19 19:27 - 2015-08-19 19:28 - 00000847 _____ C:\AdwCleaner[S9].txt 2015-08-18 17:46 - 2015-08-18 17:47 - 01791580 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT.exe 2015-08-18 17:46 - 2015-08-18 17:46 - 01573888 _____ C:\Users\User\Desktop\AdwCleaner_5.001.exe 2015-08-17 20:30 - 2015-08-17 20:30 - 00025225 _____ C:\ComboFix.txt 2015-08-16 20:12 - 2015-08-16 20:12 - 00116576 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-16 16:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-08-16 16:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-08-16 16:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-08-16 16:42 - 2015-08-17 20:30 - 00000000 ____D C:\Qoobox 2015-08-16 16:37 - 2015-08-17 20:27 - 00000000 ____D C:\Windows\erdnt 2015-08-16 16:34 - 2015-08-16 16:35 - 05634818 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2015-08-16 15:37 - 2015-08-16 15:37 - 00001750 _____ C:\Users\User\Desktop\MalwareBytes.txt 2015-08-16 15:36 - 2015-08-16 15:36 - 00001750 _____ C:\MWB.txt 2015-08-16 15:21 - 2015-08-16 15:21 - 00013182 _____ C:\Users\User\Desktop\Gmer.log 2015-08-16 10:19 - 2015-08-16 10:21 - 00053626 _____ C:\Users\User\Desktop\Addition.txt 2015-08-16 10:18 - 2015-08-24 22:49 - 00021412 _____ C:\Users\User\Desktop\FRST.txt 2015-08-16 10:17 - 2015-08-24 22:49 - 01690112 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2015-08-16 10:17 - 2015-08-24 22:49 - 00000000 ____D C:\FRST 2015-08-16 10:17 - 2015-08-16 10:17 - 00380416 _____ C:\Users\User\Desktop\Gmer-19357.exe 2015-08-16 10:14 - 2015-08-16 10:15 - 00000580 _____ C:\Users\User\Desktop\defogger_disable.log 2015-08-16 10:14 - 2015-08-16 10:14 - 00000000 _____ C:\Users\User\defogger_reenable 2015-08-16 10:13 - 2015-08-16 10:13 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe 2015-08-15 09:14 - 2015-08-17 20:22 - 00002198 _____ C:\Windows\PFRO.log 2015-08-15 09:14 - 2015-08-15 09:15 - 00398832 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-14 13:09 - 2015-08-14 13:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-14 09:45 - 2015-08-18 17:44 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-14 09:44 - 2015-08-14 09:50 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-14 09:44 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-13 17:03 - 2015-07-21 22:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-13 17:03 - 2015-07-21 18:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-13 17:03 - 2015-07-21 18:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-13 17:03 - 2015-07-21 18:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-13 17:01 - 2015-07-31 21:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 17:00 - 2015-07-09 16:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-13 16:59 - 2015-07-10 21:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-13 16:55 - 2015-07-11 17:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-13 16:27 - 2015-07-18 18:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-13 16:21 - 2015-08-01 00:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-13 16:21 - 2015-07-31 22:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-13 16:21 - 2015-07-31 22:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-13 16:21 - 2015-07-31 22:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-13 16:21 - 2015-07-31 22:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-13 16:17 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 21:48 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 21:48 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 21:48 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 21:48 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 21:48 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-06 09:21 - 2015-08-06 09:21 - 00000000 ____D C:\Users\User\AppData\Local\Mixesoft 2015-08-05 21:31 - 2015-08-05 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 21:29 - 2015-08-24 22:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 21:29 - 2015-08-24 21:34 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ___RD C:\Program Files\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-01 10:07 - 2015-08-01 10:07 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-01 10:07 - 2015-08-01 10:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-07-30 13:03 - 2015-07-30 13:03 - 00000826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000814 _____ C:\Users\Public\Desktop\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000000 ____D C:\Users\User\AppData\Roaming\com.mmm.app.schattauer.skillstraining1 2015-07-30 13:02 - 2015-07-30 13:03 - 00000000 ____D C:\Program Files\SkillsTraining 1.1 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-07-25 12:56 - 2015-07-25 12:56 - 00000000 ____D C:\Program Files\Common Files\Java ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 22:38 - 2008-01-21 03:39 - 01835755 _____ C:\Windows\WindowsUpdate.log 2015-08-24 22:34 - 2015-05-09 10:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-24 22:31 - 2015-06-18 06:21 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA.job 2015-08-24 21:13 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-24 21:13 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-24 20:31 - 2015-06-18 06:21 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core.job 2015-08-24 20:15 - 2008-01-21 10:32 - 01576088 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-24 17:48 - 2013-07-29 13:50 - 00001738 ____H C:\Users\User\Documents\Default.rdp 2015-08-24 17:16 - 2011-09-22 22:16 - 00000000 ___RD C:\Users\User\Documents\Dropbox 2015-08-24 17:16 - 2011-09-22 22:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2015-08-24 17:13 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-21 17:58 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-20 22:20 - 2014-04-03 13:28 - 00000000 ____D C:\Users\User\AppData\Roaming\CDisplayEx 2015-08-20 08:08 - 2010-06-23 16:30 - 00003204 _____ C:\Windows\bthservsdp.dat 2015-08-17 20:30 - 2007-12-24 21:33 - 00000000 ___RD C:\Users\Markus kann weg 2015-08-17 20:30 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2015-08-17 20:30 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2015-08-17 20:23 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2015-08-15 09:14 - 2012-04-25 18:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-14 16:11 - 2015-07-24 12:31 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\TDSSKiller.exe 2015-08-14 12:34 - 2010-06-23 20:13 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-08-14 12:30 - 2013-08-20 10:50 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-14 12:13 - 2013-09-27 10:09 - 00000000 ____D C:\AdwCleaner 2015-08-14 12:08 - 2013-07-26 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-14 11:10 - 2013-07-31 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2015-08-13 20:42 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-13 19:40 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-13 17:04 - 2010-10-28 10:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-13 16:54 - 2013-07-24 10:00 - 00000000 ____D C:\Windows\system32\MRT 2015-08-13 16:31 - 2006-11-02 12:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-12 22:34 - 2015-03-18 16:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-12 22:34 - 2015-03-18 16:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-05 21:31 - 2011-03-28 10:37 - 00000000 ____D C:\Users\User\AppData\Local\Google 2015-08-05 21:30 - 2011-03-28 10:38 - 00000000 ____D C:\Program Files\Google 2015-08-04 21:39 - 2010-07-17 18:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-08-04 20:12 - 2010-07-17 18:46 - 00000000 ____D C:\ProgramData\Skype 2015-08-01 10:07 - 2015-07-21 18:56 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-08-01 10:07 - 2015-07-21 18:55 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-01 10:07 - 2014-04-22 23:25 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-30 13:01 - 2010-06-23 20:14 - 00000000 ____D C:\Program Files\Adobe 2015-07-26 09:29 - 2014-12-30 15:51 - 00000000 ____D C:\ProgramData\Unified Remote 2015-07-25 13:04 - 2013-10-21 22:29 - 00000000 ____D C:\ProgramData\Oracle 2015-07-25 12:57 - 2007-12-30 19:26 - 00000000 ____D C:\Program Files\Java 2015-07-25 12:54 - 2014-12-20 12:43 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-09-25 12:32 - 2014-09-25 12:33 - 0000102 _____ () C:\Users\User\AppData\Roaming\.ptbt0 2012-04-24 00:10 - 2012-04-25 07:30 - 0002844 _____ () C:\Users\User\AppData\Roaming\alarms.ini 2012-04-24 00:06 - 2012-04-25 09:05 - 0000749 _____ () C:\Users\User\AppData\Roaming\AtomicAlarmClock.ini 2013-11-07 17:53 - 2013-11-07 17:53 - 0000393 _____ () C:\Users\User\AppData\Roaming\plugins.xml 2010-12-13 12:13 - 2010-12-13 12:13 - 0001274 _____ () C:\Users\User\AppData\Roaming\SAS7_000.DAT 2014-04-26 12:31 - 2014-04-26 12:31 - 0000043 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\AtStart.txt 2010-06-11 18:27 - 2014-07-25 23:51 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2010-06-23 18:42 - 2014-12-17 12:22 - 0161280 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\DSwitch.txt 2010-06-23 18:18 - 2014-07-30 10:44 - 0000000 _____ () C:\Users\User\AppData\Local\FnF4.txt 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\QSwitch.txt 2012-06-13 17:06 - 2013-06-23 23:42 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db 2015-01-10 10:08 - 2015-01-10 10:08 - 0000000 _____ () C:\Users\User\AppData\Local\{450253B0-D9A8-4DE1-8853-F31AB41BDA42} 2011-11-15 00:41 - 2011-11-15 00:41 - 0000000 _____ () C:\Users\User\AppData\Local\{C809EE78-F2BE-46C1-9A6D-F71D1F35D882} 2014-08-20 09:22 - 2014-08-20 09:22 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-14 13:20 - 2015-03-09 15:25 - 0016726 _____ () C:\ProgramData\hpzinstall.log 2012-01-27 10:26 - 2012-01-27 12:48 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys Einige Dateien in TEMP: ==================== C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojfc21.dll C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-24 17:21 ==================== Ende vom FRST.txt ============================ Mir ist aufgefallen, dass das Problem, der Absturz, in 9 von 10 Fällen bei imgur..com auftritt. Was immer das zu bedeuten hat. Viele Grüße. |
25.08.2015, 10:41 | #12 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\chronos_salvation.apk C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\shipwrecked.apk HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ACHTUNG HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ACHTUNG GroupPolicyScripts: Gruppenrichtline erkannt <======= ACHTUNG Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.08.2015, 21:48 | #13 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig N'abend! Hier also die Inhalte: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:24-08-2015 durchgeführt von User (2015-08-25 21:21:00) Run:1 Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User & Gast) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\chronos_salvation.apk C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\shipwrecked.apk HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ACHTUNG HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ACHTUNG GroupPolicyScripts: Gruppenrichtline erkannt <======= ACHTUNG Emptytemp: ***************** C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\chronos_salvation.apk => erfolgreich verschoben C:\Users\User\Documents\samsung\Kies\Backup\GT-I9100G\GT-I9100G_\GT-I9100G_20150106082051\Others\Download\shipwrecked.apk => erfolgreich verschoben HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ACHTUNG => erfolgreich wiederhergestellt HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ACHTUNG => erfolgreich wiederhergestellt C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben EmptyTemp: => 49.6 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende vom Fixlog 21:23:57 ==== FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015 durchgeführt von User (Administrator) auf MARKUS-PC (25-08-2015 21:28:48) Gestartet von C:\Users\User\Desktop Geladene Profile: User (Verfügbare Profile: User & Gast) Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Mixesoft Project) C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\...\Run: [appnhost] => C:\Users\User\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project) AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.) Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09] ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-01] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1406830839-1458410200-2704653683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.olb.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-01] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation) BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28] (Bioscrypt Inc.) DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{36A8F4FD-5D7C-480D-8366-A1FB38261D64}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{68BA203E-F22F-40DE-8CB4-5A4DD3559AB0}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A932B982-2288-40CA-927E-99E81CFBAD8A}: [DhcpNameServer] 139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{C8359547-F363-4034-9C61-EC80907567BD}: [DhcpNameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836 FF NewTab: about:blank FF Homepage: tagesschau.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_157.dll [2015-08-25] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei] FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1406830839-1458410200-2704653683-1000: @phonostar.de/phonostar -> C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll Keine Datei FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\searchplugins\dudende-suche.xml [2015-01-07] FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\youtubeunblocker@unblocker.yt [2015-08-05] FF Extension: OLB - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{C752FF21-A8EF-468E-B507-5BBAFB84359D} [2015-05-19] FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-20] FF Extension: anonymoX - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\client@anonymox.net.xpi [2014-12-20] FF Extension: Blur - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\donottrackplus@abine.com.xpi [2015-07-14] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-20] FF Extension: Session Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-20] FF Extension: LeechBlock - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2015-03-03] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kezs2hfl.default-1419069984836\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-11] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-05] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-26] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-06] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Click&Clean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-08-06] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (anonymoX) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2015-08-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL [192784 2009-07-28] (Bioscrypt Inc.) R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.) S4 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-01] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-21] (Avast Software) S4 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [Datei ist nicht signiert] S4 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) S4 IFXSpMgtSrv; C:\Windows\system32\ifxspmgt.exe [677408 2007-02-15] (Infineon Technologies AG) S4 IFXTCS; C:\Windows\system32\ifxtcs.exe [849440 2007-01-23] (Infineon Technologies AG) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 PersonalSecureDriveService; C:\Windows\system32\IfxPsdSv.exe [140832 2007-02-15] (Infineon Technologies AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [Datei ist nicht signiert] S4 Service_Desktop; C:\Program Files\Virtual Desktop\Desktop.exe [414208 2004-08-20] () [Datei ist nicht signiert] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-01] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-01] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-01] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-01] (AVAST Software) S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-13] (DT Soft Ltd) S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-10-03] (Hewlett Packard) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.) S3 ialm; C:\Windows\System32\DRIVERS\igxpmp32.sys [5707744 2007-05-16] (Intel Corporation) [Datei ist nicht signiert] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [Datei ist nicht signiert] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2203520 2007-03-01] (Intel Corporation) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-01] (AVAST Software) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39080 2007-01-23] (Infineon Technologies AG) R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International) R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [Datei ist nicht signiert] R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.) R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-02-08] (Duplex Secure Ltd.) S2 trackcam; C:\Windows\System32\DRIVERS\trackcam.sys [78152 2009-10-09] (Eagletron Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-21] (Avast Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U1 eabfiltr; kein ImagePath S3 eapihdrv; \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 WebCamDV; system32\DRIVERS\WebCamDV.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-25 21:25 - 2015-08-25 21:25 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-08-20 21:16 - 2015-08-20 21:16 - 00000000 ____D C:\Program Files\ESET 2015-08-20 21:15 - 2015-08-20 21:16 - 00852684 _____ C:\Users\User\Desktop\SecurityCheck.exe 2015-08-20 21:14 - 2015-08-20 21:14 - 02870984 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe 2015-08-20 07:40 - 2015-08-15 01:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 07:40 - 2015-08-15 00:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-20 07:40 - 2015-08-15 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-19 20:53 - 2015-08-24 22:49 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2015-08-19 20:52 - 2015-08-19 20:52 - 00001987 _____ C:\Users\User\Desktop\JRT.txt 2015-08-19 20:48 - 2015-08-19 19:28 - 00000847 _____ C:\Users\User\Desktop\AdwCleaner[S9].txt 2015-08-19 20:46 - 2015-08-19 20:46 - 00001143 _____ C:\AdwCleaner[C10].txt 2015-08-19 20:45 - 2015-08-19 20:46 - 00000972 _____ C:\AdwCleaner[S11].txt 2015-08-19 20:44 - 2015-08-19 20:44 - 00000000 ____D C:\Users\User\Desktop\Neuer Ordner 2015-08-19 20:40 - 2015-08-19 20:40 - 00001016 _____ C:\AdwCleaner[C9].txt 2015-08-19 20:39 - 2015-08-19 20:39 - 00000848 _____ C:\AdwCleaner[S10].txt 2015-08-19 20:38 - 2015-08-19 20:38 - 00001063 _____ C:\AdwCleaner[C8].txt 2015-08-19 19:27 - 2015-08-19 19:28 - 00000847 _____ C:\AdwCleaner[S9].txt 2015-08-18 17:46 - 2015-08-18 17:47 - 01791580 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT.exe 2015-08-18 17:46 - 2015-08-18 17:46 - 01573888 _____ C:\Users\User\Desktop\AdwCleaner_5.001.exe 2015-08-17 20:30 - 2015-08-17 20:30 - 00025225 _____ C:\ComboFix.txt 2015-08-16 20:12 - 2015-08-16 20:12 - 00116576 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-16 16:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-08-16 16:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-08-16 16:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-08-16 16:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-08-16 16:42 - 2015-08-17 20:30 - 00000000 ____D C:\Qoobox 2015-08-16 16:37 - 2015-08-17 20:27 - 00000000 ____D C:\Windows\erdnt 2015-08-16 16:34 - 2015-08-16 16:35 - 05634818 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2015-08-16 15:37 - 2015-08-16 15:37 - 00001750 _____ C:\Users\User\Desktop\MalwareBytes.txt 2015-08-16 15:36 - 2015-08-16 15:36 - 00001750 _____ C:\MWB.txt 2015-08-16 15:21 - 2015-08-16 15:21 - 00013182 _____ C:\Users\User\Desktop\Gmer.log 2015-08-16 10:19 - 2015-08-16 10:21 - 00053626 _____ C:\Users\User\Desktop\Addition.txt 2015-08-16 10:18 - 2015-08-25 21:28 - 00020744 _____ C:\Users\User\Desktop\FRST.txt 2015-08-16 10:17 - 2015-08-25 21:28 - 00000000 ____D C:\FRST 2015-08-16 10:17 - 2015-08-24 22:49 - 01690112 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2015-08-16 10:17 - 2015-08-16 10:17 - 00380416 _____ C:\Users\User\Desktop\Gmer-19357.exe 2015-08-16 10:14 - 2015-08-16 10:15 - 00000580 _____ C:\Users\User\Desktop\defogger_disable.log 2015-08-16 10:14 - 2015-08-16 10:14 - 00000000 _____ C:\Users\User\defogger_reenable 2015-08-16 10:13 - 2015-08-16 10:13 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe 2015-08-15 09:14 - 2015-08-25 21:25 - 00002524 _____ C:\Windows\PFRO.log 2015-08-15 09:14 - 2015-08-15 09:15 - 00398832 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-14 13:09 - 2015-08-14 13:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-14 09:45 - 2015-08-18 17:44 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-14 09:44 - 2015-08-14 09:50 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-08-14 09:44 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-08-14 09:44 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-14 09:44 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-13 17:03 - 2015-07-21 22:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-13 17:03 - 2015-07-21 18:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-13 17:03 - 2015-07-21 18:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-13 17:03 - 2015-07-21 18:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-13 17:03 - 2015-07-21 18:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-13 17:03 - 2015-07-21 18:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-13 17:01 - 2015-07-31 21:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 17:00 - 2015-07-09 16:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-13 16:59 - 2015-07-10 21:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-13 16:55 - 2015-07-11 17:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-13 16:27 - 2015-07-18 18:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-13 16:24 - 2015-07-10 21:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-13 16:21 - 2015-08-01 00:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-13 16:21 - 2015-07-31 23:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-13 16:21 - 2015-07-31 22:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-13 16:21 - 2015-07-31 22:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-13 16:21 - 2015-07-31 22:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-13 16:21 - 2015-07-31 22:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-13 16:21 - 2015-07-31 22:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-13 16:17 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-13 16:17 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 21:48 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 21:48 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 21:48 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 21:48 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 21:48 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-12 21:48 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 21:48 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-12 21:48 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-12 21:48 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-12 21:48 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-06 09:21 - 2015-08-06 09:21 - 00000000 ____D C:\Users\User\AppData\Local\Mixesoft 2015-08-05 21:31 - 2015-08-05 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 21:29 - 2015-08-25 21:26 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 21:29 - 2015-08-25 20:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ___RD C:\Program Files\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-04 20:11 - 2015-08-04 20:11 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-01 10:07 - 2015-08-01 10:07 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-01 10:07 - 2015-08-01 10:07 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-07-30 13:03 - 2015-07-30 13:03 - 00000826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000814 _____ C:\Users\Public\Desktop\SkillsTraining 1.1.lnk 2015-07-30 13:03 - 2015-07-30 13:03 - 00000000 ____D C:\Users\User\AppData\Roaming\com.mmm.app.schattauer.skillstraining1 2015-07-30 13:02 - 2015-07-30 13:03 - 00000000 ____D C:\Program Files\SkillsTraining 1.1 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-07-30 13:01 - 2015-07-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-25 21:28 - 2011-09-22 22:16 - 00000000 ___RD C:\Users\User\Documents\Dropbox 2015-08-25 21:27 - 2011-09-22 22:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2015-08-25 21:25 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-25 21:25 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-25 21:25 - 2006-11-02 14:47 - 00004176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-25 21:24 - 2010-06-23 16:30 - 00003204 _____ C:\Windows\bthservsdp.dat 2015-08-25 21:24 - 2008-01-21 03:39 - 01872217 _____ C:\Windows\WindowsUpdate.log 2015-08-25 21:24 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-25 21:21 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-08-25 20:34 - 2015-05-09 10:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-25 20:31 - 2015-06-18 06:21 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000UA.job 2015-08-25 20:31 - 2015-06-18 06:21 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1406830839-1458410200-2704653683-1000Core.job 2015-08-25 19:34 - 2015-03-18 16:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-25 19:34 - 2015-03-18 16:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-25 19:08 - 2008-01-21 10:32 - 01576088 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-24 17:48 - 2013-07-29 13:50 - 00001738 ____H C:\Users\User\Documents\Default.rdp 2015-08-20 22:20 - 2014-04-03 13:28 - 00000000 ____D C:\Users\User\AppData\Roaming\CDisplayEx 2015-08-17 20:30 - 2007-12-24 21:33 - 00000000 ___RD C:\Users\Markus kann weg 2015-08-17 20:30 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2015-08-17 20:30 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2015-08-17 20:23 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2015-08-15 09:14 - 2012-04-25 18:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-14 16:11 - 2015-07-24 12:31 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\TDSSKiller.exe 2015-08-14 12:34 - 2010-06-23 20:13 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-08-14 12:30 - 2013-08-20 10:50 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-14 12:13 - 2013-09-27 10:09 - 00000000 ____D C:\AdwCleaner 2015-08-14 12:08 - 2013-07-26 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-14 11:10 - 2013-07-31 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2015-08-13 20:42 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-13 19:40 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-13 17:04 - 2010-10-28 10:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-13 16:54 - 2013-07-24 10:00 - 00000000 ____D C:\Windows\system32\MRT 2015-08-13 16:31 - 2006-11-02 12:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-05 21:31 - 2011-03-28 10:37 - 00000000 ____D C:\Users\User\AppData\Local\Google 2015-08-05 21:30 - 2011-03-28 10:38 - 00000000 ____D C:\Program Files\Google 2015-08-04 21:39 - 2010-07-17 18:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-08-04 20:12 - 2010-07-17 18:46 - 00000000 ____D C:\ProgramData\Skype 2015-08-01 10:07 - 2015-07-21 18:56 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-08-01 10:07 - 2015-07-21 18:55 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-01 10:07 - 2014-04-22 23:25 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-08-01 10:07 - 2013-07-26 11:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-30 13:01 - 2010-06-23 20:14 - 00000000 ____D C:\Program Files\Adobe 2015-07-26 09:29 - 2014-12-30 15:51 - 00000000 ____D C:\ProgramData\Unified Remote ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-09-25 12:32 - 2014-09-25 12:33 - 0000102 _____ () C:\Users\User\AppData\Roaming\.ptbt0 2012-04-24 00:10 - 2012-04-25 07:30 - 0002844 _____ () C:\Users\User\AppData\Roaming\alarms.ini 2012-04-24 00:06 - 2012-04-25 09:05 - 0000749 _____ () C:\Users\User\AppData\Roaming\AtomicAlarmClock.ini 2013-11-07 17:53 - 2013-11-07 17:53 - 0000393 _____ () C:\Users\User\AppData\Roaming\plugins.xml 2010-12-13 12:13 - 2010-12-13 12:13 - 0001274 _____ () C:\Users\User\AppData\Roaming\SAS7_000.DAT 2014-04-26 12:31 - 2014-04-26 12:31 - 0000043 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\AtStart.txt 2010-06-11 18:27 - 2014-07-25 23:51 - 0001356 _____ () C:\Users\User\AppData\Local\d3d9caps.dat 2010-06-23 18:42 - 2014-12-17 12:22 - 0161280 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\DSwitch.txt 2010-06-23 18:18 - 2014-07-30 10:44 - 0000000 _____ () C:\Users\User\AppData\Local\FnF4.txt 2010-06-11 19:27 - 2010-06-11 19:27 - 0000000 _____ () C:\Users\User\AppData\Local\QSwitch.txt 2012-06-13 17:06 - 2013-06-23 23:42 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db 2015-01-10 10:08 - 2015-01-10 10:08 - 0000000 _____ () C:\Users\User\AppData\Local\{450253B0-D9A8-4DE1-8853-F31AB41BDA42} 2011-11-15 00:41 - 2011-11-15 00:41 - 0000000 _____ () C:\Users\User\AppData\Local\{C809EE78-F2BE-46C1-9A6D-F71D1F35D882} 2014-08-20 09:22 - 2014-08-20 09:22 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-14 13:20 - 2015-03-09 15:25 - 0016726 _____ () C:\ProgramData\hpzinstall.log 2012-01-27 10:26 - 2012-01-27 12:48 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys Einige Dateien in TEMP: ==================== C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyb81pe.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-25 19:08 ==================== Ende vom FRST.txt ============================ Ob noch Probleme bestehen, kann ich grad nicht sagen, da ich in letzter zeit kaum Zeit zum Surfen hatte. Das Problem mit dem Strom/Netzteil besteht weiterhin, wobei das wohl eher ein Hardwareproblem ist, oder? Viele Grüße. Gerade ist Firefox bzw. der PC wieder komplett eingefroren, sodass nichts mehr ging. Dabei waren mehrere Tabs auf, u.a. imgur. Flash und mehrere Tabs gleichzeitig sorgen am häufigsten für das Problem, sodass es oft eher wie eine Überlastung scheint. Beste Grüße. |
26.08.2015, 11:06 | #14 |
/// the machine /// TB-Ausbilder | Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Passiert das nur wenn Firefox offen ist? Das andere ist ein Hardwareproblem, ja.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.08.2015, 11:30 | #15 |
| Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig Moin, ja, es tritt nur auf, wenn ich im Internet bin. Bei Firefox, Chrome und IE tritt das Problem mit den selben Symptomen und der selben Ausgangslage auf (Flash-Inhalte, mehrere Tabs). |
Themen zu Win Vista: Laptop friert bei Firefox ein; Manueller Neustart nötig |
antivirus, avira, computer, converter, desktop, device driver, dnsapi.dll, downloader, einfrieren, error, excel, firefox, flash player, homepage, install.exe, kaspersky, launch, lightning, maus, newtab, problem, registry, required, scan, security, software, starten, svchost.exe, system, viren, vista, windows |