![]() |
|
Log-Analyse und Auswertung: Windows 8.1: Zugriff auf Router durch Fremdsoftware?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows 8.1: Zugriff auf Router durch Fremdsoftware? Hallo, heute hat sich scheinbar jemand Zugriff auf meinen Router verschafft. Plötzlich hatte ich keine Internetverbindung und das SSID wurde umbenannt. Nun frage ich mich, ob dafür Fremdsoftware verantwortlich ist, welche sich auf meinem Rechner versteckt hat. Danke für eure Hife Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:53 on 24/09/2015 (Kevin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015 durchgeführt von Kevin (Administrator) auf KEVIN-PC (24-09-2015 15:30:22) Gestartet von C:\Users\Kevin\Desktop Geladene Profile: Kevin (Verfügbare Profile: Kevin) Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Windows\System32\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [RoccatKonePureOptical] => C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe [561152 2014-01-20] (ROCCAT GmbH) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-07-24] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [Spotify] => C:\Users\Kevin\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-11] (Spotify Ltd) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [Spotify Web Helper] => C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-11] (Spotify Ltd) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [Dropbox Update] => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-09-29] ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-04] ShortcutTarget: Dropbox.lnk -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-02-20] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{6477265F-4346-4A7B-8C1E-1713956EC9AF}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{E7C03003-35B2-4FC5-9684-C7A781231506}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} HKU\S-1-5-21-1492992966-3316130111-433737794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 HKU\S-1-5-21-1492992966-3316130111-433737794-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-1492992966-3316130111-433737794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} SearchScopes: HKU\S-1-5-21-1492992966-3316130111-433737794-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation) Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: Amazon.de FF SelectedSearchEngine: mystartsearch FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei] FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-18] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1492992966-3316130111-433737794-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1492992966-3316130111-433737794-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-18] (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\searchplugins\google-images.xml [2014-09-14] FF SearchPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\searchplugins\google-maps.xml [2014-09-14] FF Extension: Youtube MP3 Podcaster - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-06-11] FF Extension: YouTube mp3 - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\Extensions\info@youtube-mp3.org.xpi [2015-04-01] FF Extension: Rocket Beans TV Sendeplan für Firefox - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\Extensions\javos-firebeans-rbtvfx@jetpack.xpi [2015-01-25] FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\Extensions\vdpure@link64.xpi [2014-09-05] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-03-23] FF Extension: Adblock Plus - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-10] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-10] FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\extensions\searchengine@gmail.com FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\extensions\istart_ffnt@gmail.com FF HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\33p02pyw.default\extensions\cliqz@cliqz.com Chrome: ======= CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1428736475&from=cor&uid=ST500LM012XHN-M500MBB_S2TUJ9FCB11632 CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17] CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17] CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-17] CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17] CHR Extension: (Adblock Plus) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17] CHR Extension: (Google-Suche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14] CHR Extension: (Click&Clean) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-17] CHR Extension: (Avast Online Security) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-17] CHR Extension: (TweetDeck by Twitter) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-03-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Google Scholar-Schaltfläche) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-05-04] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17] CHR Extension: (Google Mail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [Datei ist nicht signiert] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-20] (Avast Software) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-20] (AVAST Software) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-20] (Avast Software) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-24 14:55 - 2015-09-24 15:30 - 00000000 ____D C:\FRST 2015-09-24 14:52 - 2015-09-24 14:53 - 00000472 _____ C:\Users\Kevin\Desktop\defogger_disable.log 2015-09-24 14:52 - 2015-09-24 14:52 - 00000000 _____ C:\Users\Kevin\defogger_reenable 2015-09-24 14:49 - 2015-09-24 14:49 - 00380416 _____ C:\Users\Kevin\Desktop\Gmer-19357.exe 2015-09-24 14:48 - 2015-09-24 14:49 - 02192384 _____ (Farbar) C:\Users\Kevin\Desktop\FRST64.exe 2015-09-24 14:48 - 2015-09-24 14:48 - 00050477 _____ C:\Users\Kevin\Downloads\Defogger.exe 2015-09-24 14:45 - 2015-09-24 14:45 - 00000000 ____D C:\Program Files\Common Files\AV 2015-09-24 14:45 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2015-09-24 14:37 - 2015-09-24 14:37 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-09-24 14:37 - 2015-09-24 14:37 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-09-24 14:37 - 2015-09-24 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-09-24 14:36 - 2015-09-24 14:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-09-24 14:36 - 2015-09-24 14:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-09-24 14:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-09-24 14:30 - 2015-09-24 14:30 - 01457952 _____ C:\Users\Kevin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2015-09-22 23:33 - 2015-09-24 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-22 14:14 - 2015-09-22 14:14 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\WordMat 2015-09-21 12:04 - 2015-09-21 12:10 - 124053804 _____ (Eduap ) C:\Users\Kevin\Downloads\WordMat109.exe 2015-09-14 10:49 - 2015-09-14 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-09-13 02:43 - 2015-09-15 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-09-09 05:23 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-09 05:23 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-09 05:23 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-09 05:23 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-09 05:23 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-09 05:23 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-09 05:23 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-09 05:23 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-09 05:23 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-09 05:23 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-09 05:23 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-09 05:23 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-09 05:22 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-09 05:22 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-09 05:22 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-09 05:22 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-09 05:22 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-09 05:22 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-09 05:22 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-09 05:22 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-09 05:22 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-09 05:22 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-09 05:22 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-09 05:22 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-09 05:22 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-09 05:22 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-09 05:22 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-09 05:22 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-09 05:22 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-09 05:22 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-09 05:22 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-09 05:22 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-09 05:22 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-09 05:22 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-09 05:22 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-09 05:22 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-09 05:22 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-09 05:22 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-09 05:22 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-09 05:22 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-09 05:22 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-09 05:22 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-09 05:22 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-09 05:22 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-09 05:22 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-09 05:22 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-09 05:22 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-09 05:22 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-09 05:22 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-09 05:22 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-09 05:22 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-09 05:22 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-09 05:21 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-09 05:21 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-09 05:21 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-09 05:21 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-09 05:21 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-09 05:21 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-09 05:21 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-09 05:21 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-09 05:21 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-09 05:21 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-09 05:21 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-09 05:21 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-09 05:21 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-09 05:21 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-09 05:21 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-09 05:21 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-09 05:21 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-09 05:21 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-09 05:21 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-09 05:21 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-09 05:21 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-09 05:21 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-09-09 05:21 - 2015-07-13 21:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml 2015-09-09 05:21 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys 2015-09-09 05:21 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-09-09 05:21 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-09-09 05:21 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-09-09 05:21 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-09-07 13:31 - 2015-09-07 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2015-09-02 09:37 - 2015-09-02 09:37 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-24 15:26 - 2015-06-03 16:29 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype 2015-09-24 15:26 - 2015-03-17 20:30 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-24 15:24 - 2014-02-10 22:45 - 00000000 ____D C:\Users\Kevin 2015-09-24 15:22 - 2014-11-13 23:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-24 15:22 - 2013-08-22 16:46 - 00087276 _____ C:\Windows\setupact.log 2015-09-24 15:22 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-24 15:21 - 2013-08-22 16:44 - 00517032 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-24 15:19 - 2014-02-10 22:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-24 15:19 - 2014-02-10 21:55 - 00165280 _____ C:\Windows\PFRO.log 2015-09-24 15:03 - 2014-03-18 11:16 - 00001840 _____ C:\Windows\Sandboxie.ini 2015-09-24 15:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-24 15:01 - 2014-02-10 22:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1492992966-3316130111-433737794-1001 2015-09-24 14:59 - 2015-03-17 20:30 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-24 14:33 - 2015-06-26 09:23 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1492992966-3316130111-433737794-1001UA.job 2015-09-24 14:33 - 2014-02-10 22:33 - 01619831 _____ C:\Windows\WindowsUpdate.log 2015-09-24 12:38 - 2014-02-11 10:32 - 00000000 ___RD C:\Users\Kevin\Dropbox 2015-09-24 12:37 - 2014-02-11 10:30 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Dropbox 2015-09-24 11:30 - 2014-06-11 10:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\Akamai 2015-09-23 06:33 - 2015-06-26 09:23 - 00001190 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1492992966-3316130111-433737794-1001Core.job 2015-09-22 15:10 - 2014-11-13 23:36 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-09-22 12:22 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-16 23:49 - 2014-03-05 01:21 - 02256896 ___SH C:\Users\Kevin\Desktop\Thumbs.db 2015-09-16 14:54 - 2015-03-17 20:30 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-16 14:54 - 2015-03-17 20:30 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-15 23:00 - 2014-02-10 22:33 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-15 23:00 - 2013-08-23 01:24 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-09-15 23:00 - 2013-08-23 01:24 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-09-15 03:18 - 2015-03-12 08:49 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-15 03:18 - 2015-03-12 08:49 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-14 10:49 - 2014-12-16 12:54 - 00000000 ____D C:\ProgramData\Cisco 2015-09-14 10:49 - 2014-12-16 12:54 - 00000000 ____D C:\Program Files (x86)\Cisco 2015-09-12 10:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-09-09 12:43 - 2014-02-10 23:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-09-09 12:31 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-09-09 12:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-09 12:16 - 2014-02-18 12:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 11:52 - 2013-08-23 01:26 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-09 11:52 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini 2015-09-09 11:50 - 2014-02-17 09:14 - 00000000 ____D C:\Windows\system32\MRT 2015-08-31 20:36 - 2014-03-16 10:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-31 20:36 - 2014-03-16 10:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-26 18:37 - 2014-02-17 09:14 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-04-11 09:18 - 2015-04-11 09:18 - 0000096 _____ () C:\Users\Kevin\AppData\Roaming\settings.xml 2006-12-11 19:13 - 2006-12-11 19:13 - 0097336 _____ (Un4seen Developments) C:\Users\Kevin\AppData\Local\bass.dll 2006-12-11 19:13 - 2006-12-11 19:13 - 0013872 _____ (Un4seen Developments) C:\Users\Kevin\AppData\Local\basscd.dll 2007-08-13 17:46 - 2007-08-13 17:46 - 0102912 _____ (Albert L Faber) C:\Users\Kevin\AppData\Local\CDRip.dll 2007-08-13 17:46 - 2007-08-13 17:46 - 0155136 _____ () C:\Users\Kevin\AppData\Local\lame_enc.dll 2007-01-18 21:09 - 2007-01-18 21:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Kevin\AppData\Local\No23 Recorder.exe 2005-08-23 22:34 - 2005-08-23 22:34 - 0029184 _____ () C:\Users\Kevin\AppData\Local\no23xwrapper.dll 2006-10-26 01:06 - 2006-10-26 01:06 - 0015872 _____ () C:\Users\Kevin\AppData\Local\ogg.dll 2015-04-09 10:35 - 2015-05-20 19:31 - 0001469 _____ () C:\Users\Kevin\AppData\Local\RecConfig.xml 2015-01-02 19:49 - 2015-01-02 19:49 - 0053247 _____ () C:\Users\Kevin\AppData\Local\recently-used.xbel 2006-10-26 01:06 - 2006-10-26 01:06 - 0143872 _____ () C:\Users\Kevin\AppData\Local\vorbis.dll 2006-10-26 01:06 - 2006-10-26 01:06 - 0064000 _____ () C:\Users\Kevin\AppData\Local\vorbisenc.dll 2006-10-26 01:06 - 2006-10-26 01:06 - 0019456 _____ () C:\Users\Kevin\AppData\Local\vorbisfile.dll Einige Dateien in TEMP: ==================== C:\Users\Kevin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwa6tg.dll C:\Users\Kevin\AppData\Local\Temp\Foxit Updater.exe C:\Users\Kevin\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Kevin\AppData\Local\Temp\kernel32.dll C:\Users\Kevin\AppData\Local\Temp\SandboxieInstall.exe C:\Users\Kevin\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Kevin\AppData\Local\Temp\tester.dll C:\Users\Kevin\AppData\Local\Temp\tmp19AC.tmp.exe C:\Users\Kevin\AppData\Local\Temp\tmp36BA.tmp.exe C:\Users\Kevin\AppData\Local\Temp\tmp890A.tmp.exe C:\Users\Kevin\AppData\Local\Temp\tmpA01D.tmp.exe C:\Users\Kevin\AppData\Local\Temp\tmpEB54.tmp.exe C:\Users\Kevin\AppData\Local\Temp\tmpEF2F.tmp.exe C:\Users\Kevin\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015 durchgeführt von Kevin (2015-09-24 14:56:57) Gestartet von C:\Users\Kevin\Desktop Windows 8.1 Pro (X64) (2014-02-10 20:45:32) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1492992966-3316130111-433737794-500 - Administrator - Disabled) Gast (S-1-5-21-1492992966-3316130111-433737794-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1492992966-3316130111-433737794-1003 - Limited - Enabled) Kevin (S-1-5-21-1492992966-3316130111-433737794-1001 - Administrator - Enabled) => C:\Users\Kevin ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Any Video Converter 5.8.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apowersoft Gratis - Audiorekorder V2.3.4 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.3.4 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.04011 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.04011 - Cisco Systems, Inc.) Hidden Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com) Dropbox (HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.) DVDStyler v2.9.2 (HKLM-x32\...\DVDStyler_is1) (Version: - ) Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free MP3 Cutter and Editor 2.6 (HKLM-x32\...\Free MP3 Cutter and Editor_is1) (Version: - musetips.com) Free Video to MP3 Converter version 5.0.58.415 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.58.415 - DVDVideoSoft Ltd.) Free WMV To AVI Converter (HKLM-x32\...\{BD0BF269-9706-47B4-BBA8-312B8F9F9AF7}) (Version: 1.0.0 - convertaudiofree) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{F4721C9E-74D6-11E4-9122-F04DA23A5C58}) (Version: 13.0.943 - Sony) Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla) Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla) mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ACHTUNG Nero 2015 (HKLM-x32\...\{EF09AC51-1657-4A06-9449-B2BF1C4FB608}) (Version: 16.0.05500 - Nero AG) Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG) No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) oCam Version 113.0 (HKLM-x32\...\oCam_is1) (Version: 113.0 - hxxp://ohsoft.net/) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd) Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) Prerequisite installer (x32 Version: 16.0.0004 - Nero AG) Hidden R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) ROCCAT Kone Pure Optical Mouse Driver (HKLM-x32\...\{22D40E66-0D41-45A3-A8A1-90B8A38D9A68}) (Version: - Roccat GmbH) RStudio (HKLM-x32\...\RStudio) (Version: 0.98.507 - RStudio) Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SUPER © v2015.build.64+Recorder (2015/02/13) Version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1492992966-3316130111-433737794-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Wiederherstellungspunkte ========================= 08-09-2015 12:22:03 Geplanter Prüfpunkt 17-09-2015 18:35:36 Geplanter Prüfpunkt 22-09-2015 12:21:53 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0671F014-D86F-44FA-A8B8-0F57C7CC68AF} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {06F516CB-8C29-4053-BD09-74E2EA832C3C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated) Task: {241EE14B-EA5D-41A6-AEB6-F9FDA8E02D55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {3DC8A1A8-C2D1-45BD-9EE9-FCB61C080A6E} - System32\Tasks\{0992D23C-F9E9-495D-A6AF-081E17A2973A} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.85.102/de/abandoninstall?page=tsPlugin Task: {698527B6-C986-4282-B27D-DB34D6CC1BB4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1492992966-3316130111-433737794-1001UA => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.) Task: {81CA75FD-BC27-40FE-B6A0-4C16D3A47B9C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG) Task: {8F6CABAF-0120-4DDD-8051-F7A8A6BD4017} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.) Task: {AC1477E9-FBD1-44D9-9A52-E86826A2650D} - System32\Tasks\{AB3DE272-CE1D-4BD0-9A9B-454C35CDABB5} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_223_Plugin.exe -c -maintain plugin Task: {B2C2AD02-605B-440F-8139-AA6B96924282} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.) Task: {DFF0DAA7-EE66-42C6-A46A-B4DC7875A506} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {E5D8A30C-F33E-4645-ADB9-41CDD5987CC9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software) Task: {E667C826-B782-4CD8-8F28-1F48B1FCEB64} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1492992966-3316130111-433737794-1001Core => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1492992966-3316130111-433737794-1001Core.job => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1492992966-3316130111-433737794-1001UA.job => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-05-27 14:34 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-02-11 21:42 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2014-01-30 00:02 - 2014-01-30 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-07-28 20:29 - 2014-07-28 20:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2014-07-28 20:32 - 2014-07-28 20:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2014-07-28 20:29 - 2014-07-28 20:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2014-07-28 20:31 - 2014-07-28 20:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2015-07-20 16:09 - 2015-07-20 16:09 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-07-20 16:09 - 2015-07-20 16:09 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-09-09 12:37 - 2015-09-09 12:37 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15090900\algo.dll 2015-09-24 12:45 - 2015-09-24 12:45 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15092400\algo.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-07-20 16:09 - 2015-07-20 16:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-17 15:22 - 2012-10-01 19:53 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\hiddriver.dll 2015-07-24 14:34 - 2015-07-24 14:34 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-02-11 21:42 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-09-24 12:37 - 2015-09-24 12:37 - 00071168 _____ () c:\users\kevin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwa6tg.dll 2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 14:36 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-09-24 14:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-09-24 14:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-09-24 14:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-09-24 14:36 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll 2015-09-24 14:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-09-24 14:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1492992966-3316130111-433737794-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "BrStsMon00" HKLM\...\StartupApproved\Run32: => "ControlCenter3" HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1492992966-3316130111-433737794-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A56C17D7-7A4A-48EB-80AB-82A6CEEA8711}] => (Allow) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{48395351-D0CE-48F0-BB51-EA51427158AC}] => (Allow) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{A3082BB3-E7E5-44FF-B792-2922676F55FB}C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{F8813CC2-9ED2-4CF2-B9E5-1E027389B21F}C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{570BFA21-8566-4F03-8114-54A90AE8CAB1}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{A6CAA5BB-1475-4244-A13C-CC2A9FFF002D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{290CAF5F-C38B-4BCD-AEF3-C019A27E2595}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{6141FBC7-52E9-4D2B-882B-029923906BB7}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{9794FD7D-B872-4604-A9E4-56AC94BFCFA2}] => (Allow) LPort=57440 FirewallRules: [{5B569F74-8FAE-4E1F-AE8F-355DFEF5ADE5}] => (Allow) LPort=57440 FirewallRules: [{E944012C-033B-44F5-9FB1-8E41693E8161}] => (Allow) LPort=57440 FirewallRules: [{C9BC9DFB-1B1B-455C-AACC-92A632AC1C51}] => (Allow) LPort=57440 FirewallRules: [{547EBF6F-BD83-4DFA-849C-06ECEF17C9A0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{1149F740-E408-4CF0-9AA5-9154E3147DAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{4CA9BB51-FF2A-4889-8FBC-3E801D5AB60F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{E71D33C2-0442-44CF-89FE-FFB6626474A3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{3BE480E0-30B6-4732-AEC6-0805EFFFBAB3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{DE66F2CE-1C0E-4FAF-ABBD-DB4DEA357A9F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{22B30ACE-F951-449E-A2A6-AD5C66E9C792}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5B8989E5-E2F1-4A3A-B3DF-45B4B41CFBFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{28A235A4-2995-469F-99A8-62DEC2B51629}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5817332A-3BCA-497F-A67D-75BB74E385ED}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{8145860C-C6F8-4A05-91D2-EDDC78718506}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A4EA8084-888E-43D3-BF9C-23ACCC7C02A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{9AB3EFA8-4817-4E4A-A623-6B4F07A93FFA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{58F788A8-0A94-4BCD-9C2F-EC040B760245}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{BC06300D-29B0-4525-9C34-B6DF794D7457}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{15C19EEA-1597-43D0-A383-59125F4994DB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{F7E9FAC0-717B-4ED4-927C-9DE7C9D9324B}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [{7866B067-E218-48D8-809A-D00D35BBF08A}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe FirewallRules: [{BBE35BA8-9236-4C3A-BDA6-A35852601B83}] => (Allow) C:\Users\Kevin\AppData\Local\Temp\nst3ACD.tmp\CnetInstaller-75925889.exe FirewallRules: [{261FB67B-3ABF-457D-9467-F4CD1381D0E9}] => (Allow) C:\Users\Kevin\AppData\Local\Temp\nst3ACD.tmp\CnetInstaller-75925889.exe FirewallRules: [{33F37DB0-7095-41BB-BDF4-908BF4ACC1BD}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{090D8899-F08C-41B4-89B5-3A2069E867C8}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kevin\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{D68EA79A-741A-471F-8AA3-EF944218ECA7}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kevin\appdata\local\akamai\netsession_win.exe FirewallRules: [{229386DE-B35C-436B-BA47-25D1BAA5DE19}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{F99C01E9-46CD-41C3-8F3E-B21980EBBA3E}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{946FC60A-826B-4C90-A4B8-CEA2CAAEAFE9}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe FirewallRules: [{C326A50D-97D9-4F10-B9FA-FDFE0BBF7B7F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{37A9D14C-3DA3-4661-A9C0-A9D127A1D198}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe FirewallRules: [{3FCC3024-0D66-4120-978E-6A9B05F58E37}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{26604382-F48D-4A7B-805D-CEB27CF43E5E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{4D51B343-E850-4E87-A5E9-CF2C6859CC83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/18/2015 12:35:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:35:04.432]: [00004876]: Initialize TwdsMain Class failed! Error: (09/18/2015 12:35:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:35:04.431]: [00004876]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (09/18/2015 12:35:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:35:04.367]: [00004876]: Initialize TwdsMain Class failed! Error: (09/18/2015 12:35:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:35:04.366]: [00004876]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (09/18/2015 12:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: CTLCN BrtCTLCN: [2015/09/18 12:33:12.245]: [00004876]: brccFCtl.dll: ### ERROR ### Brother OCR not installed Error: (09/18/2015 12:32:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:32:52.997]: [00004876]: Initialize TwdsMain Class failed! Error: (09/18/2015 12:32:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:32:52.996]: [00004876]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (09/18/2015 12:32:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:32:52.265]: [00004876]: Initialize TwdsMain Class failed! Error: (09/18/2015 12:32:52 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/09/18 12:32:52.264]: [00004876]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (09/17/2015 07:39:49 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1093 Systemfehler: ============= Error: (09/24/2015 11:35:32 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (09/24/2015 11:35:02 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/23/2015 05:16:34 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{4b91b736-928d-11e3-824b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A3F48ABE-C20F-4312-AF3B-843DB753F49B} Error: (09/23/2015 05:04:11 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (09/23/2015 05:03:41 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/22/2015 04:41:09 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (09/22/2015 04:40:39 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/21/2015 11:13:15 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (09/21/2015 11:12:45 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/21/2015 10:30:46 AM) (Source: DCOM) (EventID: 10010) (User: Kevin-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} CodeIntegrity: =================================== Date: 2014-11-23 22:37:26.577 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:26.317 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:26.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:25.819 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:25.591 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:25.390 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:25.167 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:24.936 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:24.688 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-23 22:37:24.453 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Prozentuale Nutzung des RAM: 35% Installierter physikalischer RAM: 8102.69 MB Verfügbarer physikalischer RAM: 5257.21 MB Summe virtueller Speicher: 9382.69 MB Verfügbarer virtueller Speicher: 6172.52 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:195.35 GB) (Free:83.59 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (Data) (Fixed) (Total:245.41 GB) (Free:234.55 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DB144593) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=195.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=245.4 GB) - (Type=OF Extended) ==================== Ende von Addition.txt ============================ |
Themen zu Windows 8.1: Zugriff auf Router durch Fremdsoftware? |
akamai, antivirus, bonjour, converter, cpu, defender, device driver, dnsapi.dll, downloader, failed, flash player, frage, homepage, launch, mozilla, mp3, prozesse, registry, rundll, safer networking, scan, security, services.exe, software, svchost.exe, system, udp, usb, win10, windows |