|
Log-Analyse und Auswertung: LNK:Jenxcus-D - TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.08.2015, 23:22 | #1 |
| LNK:Jenxcus-D - Trojaner Hallo, mein Virenscanner Avast hat heute einen fiesen Fund gemeldet. ---Jenxcus-D (Troj.) Nun klingelt der Virenscanner in einer Tour, meldet Funde und daß er diese bei Erzeugung oder Änderung der Datei blockiert habe. Das ganze 51 mal, nur um dann von vorn anzufangen. Ich schreibe nun von einem anderen Computer, der aber inzwischen auch infiziert zu sein scheint, genauso wie der USB-Stick, den ich genutzt habe um meine Logs von einem Computer auf den anderen zu übertragen. Um den Computer, den ich derzeit nutze mach ich mir weniger Sorgen, den mach ich später einfach platt und setzt das System neu drauf. aber den anderen Computer hätte ich schon gern so weiter genutzt, wie er ist. Ich habe defogger ausgeführt, aber die logdatei ist verschwunden, FRST-logs liegen bei, Gmer startet bei mir nicht, da die Datei angeblich belegt ist. Kann mir jemand helfen? Beste Grüße HeiHa |
25.08.2015, 04:54 | #2 |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - Trojaner Hi,
__________________Logs bitte immer in codetags in den Thread posten
__________________ |
25.08.2015, 06:58 | #3 |
| LNK:Jenxcus-D - Trojaner Okay, sorry.
__________________Hier also nochmals die logs. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015 durchgeführt von Home (Administrator) auf PCARB (24-08-2015 23:27:39) Gestartet von N:\ Geladene Profile: Home (Verfügbare Profile: Home) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe () C:\Program Files (x86)\Join Air\AssistantServices.exe () C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE () C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe (AVM Berlin) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\fritzbox-usb-fernanschluss.exe (Dropbox, Inc.) C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe () C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files (x86)\Join Air\UIExec.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard ) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] => "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-09] (AVAST Software) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [138072 2010-04-27] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286272 2015-06-30] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-17] () HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\AVMAutoStart.exe [139264 2015-08-07] (AVM Berlin) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [1&1_1&1 Upload-Manager] => C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [SpeedMon] => C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-05-30] () HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [download_video_20150822] => wscript.exe //B "C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs" HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-06-30] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-06-10] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VVWUpdateTray.lnk [2015-05-30] ShortcutTarget: VVWUpdateTray.lnk -> C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-12-16] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs [2015-08-24] () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-08] ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-29] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-05-09] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => L:\ShellTools.dll [2015-01-23] (SmartSoft Ltd.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG CHR HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 SearchScopes: HKLM -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Kein Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Keine Datei BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{FF75941D-2B1E-42EB-A950-1F85448FFA8E}: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\eja85ab0.default FF DefaultSearchUrl: hxxp://www.bing.com/search FF SearchEngineOrder.1: Microsoft (Bing) FF Homepage: hxxps://www.google.de/?gws_rd=ssl FF Keyword.URL: hxxp://www.bing.com/search FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-01-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-01-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-06-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-06-30] (RealTimes) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-3483183917-3163184292-3340130657-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC) FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\eja85ab0.default\searchplugins\bing-avast.xml [2014-06-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-06] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-02-20] StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25] CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25] CHR HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Home\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [djbdlklldbflagkkpaljamjfbpefcbpf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-09] (AVAST Software) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-01-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] () R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-30] (RealNetworks, Inc.) R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2014-01-07] (IDT, Inc.) [Datei ist nicht signiert] R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] () R2 VVWUpdateService; C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe [3079808 2014-03-28] () S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-06] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2013-10-28] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-10-28] (Advanced Micro Devices) R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-05-19] (AVM Berlin) S2 AVMPORT; C:\Windows\SysWOW64\drivers\avmport.sys [66472 2009-10-02] (AVM Berlin) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-24] (Sony Mobile Communications) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-07] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-02] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-27] (Acronis International GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 23:27 - 2015-08-24 23:27 - 00000000 ____D C:\FRST 2015-08-24 23:20 - 2015-08-24 23:20 - 00000000 _____ C:\Users\Home\defogger_reenable 2015-08-24 22:49 - 2015-08-24 22:51 - 00000000 ____D C:\AdwCleaner 2015-08-24 11:35 - 2015-08-23 01:52 - 00015223 _____ C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs 2015-08-24 11:14 - 2015-08-24 11:14 - 20715348 _____ C:\Users\Home\Downloads\g d p for Hr's H.rar 2015-08-21 10:35 - 2015-08-21 10:35 - 00000000 ____D C:\Users\Home\.cache 2015-08-20 09:13 - 2015-08-21 11:07 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-19 10:54 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-08-19 10:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-08-17 16:01 - 2015-08-17 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-08-16 21:25 - 2015-08-24 22:39 - 00003332 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-16 21:25 - 2015-08-24 22:39 - 00003280 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-14 10:34 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-12 10:12 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 10:12 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 08:48 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-08-12 08:48 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-08-12 08:48 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-08-12 08:48 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-08-12 08:48 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-08-12 08:48 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-08-12 08:48 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-08-12 08:48 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-08-12 08:48 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-08-12 08:47 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-08-12 08:47 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-08-12 08:47 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-08-12 08:47 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-08-12 08:47 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-08-12 08:47 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-08-12 08:47 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-08-12 08:47 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-08-12 08:47 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-08-12 08:47 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-08-12 08:47 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-08-12 08:47 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-08-12 08:47 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-08-12 08:47 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-08-12 08:47 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-08-12 08:47 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-08-12 08:47 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-08-12 08:47 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-08-12 08:47 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-08-12 08:47 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-08-12 08:47 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-08-12 08:47 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-08-12 08:47 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-08-12 08:47 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-08-12 08:47 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-08-12 08:47 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-08-12 08:47 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-08-12 08:47 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-08-12 08:47 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-08-12 08:47 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-08-12 08:47 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-08-12 08:47 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-12 08:47 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-08-12 08:47 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2015-08-12 08:47 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-08-12 08:47 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-12 08:47 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-08-12 08:47 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-08-12 08:47 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-08-12 08:47 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2015-08-12 08:47 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2015-08-12 08:47 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2015-08-12 08:47 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2015-08-12 08:47 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-08-12 08:47 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-08-12 08:47 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-08-12 08:46 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-08-12 08:46 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2015-08-12 08:46 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2015-08-12 08:46 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-08-12 08:46 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-08-12 08:46 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2015-08-12 08:46 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2015-08-12 08:46 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2015-08-12 08:46 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-08-12 08:46 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2015-08-12 08:46 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2015-08-12 08:46 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-08-12 08:46 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2015-08-12 08:46 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2015-08-12 08:46 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2015-08-12 08:46 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2015-08-12 08:46 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-08-12 08:46 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-08-12 08:46 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-08-12 08:45 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-08-12 08:45 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-08-12 08:45 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-08-12 08:45 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-08-12 08:45 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-08-12 08:45 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-08-12 08:45 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-08-12 08:45 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-08-09 16:54 - 2015-08-09 16:54 - 00454016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-08-09 16:54 - 2015-08-09 16:54 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-08-09 16:54 - 2015-08-09 16:54 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 23:26 - 2015-06-16 11:01 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA.job 2015-08-24 23:26 - 2013-11-06 10:07 - 01948998 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-24 23:25 - 2015-07-09 12:43 - 00008108 _____ C:\WINDOWS\setupact.log 2015-08-24 23:20 - 2013-11-06 09:56 - 00000000 ____D C:\Users\Home 2015-08-24 23:19 - 2014-02-18 15:31 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-24 23:14 - 2013-11-07 10:40 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-24 23:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-24 22:58 - 2013-09-25 15:17 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-24 22:54 - 2013-12-08 11:46 - 00000000 __RDO C:\Users\Home\SkyDrive 2015-08-24 22:53 - 2014-05-19 10:46 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-24 22:53 - 2014-02-18 15:31 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-24 22:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-24 22:52 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-08-24 22:51 - 2015-01-23 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2015-08-24 22:51 - 2014-02-18 15:32 - 00001304 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-24 22:51 - 2014-02-18 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-24 22:51 - 2013-09-25 15:12 - 00000787 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-24 22:48 - 2013-09-30 06:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-24 22:48 - 2013-09-30 05:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat 2015-08-24 22:48 - 2013-09-30 05:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat 2015-08-24 22:39 - 2013-09-25 15:40 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-08-24 12:00 - 2013-10-13 11:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2015-08-24 11:46 - 2015-05-30 00:18 - 00000000 ____D C:\Users\Home\AppData\Roaming\SpeedMon 2015-08-24 11:38 - 2013-09-29 21:04 - 01242606 _____ C:\WINDOWS\PFRO.log 2015-08-24 10:26 - 2015-06-16 11:01 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core.job 2015-08-24 09:09 - 2013-11-06 13:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDD63B4C-F70A-4E7B-A13C-F1F3EF41655C} 2015-08-21 11:24 - 2013-12-10 19:59 - 00003152 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHome 2015-08-21 11:24 - 2013-12-10 19:59 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHome.job 2015-08-21 11:07 - 2013-09-26 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-21 11:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\security 2015-08-21 11:02 - 2013-10-25 08:47 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-08-21 09:05 - 2014-01-08 15:03 - 00000000 ___RD C:\Users\Home\Dropbox 2015-08-21 09:05 - 2013-10-23 13:07 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox 2015-08-20 14:22 - 2013-09-26 18:17 - 00000000 ____D C:\Users\Home\AppData\Local\FreePDF_XP 2015-08-20 13:53 - 2014-06-10 14:03 - 00000121 _____ C:\Users\Public\LMDebug.log 2015-08-19 15:40 - 2014-06-10 15:31 - 00000000 ____D C:\Users\Home\Documents\Scan 2015-08-19 10:54 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-18 12:12 - 2013-12-20 19:40 - 00000000 ____D C:\Users\Home\Desktop\Tor Browser 2015-08-17 16:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-08-17 11:55 - 2013-12-03 11:29 - 01135616 ___SH C:\Users\Home\Downloads\Thumbs.db 2015-08-14 12:14 - 2014-06-24 16:28 - 00121856 ___SH C:\Users\Home\Desktop\Thumbs.db 2015-08-14 08:49 - 2013-11-06 10:53 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-08-13 11:45 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-08-13 09:51 - 2013-11-12 17:41 - 00000000 ____D C:\Users\Home\AppData\Local\FRITZ! 2015-08-12 13:20 - 2013-11-06 09:50 - 00000000 ___DC C:\WINDOWS\Panther 2015-08-12 13:16 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT 2015-08-12 12:14 - 2013-11-07 10:40 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-08-12 12:07 - 2015-06-19 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-12 09:45 - 2013-08-22 16:44 - 00418160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-12 09:43 - 2014-12-11 16:51 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-08-12 09:43 - 2014-07-09 14:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-12 09:42 - 2013-09-26 11:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 09:42 - 2013-09-25 18:17 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-12 09:34 - 2013-09-25 18:17 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-11 15:12 - 2014-04-09 10:53 - 00018492 _____ C:\Users\Home\Desktop\Daten Auftraggeber.xlsx 2015-08-11 14:05 - 2013-10-17 15:21 - 00001517 _____ C:\WINDOWS\wiso.ini 2015-08-09 16:54 - 2014-05-07 14:01 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-08-09 16:54 - 2013-12-23 13:57 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-08-09 16:54 - 2013-12-20 19:08 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-08-09 16:54 - 2013-11-06 11:06 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-08-09 16:50 - 2013-09-30 05:59 - 00000000 ____D C:\WINDOWS\SKB 2015-08-08 15:55 - 2015-03-11 13:52 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-08-08 15:55 - 2015-03-11 13:52 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-07 16:21 - 2014-05-19 17:15 - 00009386 _____ C:\WINDOWS\avmacc.log 2015-08-07 16:21 - 2014-05-19 17:14 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment 2015-08-07 10:21 - 2015-06-16 11:01 - 00004176 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA 2015-08-07 10:21 - 2015-06-16 11:01 - 00003796 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-24 11:35 - 2015-08-23 01:52 - 0015223 _____ () C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs 2013-09-30 12:17 - 2013-10-01 13:17 - 0000093 _____ () C:\Users\Home\AppData\Roaming\WB.CFG 2013-09-30 12:17 - 2013-10-01 13:17 - 0000006 _____ () C:\Users\Home\AppData\Roaming\WBPU-TTL.DAT 2014-10-09 11:58 - 2014-10-09 11:58 - 0003584 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-13 14:04 - 2015-07-13 14:04 - 0002962 _____ () C:\Users\Home\AppData\Local\recently-used.xbel 2013-09-25 15:11 - 2013-09-25 15:11 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2013-09-26 20:33 - 2013-09-26 20:34 - 12669796 _____ () C:\ProgramData\SamPCFax000011480000 Einige Dateien in TEMP: ==================== C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpia6nxg.dll C:\Users\Home\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Home\AppData\Local\Temp\kd9e9wst.dll C:\Users\Home\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-24 22:29 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:24-08-2015 durchgeführt von Home (2015-08-24 23:28:42) Gestartet von N:\ Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3483183917-3163184292-3340130657-500 - Administrator - Disabled) Gast (S-1-5-21-3483183917-3163184292-3340130657-501 - Limited - Disabled) Home (S-1-5-21-3483183917-3163184292-3340130657-1001 - Administrator - Enabled) => C:\Users\Home HomeGroupUser$ (S-1-5-21-3483183917-3163184292-3340130657-1043 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 1&1 Upload-Manager (HKLM-x32\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG) 4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.5.1700 - Open Media LLC) 7-Zip 9.30 alpha (HKLM-x32\...\7-Zip) (Version: - ) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom) AMD Catalyst Install Manager (HKLM\...\{425D8EBC-EDEE-A047-63BA-F02A2D3D531E}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version: - AVM Berlin) Baurecht für die am Bau Beteiligten (HKLM-x32\...\{EFB86F72-9FD4-4411-8E4E-A9234388C557}) (Version: 1.0.0.0.1410 - Wolters Kluwer Deutschland GmbH) Bautagebuch 2014 (HKLM-x32\...\{6AA61366-7001-4B26-AB26-14F4977CBE1A}) (Version: 8.00.000 - VVW GmbH) Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - ) BKI Energieplaner 12.1.8 (HKLM-x32\...\{FE9BA3BD-BF92-4405-98CE-114302A08B1F}_is1) (Version: 12.1.8 - BKI) BKI Energieplaner 14.1.0 (HKLM-x32\...\{CE29BCC0-CB14-413F-8D68-A2FD81026A10}_is1) (Version: 14.1.0 - BKI) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version: - Browser Updater) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite) Contenta Converter PREMIUM (HKLM-x32\...\ContentaConverter-PREMIUM) (Version: - Contenta Software) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DanBasic V (HKLM-x32\...\{ED2FC50F-C1A5-40DA-B6A7-A787F7323E86}) (Version: 5.01.01 - Danfoss) Danfoss20120515 (x32 Version: 5.02.01 - Danfoss) Hidden DBX to PST Converter (HKLM-x32\...\DBX to PST Converter_is1) (Version: - ) dena - Gebäudedaten-Transfer (HKLM-x32\...\{9112CXXX-8FC9-4B75-BB46-40D9544D4657}}_is1) (Version: - ) Download.am (HKLM-x32\...\Download.am) (Version: - ) Dropbox (HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.) eDocPrintPro v3.17.4 (HKLM\...\{6F3FD6DA-35AA-4310-A59A-CA63590F3651}) (Version: 3.17.4 - MAY-Computer) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.57 - Astonsoft Ltd) Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation) FGK AirPlan Version 1.9.6 (HKLM-x32\...\0F3D7DB6-38F5-4DEF-B1DC-79616E5D8BFF_is1) (Version: 1.9.6 - FGK) Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\2db37667170956ee) (Version: 2.3.3.0 - AVM Berlin) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) GPL Ghostscript (remove only) (HKLM\...\GPL Ghostscript) (Version: 9.00 - Artifex Software Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard) HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Java 2 Runtime Environment, SE v1.4.2_05 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142050}) (Version: 1.4.2_05 - Sun Microsystems, Inc.) Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle) Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation) LEXsoft Professional 3.1 (HKLM-x32\...\{B909C433-533E-4331-989F-EA6BBEC7A6DD}) (Version: 3.1 - Wolters Kluwer Deutschland Information Services GmbH) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Media Go (HKLM-x32\...\{70DB09B8-1BA5-410A-992F-1C1CE288229E}) (Version: 2.9.316 - Sony) Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony) Media Go Video Playback Engine 2.16.109.12020 (HKLM-x32\...\{49AD7131-7DD6-E7D3-24FC-57EF82044144}) (Version: 2.16.109.12020 - Sony) Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 39.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 de)) (Version: 39.0.3 - Mozilla) Mozilla Firefox 41.0 (x64 de) (HKLM\...\Mozilla Firefox 41.0 (x64 de)) (Version: 41.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5707 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla) MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NetObjects Fusion 11.0 (HKLM-x32\...\{DBCCC743-1900-40BC-BF62-B8FC29F819F8}) (Version: 11 German - ) NetObjects Fusion 2013 (HKLM-x32\...\{4DA68C4E-B49C-4BA1-B036-C07DA39E16FA}) (Version: 13.0 - NetObjects) NetObjects Fusion 2013 (x32 Version: 13.00.0000.5508 - NetObjects) Hidden OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH) PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.0 - pdfforge) PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs) Planungstool Lüftungskonzept - Deinstallieren (HKLM-x32\...\Planungstool Lüftungskonzept_is1) (Version: - ) RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) REHAU Planungssoftware Fenstertechnik (HKLM-x32\...\{25585CF3-D347-4694-A9D2-6C647A90944F}_is1) (Version: - Rehau AG) Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version: - Samsung Electronics CO.,LTD) Samsung CLX-6260 Series (HKLM-x32\...\Samsung CLX-6260 Series) (Version: 1.17 (25.02.2015) - Samsung Electronics Co., Ltd.) Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.61 (10.04.2013) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.73.00(03.10.2013) - Samsung Electronics Co., Ltd.) Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.28.0 - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.11 (01.07.2013) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: Sid Meier's Civilization V - ) SmartFTP Client (HKLM\...\{63DC6CA7-2D93-4C34-9B16-48F33D712804}) (Version: 6.0.2121.0 - SmartSoft Ltd.) SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.7.201505261442 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony) SpeedMon (HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\SpeedMon) (Version: 0.5b - SpeedMon) Streaming Audio Recorder V3.3.2 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 3.3.2 - Apowersoft) sv.net (HKLM-x32\...\sv.net) (Version: 15.1 - ITSG GmbH) TGA-tools (HKLM-x32\...\{0B234F5D-D7B1-43E1-8E84-3DD2843CF846}) (Version: 4.5.477.19758 - mh-software) thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version: - thriXXX Software GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Video Download Capture V4.6.8 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.6.8 - Apowersoft) Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden Virtual Hottie 2 (HKLM-x32\...\Quest3DVirtual Hottie 2) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WISO Hausverwalter 2014 (HKLM-x32\...\{F7DA791F-5149-4520-92F9-69379E72436F}) (Version: 8.00.8332 - Buhl Data Service GmbH) WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{E1BBCB16-6C36-4947-9D51-61B57CD39875}) (Version: 21.00.8480 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{A28247FB-633F-48D0-ADA7-C607EB489D94}) (Version: 22.00.8811 - Buhl Data Service GmbH) ZVPLAN 1.3.6c (HKLM-x32\...\ZVPLAN) (Version: 1.3.6c - ConSoft GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Wiederherstellungspunkte ========================= 09-08-2015 16:53:35 avast! antivirus system restore point 19-08-2015 10:28:34 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {040DF747-DC75-42FD-A926-05D627357238} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {2082C794-60F6-42DC-921B-2E797806C50E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3483183917-3163184292-3340130657-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {311C549E-00A0-474B-8FD8-D030F7983191} - \BitGuard -> Keine Datei <==== ACHTUNG Task: {429DC091-1E62-49D2-9953-37F33283476E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3483183917-3163184292-3340130657-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {4472E380-92AA-47CA-BAF4-BB298E058688} - System32\Tasks\HPCeeScheduleForHome => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {4691035E-ED63-4A10-8319-497BC5608C34} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {51BA0356-6D8D-43C3-8CB8-B0A00E5868FC} - \RegClean Pro -> Keine Datei <==== ACHTUNG Task: {69BDB2F8-6290-4226-A8DB-78F44DDA710A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {70647AB5-9EE3-4817-AC86-4D9E315BABE5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {747E7581-EDB1-4FF6-BAC1-27433A844D50} - \SystemSockets\SystemSockets -> Keine Datei <==== ACHTUNG Task: {88276CAA-F364-4094-9F5A-9E731435D678} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-09] (AVAST Software) Task: {88CBBB78-F793-4924-87D4-5DD093FA923A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3483183917-3163184292-3340130657-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {926F73CE-A1EE-458F-B628-AA61F108FDBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.) Task: {9BFFC722-9D31-4F33-BA76-F45CA09B32B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard) Task: {AAE1D1F6-505B-46EE-96E7-C86530465452} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {B3AE3435-C25F-4AD6-8B72-74CAC559E32B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-18] (Google Inc.) Task: {BF4AECE3-8E28-4488-9CD2-846A00BACC9F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {BFF11DB0-352C-43FC-BEF3-A58115C0E9B9} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-06-17] () Task: {CA4CAB77-8323-4FB6-8385-4DF0ECAD7815} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3483183917-3163184292-3340130657-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {E10FA75C-846F-4413-9E93-06D5DDC16A86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {E2BA502C-C88C-4757-B9B3-A654A578B21B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {EA63AB81-999D-4D40-8A29-D0123B507CF0} - \Desk 365 RunAsStdUser -> Keine Datei <==== ACHTUNG Task: {F4A292ED-7EC2-4EFF-921D-394DE83EE301} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForHome.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-11-12 17:33 - 2006-02-23 12:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll 2013-11-12 17:33 - 2006-02-22 11:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll 2013-09-26 18:16 - 2010-06-17 20:56 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll 2008-09-09 11:22 - 2008-09-09 11:22 - 00022016 _____ () C:\WINDOWS\System32\sst1cl6.dll 2014-04-23 06:02 - 2014-04-23 06:02 - 00034304 _____ () C:\WINDOWS\System32\ssy3clm.dll 2015-06-17 03:25 - 2015-06-17 03:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2015-03-20 18:43 - 2010-04-27 17:57 - 00247152 _____ () C:\Program Files (x86)\Join Air\AssistantServices.exe 2014-03-28 08:45 - 2014-03-28 08:45 - 03079808 _____ () C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe 2013-10-01 11:32 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2014-02-26 11:19 - 2014-02-26 11:19 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2014-02-25 09:52 - 2014-02-25 09:52 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe\Sqlite3.dll 2015-08-10 10:44 - 2015-08-10 10:44 - 00028160 _____ () C:\Users\Home\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\10ead687afca927bd7b22ad8d20e1de3\Microsoft.PerfTrack.ni.dll 2014-10-22 10:25 - 2014-10-22 10:25 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll 2014-10-22 10:25 - 2014-10-22 10:25 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll 2014-10-22 10:25 - 2014-10-22 10:25 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll 2015-08-10 10:44 - 2015-08-10 10:44 - 02207232 _____ () C:\Users\Home\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.B2e1870ee#\c7c34e4c63558640a6f1cdb898288a54\Microsoft.Bing.AppEx.Telemetry.ni.dll 2014-10-22 10:25 - 2014-10-22 10:25 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll 2014-05-04 15:46 - 2014-05-04 15:46 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll 2014-10-29 15:55 - 2014-10-29 15:55 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll 2014-10-22 10:25 - 2014-10-22 10:25 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll 2014-10-22 10:25 - 2014-10-22 10:25 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll 2015-08-10 10:45 - 2015-08-10 10:45 - 00117248 _____ () C:\Users\Home\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\99fa190c50aa9d06da5fb90ed0d8b8f7\SqliteWrapper.ni.dll 2014-10-29 15:55 - 2014-10-29 15:55 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\b9985906d4d9f96e8c8047c4657a1388\Windows.Web.ni.dll 2014-05-04 15:46 - 2014-05-04 15:46 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll 2014-10-29 15:55 - 2014-10-29 15:55 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll 2014-05-04 15:46 - 2014-05-04 15:46 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll 2012-03-09 10:58 - 2012-03-09 10:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2012-03-09 10:58 - 2012-03-09 10:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2015-05-30 00:18 - 2015-05-30 00:18 - 00840206 _____ () C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe 2014-08-04 09:28 - 2014-08-04 09:28 - 02313848 _____ () C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe 2015-03-20 18:43 - 2010-04-27 18:06 - 00138072 _____ () C:\Program Files (x86)\Join Air\UIExec.exe 2013-02-12 16:05 - 2013-02-12 16:05 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll 2013-02-12 16:05 - 2013-02-12 16:05 - 00028672 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2013-11-06 10:19 - 2013-11-06 10:19 - 00120224 _____ () C:\Users\Home\AppData\Local\assembly\dl3\MEAJDM9E.0NW\D023RN2H.4JN\1e5186e9\0017145d_cd85cd01\HPItunesModule.DLL 2015-08-09 16:54 - 2015-08-09 16:54 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-09 16:54 - 2015-08-09 16:54 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-24 11:38 - 2015-08-24 11:38 - 02960896 _____ () C:\Program Files\AVAST Software\Avast\defs\15082400\algo.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll 2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll 2012-11-07 08:24 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-02-04 19:25 - 2014-02-04 19:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll 2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2013-10-10 13:02 - 2013-10-10 13:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2015-03-17 11:02 - 2015-03-17 11:02 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-07 10:09 - 2014-01-07 10:08 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg DNS Servers: Datenträger ist nicht mit dem Internet verbunden. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "FreePDF Assistant" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "LWS" HKLM\...\StartupApproved\Run32: => "RealDownloader" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\Run: => "Driver Pro" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\Run: => "Free Download Manager" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\Run: => "iLivid" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\Run: => "LiveSupport" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\Run: => "playnowradio" HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\StartupApproved\Run: => "Sony PC Companion" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7C00FE39-1650-4C04-894A-C7B622C8FEC0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [UDP Query User{FD8B1F91-BCAC-48CB-ADEC-C475B9E5A47E}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{F386E1B8-D63E-46FE-A5F9-B89E12FE1E9F}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{E064EADE-E3D7-41C2-926B-E86E51D98C1C}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{1019A415-6E06-4A41-AE89-81C7B02680FE}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{86A31D47-99C8-410A-A30E-95BB542916C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{5EB31065-0820-409E-BBBA-67D8AFBD26F9}] => (Allow) C:\SoloApp\IEDriverServer.exe FirewallRules: [{A7C3C917-797C-4FD8-8A81-9FCD0D1BBC51}] => (Allow) C:\SoloApp\IEDriverServer.exe FirewallRules: [{AFA21845-A01D-4501-B903-5EEE0257EB60}] => (Allow) C:\SoloApp\chromedriver.exe FirewallRules: [{A34009BC-1943-4A68-A5AD-EB3576C03BAA}] => (Allow) C:\SoloApp\chromedriver.exe FirewallRules: [{F74DE6E3-8413-42A5-BA79-3B379AAF0C38}] => (Allow) C:\SoloApp\WebDriver.dll FirewallRules: [{F06338EA-6A9F-4916-A2DB-339E4813E2C1}] => (Allow) C:\SoloApp\WebDriver.dll FirewallRules: [{83ACA3B3-4EFD-46B0-8605-B8BD5995B6B4}] => (Allow) C:\SoloApp\SoloApp.exe FirewallRules: [{37A72DB6-FDED-4119-AE80-122B0085FB7D}] => (Allow) C:\SoloApp\SoloApp.exe FirewallRules: [{9573AD74-F4B1-40C6-BD28-7F57D98DB75D}] => (Allow) C:\Program Files (x86)\HomeTab\TBUpdater.dll FirewallRules: [{48443A6E-4868-4696-9857-E0B095615A6F}] => (Allow) C:\Program Files (x86)\HomeTab\TBUpdater.dll FirewallRules: [{67B0AD6B-042F-42E9-B2E6-706A1DD13A09}] => (Allow) C:\Program Files (x86)\HomeTab\ProtectedSearch.exe FirewallRules: [{2BAC8FCA-FE20-4D3D-833E-B563EDF31220}] => (Allow) C:\Program Files (x86)\HomeTab\ProtectedSearch.exe FirewallRules: [{6F2503E0-29D8-4C8D-A6E6-9EA98E68086D}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe FirewallRules: [{5E2EA976-4887-4C2B-B4F6-071A6B5B4631}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe FirewallRules: [{AE3DB0AE-2952-4649-B19E-BD3E2741AD00}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{4A6E0361-4CA0-4FBB-93BB-96576B2D9166}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{DA142E8D-9A9D-4F3B-A426-126DC6E6F15A}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe FirewallRules: [{03D1119E-E989-4E92-8988-9F5E20ACE452}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe FirewallRules: [{8B5FCEE1-73C5-49D7-A4EC-15159C2EF418}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe FirewallRules: [{B4C0238C-A1CE-486F-8D83-FE8A645A8E79}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe FirewallRules: [{9C811921-3F02-413A-B3FC-9609ECC031B7}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe FirewallRules: [{A1F097F2-4E69-4C50-9ABB-804CF50D12D9}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe FirewallRules: [{7D73BD55-932F-45BB-9F0B-D58B50BB5905}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe FirewallRules: [{B7E0C0E3-A844-4170-AB4C-E0CDAB55C952}] => (Allow) LPort=1900 FirewallRules: [{6DAF7B85-DA33-4641-A9C8-DE086B02C04E}] => (Allow) LPort=2869 FirewallRules: [{4FB21B38-A7C6-4772-B728-FA9DCAB3733D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{870FC93A-C876-4F70-A826-334BF8CF601C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{550C7143-CE9C-4937-BDC0-2994CBECEA42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EEA13C70-398A-4759-8B5D-0B46ABFD84A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1F8C885B-7CC5-46A7-BB4C-F2F1335A4393}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D3B067E0-17C7-4A71-9B4F-51A440552BC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{FF533122-0014-43F6-A8B2-6CE42A84A8C0}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp FirewallRules: [UDP Query User{EFD8C3AB-D68A-4B7E-AE3B-EDAB4C182401}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp FirewallRules: [{04677DFD-EB7E-4334-A6FF-5953FD9BD32A}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.exe FirewallRules: [{FD00DE45-C357-43A0-929B-F0C3B812E966}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe FirewallRules: [{BF7088AE-8A2A-415C-8D18-54A7789BCF5E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe FirewallRules: [{C378C1B9-BB67-469E-B810-04D194500562}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe FirewallRules: [{F2EB811A-DD1B-49B8-8AAF-21010BB13619}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll FirewallRules: [{088B5279-8DCB-4E88-8B22-DEDB8903391A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll FirewallRules: [{125DD228-A575-42D6-946F-8B01ADD9BCA0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll FirewallRules: [{79A4B8DF-49AC-4781-BCD8-AE4264883804}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll FirewallRules: [{1836EFAE-18AD-4765-AEA2-E154FDBADBEF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll FirewallRules: [{69ED491B-04E8-4C1D-A409-94F7E29DAFF0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll FirewallRules: [{4563A235-8D31-436E-B08A-A55C476F6FC7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll FirewallRules: [{E705BE96-7638-49EF-B53D-8F335BAFA70D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll FirewallRules: [{9DA58D3B-5A63-4580-B90D-059C686A76BB}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll FirewallRules: [{C8616146-A6D9-42CE-B652-7E5AC2883D35}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll FirewallRules: [{DCA41A25-7810-48CD-9655-D3B82372D990}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [{A443ADFE-CCEA-4D45-9E90-EBF37482609D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [{19A5ABF9-D37B-4A4A-8EB7-8FCC6E1AF19A}] => (Allow) C:\Users\Home\AppData\Local\iLivid\iLivid.exe FirewallRules: [{875611C4-7748-4491-B1A8-A79920CDF965}] => (Allow) C:\Users\Home\AppData\Local\iLivid\iLivid.exe FirewallRules: [{4E935968-76CE-49E7-B7F5-C214A5E21046}] => (Allow) C:\Program Files (x86)\HomeTab\WBrowserDefender.exe FirewallRules: [{0FACEB7D-FBF3-41DD-9F9A-082F0C89B027}] => (Allow) C:\Program Files (x86)\HomeTab\WBrowserDefender.exe FirewallRules: [{ABB759F1-B242-45E8-9432-F652AB587D01}] => (Allow) C:\Program Files (x86)\HomeTab\WBrowserUpdater.exe FirewallRules: [{F7F33360-D868-4A41-9F46-B114F1D15234}] => (Allow) C:\Program Files (x86)\HomeTab\WBrowserUpdater.exe FirewallRules: [{F039ABC7-1604-4424-9DE1-A642AE30A570}] => (Allow) C:\Program Files (x86)\HomeTab\WBrowserProductivity.exe FirewallRules: [{4D518706-2CFD-4999-9684-20736A1FDE57}] => (Allow) C:\Program Files (x86)\HomeTab\WBrowserProductivity.exe FirewallRules: [{BBD936DA-B844-4E4D-BFD1-8DFED13C1113}] => (Allow) C:\SoloApp\SoloApp.exe FirewallRules: [{17B24975-249E-401B-91E3-C71E6810ABAD}] => (Allow) C:\SoloApp\SoloApp.exe FirewallRules: [{0C2952B6-2D87-44FC-A91E-4FA6752EF939}] => (Allow) C:\SoloApp\WebDriver.dll FirewallRules: [{D250A29A-A276-4AC1-8430-20B086681F4A}] => (Allow) C:\SoloApp\WebDriver.dll FirewallRules: [{D169CF69-F639-4AE1-8140-FBF296A06A8C}] => (Allow) C:\SoloApp\chromedriver.exe FirewallRules: [{DD39566B-1896-4399-A1A1-C8E0E5C6C94C}] => (Allow) C:\SoloApp\chromedriver.exe FirewallRules: [{EAE2D320-833F-4494-9979-0D30B1B2CB0E}] => (Allow) C:\SoloApp\IEDriverServer.exe FirewallRules: [{C68AC5FA-7A53-447E-9F81-9A6474FFE627}] => (Allow) C:\SoloApp\IEDriverServer.exe FirewallRules: [TCP Query User{AECAA4E2-37EA-4A92-B01A-3568EA211118}C:\program files (x86)\wolterskluwer\baur_beteiligte_cd\server\apache\bin\lexpro_1718.exe] => (Allow) C:\program files (x86)\wolterskluwer\baur_beteiligte_cd\server\apache\bin\lexpro_1718.exe FirewallRules: [UDP Query User{199ED934-7E5D-4BA1-A5BC-2F5CC9CB4630}C:\program files (x86)\wolterskluwer\baur_beteiligte_cd\server\apache\bin\lexpro_1718.exe] => (Allow) C:\program files (x86)\wolterskluwer\baur_beteiligte_cd\server\apache\bin\lexpro_1718.exe FirewallRules: [{A9C15968-2FB7-44E3-8001-6B1F3E37CD4C}] => (Allow) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{93353641-1AE7-402D-8CDD-DC0D28C5ADE9}] => (Allow) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{109BABAA-AC38-4F97-BB1A-0A41AC72EDC5}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{C0A99C87-DA59-47E5-9A71-835A43003512}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{32BE2887-1204-46E1-9266-3395FC4C9768}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{0FDBD0EB-A78A-4AB5-90C6-91BE98AD2AF6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [TCP Query User{F1D5C89C-C261-49C3-8690-B815E8627AAB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{65B17C82-728E-42BC-A3DA-3701D55D8331}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{3A23CF13-43DA-45CA-80D8-18D2D7C068B0}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{235CA9C3-10D2-43A1-9F40-FC8B9CE7847D}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{524B3042-8111-499C-9B9E-CF91C7D00363}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{8B2557CA-9CFC-46D3-B6A8-49105038FF1B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{9FE2AF39-91C2-499C-85CD-4E0C0276DB87}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{C565FAE3-4B9D-4FB4-A02C-0763D735A7E0}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{BB88BF48-4644-4407-A6E7-30FB16B616D0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{6B63B432-8010-48AB-BF18-F46F88071381}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{8DDA9493-5F5B-4021-ABA5-07CF2992B894}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{6FF491F5-B5C8-4BC8-9B5D-D2DA2ADCAD91}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{C372403F-F264-43CC-BE96-0E61772B1D14}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{E2E9D6BF-EA87-4EAA-80D4-EF2823FED0AE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{A4F62B8F-2F9D-494E-9D16-743B9BB7AB7C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{16C1F25C-75D9-44CF-B0E6-DF4D7B6628F4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{A61F8AB7-DCDA-4FA5-8A64-88348C4D8967}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{7C5C0DDC-894E-4AB6-80CF-AD039B7633A6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{BB3525F9-4816-40A2-9922-8CB4CA9101FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{65EA11FD-3D42-4AE9-9F05-82EB614D4672}] => (Allow) L:\SmartFTP.exe FirewallRules: [TCP Query User{EBF78319-D6CD-43C0-840B-4571A713D7B3}C:\program files (x86)\2k games\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\2k games\sid meier's civilization v\civilizationv.exe FirewallRules: [UDP Query User{0A28214A-8F9C-40DF-A070-F9833D04DC59}C:\program files (x86)\2k games\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\2k games\sid meier's civilization v\civilizationv.exe FirewallRules: [TCP Query User{3AEAD25D-1C7B-4C4F-AED1-E12310D49086}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe FirewallRules: [UDP Query User{3EF9E31B-7798-4C66-8E2D-95C31E9E70C1}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe FirewallRules: [TCP Query User{337FD5A0-B709-4924-857D-6946D8CCC353}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe FirewallRules: [UDP Query User{465A3C09-036F-4ACB-B53A-EF93AD4811DE}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe FirewallRules: [TCP Query User{13EFDDEC-2FF1-49B0-AD40-E048D959F1D5}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Block) C:\program files (x86)\funcom\age of conan\conanpatcher.exe FirewallRules: [UDP Query User{33F4DDA6-65CE-4203-BE7B-285E20D99008}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Block) C:\program files (x86)\funcom\age of conan\conanpatcher.exe FirewallRules: [TCP Query User{2596C26A-F693-4A58-AE53-35051C069B58}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe FirewallRules: [UDP Query User{BEEE2C4B-F782-4F4F-83D0-3E063A059F02}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe FirewallRules: [{EFB610A7-EE2A-43CC-9BC5-6024E2F810F3}] => (Allow) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{621376DB-CBAA-4825-88F0-7B4EA7AE803F}] => (Allow) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [TCP Query User{52B5278C-F720-4269-BEE5-2EF23B0BC946}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp FirewallRules: [UDP Query User{00CE3E0B-728C-4075-BAE5-1F04E7E59A4E}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp FirewallRules: [TCP Query User{6448E11C-377A-45AF-967D-60AF5491F363}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe FirewallRules: [UDP Query User{D3DF681C-07EC-47C6-B82D-90980128EFC2}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe FirewallRules: [TCP Query User{30B24B62-DEAA-46CE-BA24-71052DA7D38F}C:\program files (x86)\vvw\bautagebuch_2014\bautb.exe] => (Allow) C:\program files (x86)\vvw\bautagebuch_2014\bautb.exe FirewallRules: [UDP Query User{00609776-EEA5-4C6D-9F1A-0EA595A5A83D}C:\program files (x86)\vvw\bautagebuch_2014\bautb.exe] => (Allow) C:\program files (x86)\vvw\bautagebuch_2014\bautb.exe FirewallRules: [{65BC004A-54D0-4D02-9EE5-C8CAD601D657}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{7DD9906C-49F1-4916-BA8D-06CA3E67BD07}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{579782D0-8007-482C-A939-91629D85FC0E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{FD73DDBF-326F-4EB2-A558-71D27634B8D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D9D2D496-78D4-4676-9B4E-9240CDE913E3}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{818D38DA-DBF1-4D7C-A5C7-D2BA80B7DB48}] => (Allow) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\fritzbox-usb-fernanschluss.exe FirewallRules: [{6EF62A80-49C3-40BB-B603-A7BB4200A42A}] => (Allow) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\fritzbox-usb-fernanschluss.exe FirewallRules: [{C2E8F9E5-58DF-46B1-ACAD-61E2D7938E9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7879A3F3-C54E-4F78-97D1-8DBB157442EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{73A7513C-D335-49E4-A2BF-F0686962530C}] => (Allow) LPort=53000 FirewallRules: [{C7E9C986-0286-47DB-BE40-055988E22E2F}] => (Allow) LPort=52000 ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/24/2015 11:12:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 720609 Error: (08/24/2015 11:12:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 720609 Error: (08/24/2015 11:12:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/24/2015 11:00:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3437 Error: (08/24/2015 11:00:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3437 Error: (08/24/2015 11:00:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/24/2015 11:00:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1890 Error: (08/24/2015 11:00:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1890 Error: (08/24/2015 11:00:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/24/2015 10:39:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 386625 Systemfehler: ============= Error: (08/24/2015 11:28:49 PM) (Source: DCOM) (EventID: 10010) (User: PCARB) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (08/24/2015 11:25:55 PM) (Source: DCOM) (EventID: 10010) (User: PCARB) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (08/24/2015 11:22:09 PM) (Source: DCOM) (EventID: 10010) (User: PCARB) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (08/24/2015 11:13:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home Error: (08/24/2015 11:12:46 PM) (Source: Ntfs) (EventID: 131) (User: NT-AUTORITÄT) Description: Die Dateisystemstruktur auf Volume "C:" kann nicht korrigiert werden. Führen Sie das Hilfsprogramm CHKDSK auf Volume "C:" aus. Error: (08/24/2015 10:56:12 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (08/24/2015 10:56:05 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT) Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001. Error: (08/24/2015 10:52:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/24/2015 10:52:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (08/24/2015 10:52:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AVMPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Microsoft Office: ========================= Error: (11/20/2013 01:33:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity: =================================== Date: 2015-07-14 10:07:26.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-24 10:21:36.892 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-03-17 10:46:56.186 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Prozentuale Nutzung des RAM: 16% Installierter physikalischer RAM: 12227.54 MB Verfügbarer physikalischer RAM: 10259.88 MB Summe virtueller Speicher: 14083.54 MB Verfügbarer virtueller Speicher: 11768.23 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:918.68 GB) (Free:263.82 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)] Drive d: (Recovery Image) (Fixed) (Total:11.02 GB) (Free:1.3 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)] Drive e: (SYSTEM) (Fixed) (Total:303.35 GB) (Free:6.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)] Drive f: (DATA) (Fixed) (Total:150.69 GB) (Free:62.91 GB) NTFS Drive g: (HV2015) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS Drive h: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32 Drive l: (WD HDD) (Fixed) (Total:1862.98 GB) (Free:624.34 GB) NTFS Drive n: () (Removable) (Total:14.92 GB) (Free:6.5 GB) FAT32 Drive q: () (Removable) (Total:1.87 GB) (Free:1.61 GB) FAT ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 1A370A24) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 7865937E) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73) ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 9FAC2F34) Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27) Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=150.7 GB) - (Type=07 NTFS) ======================================================== Disk: 7 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=14.9 GB) - (Type=0C) ======================================================== Disk: 8 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 015D4B18) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 9 (Size: 3.8 GB) (Disk ID: 00077211) Partition 1: (Active) - (Size=3.8 GB) - (Type=0B) ======================================================== Disk: 10 (Size: 1.9 GB) (Disk ID: 70F6939D) Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06) ==================== Ende von FRST.txt ============================ |
25.08.2015, 10:50 | #4 |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - Trojaner Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.08.2015, 12:37 | #5 |
| LNK:Jenxcus-D - Trojaner Hallo schrauber, danke für die Anleitung. Nennenswerte Funde waren wohl aber nicht dabei. Beste Grüße Hier die Logs. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015 durchgeführt von Home (Administrator) auf PCARB (24-08-2015 23:27:39) Gestartet von N:\ Geladene Profile: Home (Verfügbare Profile: Home) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe () C:\Program Files (x86)\Join Air\AssistantServices.exe () C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE () C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe (AVM Berlin) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\fritzbox-usb-fernanschluss.exe (Dropbox, Inc.) C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe () C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files (x86)\Join Air\UIExec.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard ) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] => "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-09] (AVAST Software) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [138072 2010-04-27] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286272 2015-06-30] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-17] () HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\AVMAutoStart.exe [139264 2015-08-07] (AVM Berlin) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [1&1_1&1 Upload-Manager] => C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [SpeedMon] => C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-05-30] () HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [download_video_20150822] => wscript.exe //B "C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs" HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-06-30] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-06-10] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VVWUpdateTray.lnk [2015-05-30] ShortcutTarget: VVWUpdateTray.lnk -> C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-12-16] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs [2015-08-24] () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-08] ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-29] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-05-09] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => L:\ShellTools.dll [2015-01-23] (SmartSoft Ltd.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG CHR HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 SearchScopes: HKLM -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Kein Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Keine Datei BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{FF75941D-2B1E-42EB-A950-1F85448FFA8E}: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\eja85ab0.default FF DefaultSearchUrl: hxxp://www.bing.com/search FF SearchEngineOrder.1: Microsoft (Bing) FF Homepage: hxxps://www.google.de/?gws_rd=ssl FF Keyword.URL: hxxp://www.bing.com/search FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-01-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-01-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-06-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-06-30] (RealTimes) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-3483183917-3163184292-3340130657-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC) FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\eja85ab0.default\searchplugins\bing-avast.xml [2014-06-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-06] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-02-20] StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25] CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25] CHR HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Home\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [djbdlklldbflagkkpaljamjfbpefcbpf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-09] (AVAST Software) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-01-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] () R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-30] (RealNetworks, Inc.) R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2014-01-07] (IDT, Inc.) [Datei ist nicht signiert] R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] () R2 VVWUpdateService; C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe [3079808 2014-03-28] () S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-06] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2013-10-28] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-10-28] (Advanced Micro Devices) R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-05-19] (AVM Berlin) S2 AVMPORT; C:\Windows\SysWOW64\drivers\avmport.sys [66472 2009-10-02] (AVM Berlin) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-24] (Sony Mobile Communications) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-07] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-02] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-27] (Acronis International GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 23:27 - 2015-08-24 23:27 - 00000000 ____D C:\FRST 2015-08-24 23:20 - 2015-08-24 23:20 - 00000000 _____ C:\Users\Home\defogger_reenable 2015-08-24 22:49 - 2015-08-24 22:51 - 00000000 ____D C:\AdwCleaner 2015-08-24 11:35 - 2015-08-23 01:52 - 00015223 _____ C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs 2015-08-24 11:14 - 2015-08-24 11:14 - 20715348 _____ C:\Users\Home\Downloads\g d p for Hr's H.rar 2015-08-21 10:35 - 2015-08-21 10:35 - 00000000 ____D C:\Users\Home\.cache 2015-08-20 09:13 - 2015-08-21 11:07 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-19 10:54 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-08-19 10:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-08-17 16:01 - 2015-08-17 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-08-16 21:25 - 2015-08-24 22:39 - 00003332 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-16 21:25 - 2015-08-24 22:39 - 00003280 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-14 10:34 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-12 10:12 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 10:12 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 08:48 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-08-12 08:48 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-08-12 08:48 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-08-12 08:48 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-08-12 08:48 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-08-12 08:48 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-08-12 08:48 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-08-12 08:48 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-08-12 08:48 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-08-12 08:47 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-08-12 08:47 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-08-12 08:47 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-08-12 08:47 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-08-12 08:47 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-08-12 08:47 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-08-12 08:47 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-08-12 08:47 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-08-12 08:47 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-08-12 08:47 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-08-12 08:47 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-08-12 08:47 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-08-12 08:47 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-08-12 08:47 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-08-12 08:47 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-08-12 08:47 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-08-12 08:47 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-08-12 08:47 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-08-12 08:47 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-08-12 08:47 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-08-12 08:47 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-08-12 08:47 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-08-12 08:47 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-08-12 08:47 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-08-12 08:47 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-08-12 08:47 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-08-12 08:47 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-08-12 08:47 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-08-12 08:47 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-08-12 08:47 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-08-12 08:47 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-08-12 08:47 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-12 08:47 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-08-12 08:47 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2015-08-12 08:47 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-08-12 08:47 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-12 08:47 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-08-12 08:47 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-08-12 08:47 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-08-12 08:47 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2015-08-12 08:47 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2015-08-12 08:47 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2015-08-12 08:47 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2015-08-12 08:47 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-08-12 08:47 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-08-12 08:47 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-08-12 08:46 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-08-12 08:46 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2015-08-12 08:46 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2015-08-12 08:46 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-08-12 08:46 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-08-12 08:46 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2015-08-12 08:46 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2015-08-12 08:46 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2015-08-12 08:46 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-08-12 08:46 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2015-08-12 08:46 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2015-08-12 08:46 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-08-12 08:46 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2015-08-12 08:46 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2015-08-12 08:46 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2015-08-12 08:46 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2015-08-12 08:46 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-08-12 08:46 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-08-12 08:46 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-08-12 08:45 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-08-12 08:45 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-08-12 08:45 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-08-12 08:45 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-08-12 08:45 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-08-12 08:45 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-08-12 08:45 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-08-12 08:45 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-08-09 16:54 - 2015-08-09 16:54 - 00454016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-08-09 16:54 - 2015-08-09 16:54 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-08-09 16:54 - 2015-08-09 16:54 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 23:26 - 2015-06-16 11:01 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA.job 2015-08-24 23:26 - 2013-11-06 10:07 - 01948998 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-24 23:25 - 2015-07-09 12:43 - 00008108 _____ C:\WINDOWS\setupact.log 2015-08-24 23:20 - 2013-11-06 09:56 - 00000000 ____D C:\Users\Home 2015-08-24 23:19 - 2014-02-18 15:31 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-24 23:14 - 2013-11-07 10:40 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-24 23:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-24 22:58 - 2013-09-25 15:17 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-24 22:54 - 2013-12-08 11:46 - 00000000 __RDO C:\Users\Home\SkyDrive 2015-08-24 22:53 - 2014-05-19 10:46 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-24 22:53 - 2014-02-18 15:31 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-24 22:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-24 22:52 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-08-24 22:51 - 2015-01-23 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2015-08-24 22:51 - 2014-02-18 15:32 - 00001304 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-24 22:51 - 2014-02-18 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-24 22:51 - 2013-09-25 15:12 - 00000787 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-24 22:48 - 2013-09-30 06:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-24 22:48 - 2013-09-30 05:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat 2015-08-24 22:48 - 2013-09-30 05:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat 2015-08-24 22:39 - 2013-09-25 15:40 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-08-24 12:00 - 2013-10-13 11:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2015-08-24 11:46 - 2015-05-30 00:18 - 00000000 ____D C:\Users\Home\AppData\Roaming\SpeedMon 2015-08-24 11:38 - 2013-09-29 21:04 - 01242606 _____ C:\WINDOWS\PFRO.log 2015-08-24 10:26 - 2015-06-16 11:01 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core.job 2015-08-24 09:09 - 2013-11-06 13:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDD63B4C-F70A-4E7B-A13C-F1F3EF41655C} 2015-08-21 11:24 - 2013-12-10 19:59 - 00003152 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHome 2015-08-21 11:24 - 2013-12-10 19:59 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHome.job 2015-08-21 11:07 - 2013-09-26 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-21 11:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\security 2015-08-21 11:02 - 2013-10-25 08:47 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-08-21 09:05 - 2014-01-08 15:03 - 00000000 ___RD C:\Users\Home\Dropbox 2015-08-21 09:05 - 2013-10-23 13:07 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox 2015-08-20 14:22 - 2013-09-26 18:17 - 00000000 ____D C:\Users\Home\AppData\Local\FreePDF_XP 2015-08-20 13:53 - 2014-06-10 14:03 - 00000121 _____ C:\Users\Public\LMDebug.log 2015-08-19 15:40 - 2014-06-10 15:31 - 00000000 ____D C:\Users\Home\Documents\Scan 2015-08-19 10:54 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-18 12:12 - 2013-12-20 19:40 - 00000000 ____D C:\Users\Home\Desktop\Tor Browser 2015-08-17 16:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-08-17 11:55 - 2013-12-03 11:29 - 01135616 ___SH C:\Users\Home\Downloads\Thumbs.db 2015-08-14 12:14 - 2014-06-24 16:28 - 00121856 ___SH C:\Users\Home\Desktop\Thumbs.db 2015-08-14 08:49 - 2013-11-06 10:53 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-08-13 11:45 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-08-13 09:51 - 2013-11-12 17:41 - 00000000 ____D C:\Users\Home\AppData\Local\FRITZ! 2015-08-12 13:20 - 2013-11-06 09:50 - 00000000 ___DC C:\WINDOWS\Panther 2015-08-12 13:16 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT 2015-08-12 12:14 - 2013-11-07 10:40 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-08-12 12:07 - 2015-06-19 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-12 09:45 - 2013-08-22 16:44 - 00418160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-12 09:43 - 2014-12-11 16:51 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-08-12 09:43 - 2014-07-09 14:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-12 09:42 - 2013-09-26 11:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 09:42 - 2013-09-25 18:17 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-12 09:34 - 2013-09-25 18:17 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-11 15:12 - 2014-04-09 10:53 - 00018492 _____ C:\Users\Home\Desktop\Daten Auftraggeber.xlsx 2015-08-11 14:05 - 2013-10-17 15:21 - 00001517 _____ C:\WINDOWS\wiso.ini 2015-08-09 16:54 - 2014-05-07 14:01 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-08-09 16:54 - 2013-12-23 13:57 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-08-09 16:54 - 2013-12-20 19:08 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-08-09 16:54 - 2013-11-06 11:06 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-08-09 16:50 - 2013-09-30 05:59 - 00000000 ____D C:\WINDOWS\SKB 2015-08-08 15:55 - 2015-03-11 13:52 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-08-08 15:55 - 2015-03-11 13:52 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-07 16:21 - 2014-05-19 17:15 - 00009386 _____ C:\WINDOWS\avmacc.log 2015-08-07 16:21 - 2014-05-19 17:14 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment 2015-08-07 10:21 - 2015-06-16 11:01 - 00004176 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA 2015-08-07 10:21 - 2015-06-16 11:01 - 00003796 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-24 11:35 - 2015-08-23 01:52 - 0015223 _____ () C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs 2013-09-30 12:17 - 2013-10-01 13:17 - 0000093 _____ () C:\Users\Home\AppData\Roaming\WB.CFG 2013-09-30 12:17 - 2013-10-01 13:17 - 0000006 _____ () C:\Users\Home\AppData\Roaming\WBPU-TTL.DAT 2014-10-09 11:58 - 2014-10-09 11:58 - 0003584 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-13 14:04 - 2015-07-13 14:04 - 0002962 _____ () C:\Users\Home\AppData\Local\recently-used.xbel 2013-09-25 15:11 - 2013-09-25 15:11 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2013-09-26 20:33 - 2013-09-26 20:34 - 12669796 _____ () C:\ProgramData\SamPCFax000011480000 Einige Dateien in TEMP: ==================== C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpia6nxg.dll C:\Users\Home\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Home\AppData\Local\Temp\kd9e9wst.dll C:\Users\Home\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-24 22:29 ==================== Ende von FRST.txt ============================ LastRegBack: 2015-08-25 00:14 ==================== Ende von FRST.txt ============================ Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.7 (08.18.2015:1) OS: Windows 8.1 x64 Ran by Home on 25.08.2015 at 13:26:16,52 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322342226} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322852232} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322902230} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422162272} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{691B33B0-B86E-47F3-81C7-56E4FE3B929C} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366856632} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366906630} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466166672} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322342226} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322852232} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322902230} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422162272} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366346626} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366856632} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366906630} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466166672} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366346626} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366856632} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366906630} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466166672} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366346626} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366856632} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366906630} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466166672} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Home\Appdata\Local\{762A5F40-8FA2-4217-9975-182FE73EB112} Successfully deleted: [Empty Folder] C:\Users\Home\Appdata\Local\{A6482EEA-4CE0-4D91-8186-8E24235A717A} Successfully deleted: [Empty Folder] C:\Users\Home\Appdata\Local\{AA5B657F-318F-4CF7-97D0-F1AAE4A99176} Successfully deleted: [Empty Folder] C:\Users\Home\Appdata\Local\{E2763254-2773-4CC4-A491-9FEA1232558F} ~~~ FireFox Successfully deleted the following from C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\eja85ab0.default\prefs.js user_pref(HomeTab_3580.global.DisplayRecentSearches, true); user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.ptid, cvs2); user_pref(browser.search.searchengine.uid, HitachiXHDS721010CLA630_JP2940N03TK5SV3TK5SVX); user_pref(extensions.gophotoit.dspFFXOld, StartWeb); user_pref(extensions.gophotoit.hmpgUrl, hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_140127); user_pref(extensions.gophotoit.kw_url, hxxp://search.gophoto.it/?pl=1&ch=v1noadmin_140127&q=); user_pref(extensions.gophotoit.newTabUrl, hxxp://search.gophoto.it/?pl=3&ch=v1noadmin_140127); user_pref(extensions.gophotoit.tlbrSrchUrl, hxxp://search.gophoto.it/?pl=4&ch=v1noadmin_140127&q=); Emptied folder: C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\eja85ab0.default\minidumps [12 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf [C:\Users\Home\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Home\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Home\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Home\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.08.2015 at 13:29:41,63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
26.08.2015, 06:46 | #6 |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - Trojaner MBAM und AdwCLeaner Log?
__________________ --> LNK:Jenxcus-D - Trojaner |
26.08.2015, 08:19 | #7 |
| LNK:Jenxcus-D - Trojaner Guten Morgen, hier die anderen 2 Logs. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 25.08.2015 Suchlaufzeit: 12:37 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.25.03 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Home Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 501113 Abgelaufene Zeit: 34 Min., 3 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.003 - Bericht erstellt 25/08/2015 um 13:17:10 # Aktualisiert 20/08/2015 von Xplode # Datenbank : 2015-08-23.3 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Home - PCARB # Gestarted von : P:\adwcleaner_5.003.exe # Option : Löschen ***** [ Dienste ] ***** [-] Dienst Gelöscht : ReimageRealTimeProtector ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\rei [-] Ordner Gelöscht : C:\Program Files\Reimage [-] Ordner Gelöscht : C:\ProgramData\Reimage Protector [-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bpjglfaaphjckkndagjbccgifmhbimng [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\loceihehdjgofcodklhjnlkkldffcaic [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgcophbdfpadgldcknohpaebpalmelep [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pcgacafninbpalahkbeemngjncmejpaj [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bpjglfaaphjckkndagjbccgifmhbimng [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\loceihehdjgofcodklhjnlkkldffcaic [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgcophbdfpadgldcknohpaebpalmelep [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pcgacafninbpalahkbeemngjncmejpaj [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpjglfaaphjckkndagjbccgifmhbimng [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\loceihehdjgofcodklhjnlkkldffcaic [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgcophbdfpadgldcknohpaebpalmelep [-] Ordner Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pcgacafninbpalahkbeemngjncmejpaj [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpjglfaaphjckkndagjbccgifmhbimng [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\loceihehdjgofcodklhjnlkkldffcaic [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mgcophbdfpadgldcknohpaebpalmelep [!] Ordner Nicht Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pcgacafninbpalahkbeemngjncmejpaj ***** [ Dateien ] ***** [-] Datei Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\chdboodilddefglllfoimeceomkpmkbi [-] Datei Gelöscht : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [-] Datei Gelöscht : C:\WINDOWS\Reimage.ini ***** [ Verknüpfungen ] ***** ***** [ Geplante Tasks ] ***** [-] Task Gelöscht : Reimage Reminder [-] Task Gelöscht : ReimageUpdater ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Schlüssel Gelöscht : HKCU\Software\Reimage [!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Reimage [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair ***** [ Internetbrowser ] ***** [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : search.certified-toolbar.com [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : mystartsearch ************************* :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5056 Bytes] ########## |
26.08.2015, 11:23 | #8 |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - TrojanerESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.08.2015, 18:06 | #9 |
| LNK:Jenxcus-D - Trojaner Das hat eine Weile gedauert, aber nun bin ich durch. Hier die Logs. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=5d4ad5e8e04e0e4386189f87884d0376 # end=init # utc_time=2015-08-26 11:03:38 # local_time=2015-08-26 01:03:38 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 25454 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=5d4ad5e8e04e0e4386189f87884d0376 # end=updated # utc_time=2015-08-26 11:12:49 # local_time=2015-08-26 01:12:49 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=5d4ad5e8e04e0e4386189f87884d0376 # engine=25454 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-26 04:14:13 # local_time=2015-08-26 06:14:13 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1240268 6542597 0 0 # scanned=1449508 # found=68 # cleaned=0 # scan_time=18083 sh=C8ED29CF039F3DAAB8E5BF160CA541D424F1631A ft=1 fh=b97a03e253ae60b9 vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Driver Pro\DPSchedule.exe.vir" sh=D4BD507F917917B829EB9FCE79A29047635E3668 ft=1 fh=6a4bd6f73db15183 vn="Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Driver Pro\DPSmartScan.exe.vir" sh=D277F5FC4485D569BF4887243B1C2EBF7CD4E5DB ft=1 fh=a462282cfbd78069 vn="Variante von Win32/Adware.SpeedingUpMyPC.AL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Driver Pro\DPUninstaller.exe.vir" sh=D12F9D4711BE592EA7C85EA5B34F3BFCDF86FB90 ft=1 fh=d4051548bbdf3ceb vn="Variante von Win32/Adware.SpeedingUpMyPC.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Driver Pro\DriverPro.exe.vir" sh=531FF0A9D22D63AC4B01A2603B1C9DEC717D9B99 ft=1 fh=2d1fb7038f001cc8 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\Windows Net Data\uninstaller.exe.vir" sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\Sysnative\roboot64.exe.vir" sh=1A78C29475FCF49E65C45B563E94B38CEBB52D98 ft=1 fh=c71c00119c7ed32e vn="Variante von Win32/InstallCore.JE.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\Software\Firefox.exe" sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe" sh=12EB0AF500FEF297E77346508080D2794112E72B ft=1 fh=a6caf9f715c69e75 vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe" sh=4ABEF671C2502C5E7624B0E2CBD691D0CB19E94D ft=1 fh=e494349e4239c01d vn="Win32/DownloadGuide.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\Downloads\bautagebuch-Vordruckverlag-2015-setup.exe" sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\Downloads\PDFCreator-2_0_2-setup (1).exe" sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\Downloads\PDFCreator-2_0_2-setup.exe" sh=3D67EBE717D9D2AA8BC3B7D13AB44ADD5A4DF40E ft=1 fh=c01341cf7dbad996 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\Downloads\PDFCreator-2_1_0-setup.exe" sh=CE66289B73116BB3A9EC074696A654A68389FD35 ft=1 fh=e9397ac68c2f876e vn="Win32/Solvusoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\Downloads\Setup_DriverDoc_2015.exe" sh=06ED7C81A50E5F4EBD15D3BAAF36557B97A0D0F6 ft=1 fh=cdd1f715200d1462 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Home\Downloads\Tor Browser Paket - CHIP-Installer.exe" sh=34394FA4C08356572FE24C92CE435AD0E11BB7DE ft=1 fh=5574be6ca0be6313 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\FreeVideoToJPGConverter.exe" sh=7A1378E954751603C60970E8B160F7C20056E831 ft=1 fh=45dd9931fe8b6cb0 vn="Variante von Win32/Packed.Themida verdächtige Datei" ac=I fn="E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\youtubeconvertersetup.exe" sh=F290CDECD71A4E1636EA695B9695BEE6EE3512E5 ft=1 fh=599ff8268b368958 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Advanced Registry Optimizer\ARO.exe" sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe" sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Conduit\Community Alerts\Alert0.dll" sh=FE6851AEDD83588ED28EA4C2938796A89026712D ft=1 fh=2864c0468468c7a4 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Dealio Toolbar\WidgiHelper.exe" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Eazel-DE\Eazel-DEToolbarHelper.exe" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Eazel-DE\ldrtbEaz2.dll" sh=4AAA508544A0DD22D846DA1EF72B3982D91EC458 ft=1 fh=263e2d3125bb169e vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Eazel-DE\tbEaz0.dll" sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Eazel-DE\tbEaz1.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Eazel-DE\tbEaz2.dll" sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Eazel-DE\tbEaze.dll" sh=BF39CA1665A822433E3F61082FE6178330C05600 ft=1 fh=257c41c5473ceee0 vn="Variante von Win32/Packed.Themida verdächtige Datei" ac=I fn="E:\Program Files\Need4 Software Launcher 5.7\need4softwarelauncher.exe" sh=AC527567A85C08A51B332828C33F10767C62AD14 ft=1 fh=139178d7f4609311 vn="Variante von Win32/Packed.Themida verdächtige Datei" ac=I fn="E:\Program Files\Need4 YouTube Converter 5.6\need4youtubeconverter.exe" sh=B97B665FFFAC38C19A467BEB39C8431B3FA03F72 ft=1 fh=67cb694675b06fea vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe" sh=C12B042AE48D6AE3EB7B8D56CC1AE8AA8AF3C2C9 ft=1 fh=6f1831c978fd125f vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe" sh=01BA333EDD318E1FFF5D0E874ADA474A3EA5B7CB ft=1 fh=22ebf68ff23d51e1 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe" sh=76D332C4B145AA447E1FE45ED29C1E6675A519CB ft=1 fh=22430ff51ff63a78 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe" sh=E8337F3B6A8AD2E20F3A1D464A289B08C2D2E546 ft=1 fh=ad6cf3353dfe73ee vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Uniblue\RegistryBooster\registrybooster.exe" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Winload\ldrtbWinl.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Winload\tbWinl.dll" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\Winload\WinloadToolbarHelper.exe" sh=37B266783FD4C9675A3D083EF593B9E092D07C0C ft=1 fh=d0a6715df918b66a vn="Variante von Win32/Toolbar.SearchSuite.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\Local\Temp\AupCApvO.exe.part" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\LocalLow\Eazel-DE\ldrtbEaz2.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\LocalLow\Eazel-DE\tbEaz2.dll" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\LocalLow\Winload\ldrtbWinl.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\LocalLow\Winload\tbWinl.dll" sh=17B7E122936E85CF0C67E26FAB192C4287516617 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\prefs.js" sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\user.js" sh=1C750CCA04B286D4A3BB1F9D0BAD550396AEF81D ft=1 fh=66e58b8e313f1c5d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\Local\Conduit\CT2096149\Eazel-DEAutoUpdaterHelper.exe" sh=8EE9FB5AE2B8B6679E36388F102438C3C72C628E ft=1 fh=fc1817d8cca0d243 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe" sh=B28DB50C62AAECA51F7B42B52ED4DEEBDECCE662 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx" sh=24FA5CFB320D1421CB6C55C81057EA30A04CC26A ft=1 fh=6a618a5355d9b426 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\ConduitChromeApiPlugin.dll" sh=322D36A63709838E21905B9E1E5BCB9C7FAD3A1D ft=1 fh=2b797d85c681691c vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\TBVerifier.dll" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Eazel-DE\ldrtbEaz2.dll" sh=B4267CC9FBAA1133921BBF40835E07DAA481E025 ft=1 fh=39d86043333a1074 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz1.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz2.dll" sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Eazel-DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Winload\ldrtbWin0.dll" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Winload\ldrtbWinl.dll" sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Winload\tbWin0.dll" sh=B4267CC9FBAA1133921BBF40835E07DAA481E025 ft=1 fh=39d86043333a1074 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Winload\tbWin1.dll" sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\LocalLow\Winload\tbWinl.dll" sh=04C2C896F40B90D863A0F05DA874B665AFFB578E ft=1 fh=bcdb956fd414773f vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe" sh=48AB271FBB3435D3D5FD302CE8F1E063F5981D86 ft=1 fh=2c66664f2bb21789 vn="Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\Downloads\registrybooster.exe" sh=D2D67D11FF7326976D65F4F02F7BFA8F6CDD1942 ft=1 fh=dc0a0aca44421c95 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Home\Downloads\speedupmypc2013.exe" sh=4129054E2BF29631245E75EC29C8F4060EAE5D0A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\Installer\10a240.msi" sh=80B36A9105C24EB7341531DCC90F38D54FFC2B1A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\Installer\722ec.msi" sh=37FA46BFC3A792ED5A1626D9D5F909B53AEEDA59 ft=1 fh=58f948e1a43561d7 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\Temp\TMP0000000AE20804C86D73D2F5" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="E:\_OTL\MovedFiles\08152012_132513\C_Programme\Eazel-DE\prxtbEaz2.dll" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="E:\_OTL\MovedFiles\08152012_132513\C_Programme\Winload\prxtbWinl.dll" sh=A52DD3F406907A09528C6B4F61E1E71956C3E020 ft=1 fh=adbfa171d6c271cb vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="S:\2010\Neuer Ordner (ORDNEN)\Neuer Ordner (105)\iLividSetupV1.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="${Memory}" x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 80 Java 2 Runtime Environment, SE v1.4.2_05 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.232 Adobe Reader XI Mozilla Firefox (39.0.3) Mozilla Thunderbird (38.2.0) Google Chrome (44.0.2403.155) Google Chrome (44.0.2403.157) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015 durchgeführt von Home (Administrator) auf PCARB (24-08-2015 23:27:39) Gestartet von N:\ Geladene Profile: Home (Verfügbare Profile: Home) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe () C:\Program Files (x86)\Join Air\AssistantServices.exe () C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE () C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe (AVM Berlin) C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\fritzbox-usb-fernanschluss.exe (Dropbox, Inc.) C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe () C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files (x86)\Join Air\UIExec.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard ) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] => "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-09] (AVAST Software) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [138072 2010-04-27] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286272 2015-06-30] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-17] () HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Home\AppData\Local\Apps\2.0\P27C765O.ATH\38Z1JDBJ.TDK\frit..tion_1acae14e4778b8d2_0002.0003_5f032dee73df1479\AVMAutoStart.exe [139264 2015-08-07] (AVM Berlin) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [1&1_1&1 Upload-Manager] => C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [SpeedMon] => C:\Users\Home\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-05-30] () HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [download_video_20150822] => wscript.exe //B "C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs" HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-06-30] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-06-10] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VVWUpdateTray.lnk [2015-05-30] ShortcutTarget: VVWUpdateTray.lnk -> C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-12-16] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs [2015-08-24] () Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-08] ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-29] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-05-09] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => L:\ShellTools.dll [2015-01-23] (SmartSoft Ltd.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.) GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG CHR HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 SearchScopes: HKLM -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {8C0E7765-5FF6-4A3A-A9F0-9691F499435C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3483183917-3163184292-3340130657-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Kein Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Keine Datei BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{FF75941D-2B1E-42EB-A950-1F85448FFA8E}: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\eja85ab0.default FF DefaultSearchUrl: hxxp://www.bing.com/search FF SearchEngineOrder.1: Microsoft (Bing) FF Homepage: hxxps://www.google.de/?gws_rd=ssl FF Keyword.URL: hxxp://www.bing.com/search FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-01-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-01-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-06-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-06-30] (RealTimes) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-3483183917-3163184292-3340130657-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC) FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\eja85ab0.default\searchplugins\bing-avast.xml [2014-06-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-06] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-02-20] StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25] CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25] CHR HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Home\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [djbdlklldbflagkkpaljamjfbpefcbpf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <nicht gefunden> ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-09] (AVAST Software) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-01-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] () R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-30] (RealNetworks, Inc.) R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2014-01-07] (IDT, Inc.) [Datei ist nicht signiert] R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] () R2 VVWUpdateService; C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe [3079808 2014-03-28] () S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-06] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2013-10-28] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-10-28] (Advanced Micro Devices) R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-05-19] (AVM Berlin) S2 AVMPORT; C:\Windows\SysWOW64\drivers\avmport.sys [66472 2009-10-02] (AVM Berlin) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-24] (Sony Mobile Communications) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-07] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-02] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-27] (Acronis International GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 23:27 - 2015-08-24 23:27 - 00000000 ____D C:\FRST 2015-08-24 23:20 - 2015-08-24 23:20 - 00000000 _____ C:\Users\Home\defogger_reenable 2015-08-24 22:49 - 2015-08-24 22:51 - 00000000 ____D C:\AdwCleaner 2015-08-24 11:35 - 2015-08-23 01:52 - 00015223 _____ C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs 2015-08-24 11:14 - 2015-08-24 11:14 - 20715348 _____ C:\Users\Home\Downloads\g d p for Hr's H.rar 2015-08-21 10:35 - 2015-08-21 10:35 - 00000000 ____D C:\Users\Home\.cache 2015-08-20 09:13 - 2015-08-21 11:07 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-19 10:54 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-08-19 10:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-08-17 16:01 - 2015-08-17 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-08-16 21:25 - 2015-08-24 22:39 - 00003332 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-16 21:25 - 2015-08-24 22:39 - 00003280 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-14 10:34 - 2015-08-14 10:34 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-12 10:12 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 10:12 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 08:48 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-08-12 08:48 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-08-12 08:48 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-08-12 08:48 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-08-12 08:48 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-08-12 08:48 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-08-12 08:48 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-08-12 08:48 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-08-12 08:48 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-08-12 08:48 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-08-12 08:47 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-08-12 08:47 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-08-12 08:47 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-08-12 08:47 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-08-12 08:47 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-08-12 08:47 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-08-12 08:47 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-08-12 08:47 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-08-12 08:47 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-08-12 08:47 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-08-12 08:47 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-08-12 08:47 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-08-12 08:47 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-08-12 08:47 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-08-12 08:47 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-08-12 08:47 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-08-12 08:47 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-08-12 08:47 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-08-12 08:47 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-08-12 08:47 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-08-12 08:47 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-08-12 08:47 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-08-12 08:47 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-08-12 08:47 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-08-12 08:47 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-08-12 08:47 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-08-12 08:47 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-08-12 08:47 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-08-12 08:47 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-08-12 08:47 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-08-12 08:47 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-08-12 08:47 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-08-12 08:47 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-12 08:47 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-08-12 08:47 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2015-08-12 08:47 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-08-12 08:47 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-12 08:47 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-08-12 08:47 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-08-12 08:47 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-08-12 08:47 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2015-08-12 08:47 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2015-08-12 08:47 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2015-08-12 08:47 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2015-08-12 08:47 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-08-12 08:47 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-08-12 08:47 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-08-12 08:46 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-08-12 08:46 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2015-08-12 08:46 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2015-08-12 08:46 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-08-12 08:46 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-08-12 08:46 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2015-08-12 08:46 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2015-08-12 08:46 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2015-08-12 08:46 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-08-12 08:46 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2015-08-12 08:46 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2015-08-12 08:46 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-08-12 08:46 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2015-08-12 08:46 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2015-08-12 08:46 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2015-08-12 08:46 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2015-08-12 08:46 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-08-12 08:46 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-08-12 08:46 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-08-12 08:45 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-08-12 08:45 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-08-12 08:45 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-08-12 08:45 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-08-12 08:45 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-08-12 08:45 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-08-12 08:45 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-08-12 08:45 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-08-09 16:54 - 2015-08-09 16:54 - 00454016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys 2015-08-09 16:54 - 2015-08-09 16:54 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-08-09 16:54 - 2015-08-09 16:54 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-24 23:26 - 2015-06-16 11:01 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA.job 2015-08-24 23:26 - 2013-11-06 10:07 - 01948998 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-24 23:25 - 2015-07-09 12:43 - 00008108 _____ C:\WINDOWS\setupact.log 2015-08-24 23:20 - 2013-11-06 09:56 - 00000000 ____D C:\Users\Home 2015-08-24 23:19 - 2014-02-18 15:31 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-24 23:14 - 2013-11-07 10:40 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-24 23:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-24 22:58 - 2013-09-25 15:17 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3483183917-3163184292-3340130657-1001 2015-08-24 22:54 - 2013-12-08 11:46 - 00000000 __RDO C:\Users\Home\SkyDrive 2015-08-24 22:53 - 2014-05-19 10:46 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-24 22:53 - 2014-02-18 15:31 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-24 22:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-24 22:52 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-08-24 22:51 - 2015-01-23 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2015-08-24 22:51 - 2014-02-18 15:32 - 00001304 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-24 22:51 - 2014-02-18 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-24 22:51 - 2013-09-25 15:12 - 00000787 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-24 22:48 - 2013-09-30 06:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-24 22:48 - 2013-09-30 05:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat 2015-08-24 22:48 - 2013-09-30 05:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat 2015-08-24 22:39 - 2013-09-25 15:40 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-08-24 12:00 - 2013-10-13 11:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2015-08-24 11:46 - 2015-05-30 00:18 - 00000000 ____D C:\Users\Home\AppData\Roaming\SpeedMon 2015-08-24 11:38 - 2013-09-29 21:04 - 01242606 _____ C:\WINDOWS\PFRO.log 2015-08-24 10:26 - 2015-06-16 11:01 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core.job 2015-08-24 09:09 - 2013-11-06 13:05 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDD63B4C-F70A-4E7B-A13C-F1F3EF41655C} 2015-08-21 11:24 - 2013-12-10 19:59 - 00003152 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHome 2015-08-21 11:24 - 2013-12-10 19:59 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHome.job 2015-08-21 11:07 - 2013-09-26 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-21 11:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\security 2015-08-21 11:02 - 2013-10-25 08:47 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-08-21 09:05 - 2014-01-08 15:03 - 00000000 ___RD C:\Users\Home\Dropbox 2015-08-21 09:05 - 2013-10-23 13:07 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox 2015-08-20 14:22 - 2013-09-26 18:17 - 00000000 ____D C:\Users\Home\AppData\Local\FreePDF_XP 2015-08-20 13:53 - 2014-06-10 14:03 - 00000121 _____ C:\Users\Public\LMDebug.log 2015-08-19 15:40 - 2014-06-10 15:31 - 00000000 ____D C:\Users\Home\Documents\Scan 2015-08-19 10:54 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-18 12:12 - 2013-12-20 19:40 - 00000000 ____D C:\Users\Home\Desktop\Tor Browser 2015-08-17 16:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-08-17 11:55 - 2013-12-03 11:29 - 01135616 ___SH C:\Users\Home\Downloads\Thumbs.db 2015-08-14 12:14 - 2014-06-24 16:28 - 00121856 ___SH C:\Users\Home\Desktop\Thumbs.db 2015-08-14 08:49 - 2013-11-06 10:53 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-08-13 11:45 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-08-13 09:51 - 2013-11-12 17:41 - 00000000 ____D C:\Users\Home\AppData\Local\FRITZ! 2015-08-12 13:20 - 2013-11-06 09:50 - 00000000 ___DC C:\WINDOWS\Panther 2015-08-12 13:16 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT 2015-08-12 12:14 - 2013-11-07 10:40 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-08-12 12:07 - 2015-06-19 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-12 09:45 - 2013-08-22 16:44 - 00418160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-12 09:43 - 2014-12-11 16:51 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-08-12 09:43 - 2014-07-09 14:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-12 09:43 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-12 09:42 - 2013-09-26 11:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 09:42 - 2013-09-25 18:17 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-12 09:34 - 2013-09-25 18:17 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-11 15:12 - 2014-04-09 10:53 - 00018492 _____ C:\Users\Home\Desktop\Daten Auftraggeber.xlsx 2015-08-11 14:05 - 2013-10-17 15:21 - 00001517 _____ C:\WINDOWS\wiso.ini 2015-08-09 16:54 - 2014-05-07 14:01 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-08-09 16:54 - 2013-12-23 13:57 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-08-09 16:54 - 2013-12-20 19:08 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-08-09 16:54 - 2013-11-06 11:06 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-08-09 16:54 - 2013-11-06 10:53 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-08-09 16:50 - 2013-09-30 05:59 - 00000000 ____D C:\WINDOWS\SKB 2015-08-08 15:55 - 2015-03-11 13:52 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-08-08 15:55 - 2015-03-11 13:52 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-07 16:21 - 2014-05-19 17:15 - 00009386 _____ C:\WINDOWS\avmacc.log 2015-08-07 16:21 - 2014-05-19 17:14 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment 2015-08-07 10:21 - 2015-06-16 11:01 - 00004176 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001UA 2015-08-07 10:21 - 2015-06-16 11:01 - 00003796 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3483183917-3163184292-3340130657-1001Core ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-24 11:35 - 2015-08-23 01:52 - 0015223 _____ () C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs 2013-09-30 12:17 - 2013-10-01 13:17 - 0000093 _____ () C:\Users\Home\AppData\Roaming\WB.CFG 2013-09-30 12:17 - 2013-10-01 13:17 - 0000006 _____ () C:\Users\Home\AppData\Roaming\WBPU-TTL.DAT 2014-10-09 11:58 - 2014-10-09 11:58 - 0003584 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-13 14:04 - 2015-07-13 14:04 - 0002962 _____ () C:\Users\Home\AppData\Local\recently-used.xbel 2013-09-25 15:11 - 2013-09-25 15:11 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2013-09-26 20:33 - 2013-09-26 20:34 - 12669796 _____ () C:\ProgramData\SamPCFax000011480000 Einige Dateien in TEMP: ==================== C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpia6nxg.dll C:\Users\Home\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Home\AppData\Local\Temp\kd9e9wst.dll C:\Users\Home\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-24 22:29 ==================== Ende von FRST.txt ============================ LastRegBack: 2015-08-25 00:14 ==================== Ende von FRST.txt ============================ LastRegBack: 2015-08-26 11:42 ==================== Ende von FRST.txt ============================ Hier nochmal neu. Code:
ATTFilter g Results of screen317's Security Check version 1.006 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 80 Java 2 Runtime Environment, SE v1.4.2_05 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.232 Adobe Reader XI Mozilla Firefox (39.0.3) Mozilla Thunderbird (38.2.0) Google Chrome (44.0.2403.155) Google Chrome (44.0.2403.157) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ABER DAS PROBLEM IST NOCH DA. |
27.08.2015, 12:54 | #10 |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - Trojaner Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\FreeVideoToJPGConverter.exe E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\youtubeconvertersetup.exe E:\Program Files\Advanced Registry Optimizer\ARO.exe E:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe E:\Program Files\Conduit\Community Alerts\Alert0.dll E:\Program Files\Dealio Toolbar\WidgiHelper.exe E:\Program Files\Eazel-DE\Eazel-DEToolbarHelper.exe E:\Program Files\Eazel-DE\ldrtbEaz2.dll E:\Program Files\Eazel-DE\tbEaz0.dll E:\Program Files\Eazel-DE\tbEaz1.dll E:\Program Files\Eazel-DE\tbEaz2.dll E:\Program Files\Eazel-DE\tbEaze.dll E:\Program Files\Need4 Software Launcher 5.7\need4softwarelauncher.exe E:\Program Files\Need4 YouTube Converter 5.6\need4youtubeconverter.exe E:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe E:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe E:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe E:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe E:\Program Files\Uniblue\RegistryBooster\registrybooster.exe E:\Program Files\Winload\ldrtbWinl.dll E:\Program Files\Winload\tbWinl.dll E:\Program Files\Winload\WinloadToolbarHelper.exe E:\Users\Arebit\AppData\Local\Temp\AupCApvO.exe.part E:\Users\Arebit\AppData\LocalLow\Eazel-DE E:\Users\Arebit\AppData\LocalLow\Eazel-DE E:\Users\Arebit\AppData\LocalLow\Winload E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\prefs.js E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\user.js E:\Users\Home\AppData\Local\Conduit E:\Users\Home\AppData\Local\CRE E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\ConduitChromeApiPlugin.dll E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\TBVerifier.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\ldrtbEaz2.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz1.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz2.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll E:\Users\Home\AppData\LocalLow\Winload\ldrtbWin0.dll E:\Users\Home\AppData\LocalLow\Winload\ldrtbWinl.dll E:\Users\Home\AppData\LocalLow\Winload\tbWin0.dll E:\Users\Home\AppData\LocalLow\Winload\tbWin1.dll E:\Users\Home\AppData\LocalLow\Winload\tbWinl.dll E:\Users\Home\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe E:\Users\Home\Downloads\registrybooster.exe E:\Users\Home\Downloads\speedupmypc2013.exe E:\Windows\Installer\10a240.msi E:\Windows\Installer\722ec.msi E:\Windows\Temp\TMP0000000AE20804C86D73D2F5 E:\_OTL\MovedFiles\08152012_132513\C_Programme\Eazel-DE\prxtbEaz2.dll E:\_OTL\MovedFiles\08152012_132513\C_Programme\Winload\prxtbWinl.dll C:\Downloads\Software\Firefox.exe C:\Users\Home\AppData\Roaming\0D0S1L2Z1P1B C:\Users\Home\AppData\Roaming\SpeedMon C:\Users\Home\Downloads\bautagebuch-Vordruckverlag-2015-setup.exe C:\Users\Home\Downloads\PDFCreator-2_0_2-setup (1).exe C:\Users\Home\Downloads\PDFCreator-2_0_2-setup.exe C:\Users\Home\Downloads\PDFCreator-2_1_0-setup.exe C:\Users\Home\Downloads\Setup_DriverDoc_2015.exe C:\Users\Home\Downloads\Tor Browser Paket - CHIP-Installer.exe HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [download_video_20150822] => wscript.exe //B "C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs" HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.08.2015, 13:40 | #11 |
| LNK:Jenxcus-D - Trojaner Hi Schrauber, ich glaube ich habe alles so gemacht, wie Du gesagt hast. Die Meldungen von Avast scheinen seit 2 Minuten auch tatsächlich verschwunden zu sein. Hier mein Log. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:24-08-2015 durchgeführt von Home (2015-08-27 14:30:10) Run:1 Gestartet von C:\Users\Home\Desktop Geladene Profile: Home (Verfügbare Profile: Home) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\FreeVideoToJPGConverter.exe E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\youtubeconvertersetup.exe E:\Program Files\Advanced Registry Optimizer\ARO.exe E:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe E:\Program Files\Conduit\Community Alerts\Alert0.dll E:\Program Files\Dealio Toolbar\WidgiHelper.exe E:\Program Files\Eazel-DE\Eazel-DEToolbarHelper.exe E:\Program Files\Eazel-DE\ldrtbEaz2.dll E:\Program Files\Eazel-DE\tbEaz0.dll E:\Program Files\Eazel-DE\tbEaz1.dll E:\Program Files\Eazel-DE\tbEaz2.dll E:\Program Files\Eazel-DE\tbEaze.dll E:\Program Files\Need4 Software Launcher 5.7\need4softwarelauncher.exe E:\Program Files\Need4 YouTube Converter 5.6\need4youtubeconverter.exe E:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe E:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe E:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe E:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe E:\Program Files\Uniblue\RegistryBooster\registrybooster.exe E:\Program Files\Winload\ldrtbWinl.dll E:\Program Files\Winload\tbWinl.dll E:\Program Files\Winload\WinloadToolbarHelper.exe E:\Users\Arebit\AppData\Local\Temp\AupCApvO.exe.part E:\Users\Arebit\AppData\LocalLow\Eazel-DE E:\Users\Arebit\AppData\LocalLow\Eazel-DE E:\Users\Arebit\AppData\LocalLow\Winload E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\prefs.js E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\user.js E:\Users\Home\AppData\Local\Conduit E:\Users\Home\AppData\Local\CRE E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\ConduitChromeApiPlugin.dll E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\TBVerifier.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\ldrtbEaz2.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz1.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz2.dll E:\Users\Home\AppData\LocalLow\Eazel-DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll E:\Users\Home\AppData\LocalLow\Winload\ldrtbWin0.dll E:\Users\Home\AppData\LocalLow\Winload\ldrtbWinl.dll E:\Users\Home\AppData\LocalLow\Winload\tbWin0.dll E:\Users\Home\AppData\LocalLow\Winload\tbWin1.dll E:\Users\Home\AppData\LocalLow\Winload\tbWinl.dll E:\Users\Home\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe E:\Users\Home\Downloads\registrybooster.exe E:\Users\Home\Downloads\speedupmypc2013.exe E:\Windows\Installer\10a240.msi E:\Windows\Installer\722ec.msi E:\Windows\Temp\TMP0000000AE20804C86D73D2F5 E:\_OTL\MovedFiles\08152012_132513\C_Programme\Eazel-DE\prxtbEaz2.dll E:\_OTL\MovedFiles\08152012_132513\C_Programme\Winload\prxtbWinl.dll C:\Downloads\Software\Firefox.exe C:\Users\Home\AppData\Roaming\0D0S1L2Z1P1B C:\Users\Home\AppData\Roaming\SpeedMon C:\Users\Home\Downloads\bautagebuch-Vordruckverlag-2015-setup.exe C:\Users\Home\Downloads\PDFCreator-2_0_2-setup (1).exe C:\Users\Home\Downloads\PDFCreator-2_0_2-setup.exe C:\Users\Home\Downloads\PDFCreator-2_1_0-setup.exe C:\Users\Home\Downloads\Setup_DriverDoc_2015.exe C:\Users\Home\Downloads\Tor Browser Paket - CHIP-Installer.exe HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\...\Run: [download_video_20150822] => wscript.exe //B "C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs" HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs ***************** E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\FreeVideoToJPGConverter.exe => erfolgreich verschoben E:\Eigene Dateien\Eigene\PRIVAT\Tools\VideoConverter\youtubeconvertersetup.exe => erfolgreich verschoben E:\Program Files\Advanced Registry Optimizer\ARO.exe => erfolgreich verschoben E:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe => erfolgreich verschoben E:\Program Files\Conduit\Community Alerts\Alert0.dll => erfolgreich verschoben E:\Program Files\Dealio Toolbar\WidgiHelper.exe => erfolgreich verschoben E:\Program Files\Eazel-DE\Eazel-DEToolbarHelper.exe => erfolgreich verschoben E:\Program Files\Eazel-DE\ldrtbEaz2.dll => erfolgreich verschoben E:\Program Files\Eazel-DE\tbEaz0.dll => erfolgreich verschoben E:\Program Files\Eazel-DE\tbEaz1.dll => erfolgreich verschoben E:\Program Files\Eazel-DE\tbEaz2.dll => erfolgreich verschoben E:\Program Files\Eazel-DE\tbEaze.dll => erfolgreich verschoben E:\Program Files\Need4 Software Launcher 5.7\need4softwarelauncher.exe => erfolgreich verschoben E:\Program Files\Need4 YouTube Converter 5.6\need4youtubeconverter.exe => erfolgreich verschoben E:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe => erfolgreich verschoben E:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe => erfolgreich verschoben E:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe => erfolgreich verschoben E:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe => erfolgreich verschoben E:\Program Files\Uniblue\RegistryBooster\registrybooster.exe => erfolgreich verschoben E:\Program Files\Winload\ldrtbWinl.dll => erfolgreich verschoben E:\Program Files\Winload\tbWinl.dll => erfolgreich verschoben E:\Program Files\Winload\WinloadToolbarHelper.exe => erfolgreich verschoben E:\Users\Arebit\AppData\Local\Temp\AupCApvO.exe.part => erfolgreich verschoben E:\Users\Arebit\AppData\LocalLow\Eazel-DE => erfolgreich verschoben "E:\Users\Arebit\AppData\LocalLow\Eazel-DE" => Datei/Ordner nicht gefunden. E:\Users\Arebit\AppData\LocalLow\Winload => erfolgreich verschoben E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\prefs.js => erfolgreich verschoben E:\Users\Arebit\AppData\Roaming\Mozilla\Firefox\Profiles\7lm8p8rk.default\user.js => erfolgreich verschoben E:\Users\Home\AppData\Local\Conduit => erfolgreich verschoben E:\Users\Home\AppData\Local\CRE => erfolgreich verschoben E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\ConduitChromeApiPlugin.dll => erfolgreich verschoben E:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.16.100.504_0\plugins\TBVerifier.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Eazel-DE\ldrtbEaz2.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz1.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Eazel-DE\tbEaz2.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Eazel-DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Winload\ldrtbWin0.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Winload\ldrtbWinl.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Winload\tbWin0.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Winload\tbWin1.dll => erfolgreich verschoben E:\Users\Home\AppData\LocalLow\Winload\tbWinl.dll => erfolgreich verschoben E:\Users\Home\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe => erfolgreich verschoben E:\Users\Home\Downloads\registrybooster.exe => erfolgreich verschoben E:\Users\Home\Downloads\speedupmypc2013.exe => erfolgreich verschoben E:\Windows\Installer\10a240.msi => erfolgreich verschoben E:\Windows\Installer\722ec.msi => erfolgreich verschoben E:\Windows\Temp\TMP0000000AE20804C86D73D2F5 => erfolgreich verschoben E:\_OTL\MovedFiles\08152012_132513\C_Programme\Eazel-DE\prxtbEaz2.dll => erfolgreich verschoben E:\_OTL\MovedFiles\08152012_132513\C_Programme\Winload\prxtbWinl.dll => erfolgreich verschoben C:\Downloads\Software\Firefox.exe => erfolgreich verschoben C:\Users\Home\AppData\Roaming\0D0S1L2Z1P1B => erfolgreich verschoben C:\Users\Home\AppData\Roaming\SpeedMon => erfolgreich verschoben C:\Users\Home\Downloads\bautagebuch-Vordruckverlag-2015-setup.exe => erfolgreich verschoben C:\Users\Home\Downloads\PDFCreator-2_0_2-setup (1).exe => erfolgreich verschoben C:\Users\Home\Downloads\PDFCreator-2_0_2-setup.exe => erfolgreich verschoben C:\Users\Home\Downloads\PDFCreator-2_1_0-setup.exe => erfolgreich verschoben C:\Users\Home\Downloads\Setup_DriverDoc_2015.exe => erfolgreich verschoben C:\Users\Home\Downloads\Tor Browser Paket - CHIP-Installer.exe => erfolgreich verschoben HKU\S-1-5-21-3483183917-3163184292-3340130657-1001\Software\Microsoft\Windows\CurrentVersion\Run\\download_video_20150822 => Wert erfolgreich entfernt HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\EEDSpeedLauncher => Wert erfolgreich entfernt Konnte nicht verschoben werden "C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs" => ist geplant bei Neustart verschoben zu werden. Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2015-08-27 14:33:17)<= C:\Users\Home\AppData\Roaming\download_video_20150822.AVI.FLV_4817498489141984189418914198489418948941894891419.vbs => ist erfolgreich verschoben ==== Ende von Fixlog 14:33:17 ==== Da sind zwar noch alle meine Daten drauf, aber die werden mir nicht angezeigt. Beste Grüße HeiHa |
28.08.2015, 07:26 | #12 | |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - TrojanerZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.08.2015, 13:19 | #13 |
| LNK:Jenxcus-D - Trojaner Hi Schrauber, wie bekomme ich den Screenshot hier rein? Viel zu sehen ist da aber nicht, es wird angezeigt, daß beispielsweise auf dem USB Stick noch 8,4 MB von 14,9 MB frei sind, geht man dann auf den USB Stick, so zeigt dieser die Dateien einfach nicht an. Will ich eine ehemals vorhandene Datei neu auf den Stick ziehen, so sagt er mir, daß die Datei vorhanden ist, ob sie ausgetauscht werden soll... also das übliche. Dann sage ich - ja ersetzen und dann ist die ersetzte Datei sichtbar, die anderen jedoch weiterhin nicht. Auf einem anderen Computer, ist beim selben Stick selbes Spiel. Ach, und um mir nicht wieder so fieses Ding einzufangen, was kann ich vorbeugend tun? Ich habe derzeit AVAST und Malwarebytes Anti-Malware zum Schutz. Du hast mir jedenfalls gut geholfen, VIELEN DANK. |
29.08.2015, 08:32 | #14 |
/// the machine /// TB-Ausbilder | LNK:Jenxcus-D - TrojanerDownload
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |