| |
| |||||||
Log-Analyse und Auswertung: Windows Vista 32 Bit stürzt ständig ab, Strg+Alt+Entf=Fehlermeldung, Maus aktivWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.11.2015, 13:30
| #1 |
 |  Windows Vista 32 Bit stürzt ständig ab, Strg+Alt+Entf=Fehlermeldung, Maus aktiv Hallo liebes Team, ich habe schon seit einiger Zeit Probleme mit meinem Laptop. Aber seit kurzem werden es immer mehr. Ich hoffe das Ihr mir helfen könnt! System brauch sehr lange bis es hochgefahren ist. Unten beschriebenes kommt NICHT immer vor, aber vermehrt. Wenn ich beginnen möchte zu arbeiten (egal ob Word, Outlook, Suche nach einer Datei, Internet usw.) friert der Bildschirm ein. Jetzt habe ich zwei Varianten: 1-> Bildschirm friert ein, Maus aktiv und beweglich, Strg+Alt+Entf= kein Taskmanager sondern eine Fehlermeldung mit schwarzem Hintergrund (weiß leider nicht mehr genau was dann da kommt. Aber irgendwas mit "Sicherheitsoptionen") System kehrt nicht zurück und verweilt in diesem Zustand. Bisher einizige Möglichkeit "Off" Schalter 2->Bildschirm friert ein, Maus inaktiv, Strg+Alt+Entf= Taskmanager öffnet sich (aber auch erst nach 1-2 Minuten), dann beende ich alle Prozesse. Gebe ihm ein paar Minuten Ruhe und dann gehts wieder. Ich hoffe das es alles die richtigen Logs sind: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:09 on 20/11/2015 (Patricia)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:19-11-2015
durchgeführt von Patricia (Administrator) auf LAPPI (20-11-2015 12:13:03)
Gestartet von C:\Users\Patricia\Desktop
Geladene Profile: Patricia (Verfügbare Profile: Patricia & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor Corp.) C:\Users\Patricia\AppData\Local\Temp\RtkBtMnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
() C:\Users\Patricia\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-19] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [OpenLimit_SEMr] => "C:\Program Files\OpenLimit\siqSEMr.exe" -a
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {0b7b5f50-c8f7-11e2-991b-001f16b82ce4} - F:\setup.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {0b7b5f52-c8f7-11e2-991b-001f16b82ce4} - G:\setup.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {10c252d4-7393-11e3-b98e-001e101f7fb6} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {24fee1ff-754a-11e3-980d-001e101fb45e} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {5f926d56-0a28-11e3-83f0-001e65610bb6} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {5f926d82-0a28-11e3-83f0-001e101fb681} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {8cd63cdf-0b48-11e3-9a65-001e101f7fb6} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {ad0aafaf-c01c-11df-831f-001f16b82ce4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {bcb6a024-1072-11e3-95c2-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {bf0b57bf-1646-11e3-abfb-001f16b82ce4} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {bf0b57d0-1646-11e3-abfb-001e101f82a0} - E:\AutoRun.exe
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\MountPoints2: {c456c1aa-9ef9-11e0-bcf2-001f16b82ce4} - E:\autorun.exe
AppInit_DLLs: c:\progra~2\browse~1\25976~1.107\{c16c1~1\mngr.dll => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk [2015-11-20]
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK [2010-07-02]
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Microsoft Works\WkCalRem.exe (Keine Datei)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-05-20] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A266D302-51C8-440F-8E30-913A5CB4650D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE3D672B-3C55-4D65-A39C-8459F73B3148}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E97C7AB6-40DC-4B7B-AB69-2F8EC0D20784}: [DhcpNameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{FC60A105-7439-4895-A86E-CF79EA9B8C1E}: [DhcpNameServer] 193.189.244.225 193.189.244.206
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=b25dd16e-3e09-4dab-a427-07a7a06c7975&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=b25dd16e-3e09-4dab-a427-07a7a06c7975&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=116210&tt=091212_621_5012_3&babsrc=SP_ss&mntrId=0a900188000000000000001e65610bb6
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE349
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000 -> {AC4EBB37-C694-471D-AF74-645F89C07DFB} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-29] (Sun Microsystems, Inc.)
Toolbar: HKLM - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1373798880-2491931855-1621115947-1000: @phonostar.de/phonostar-Player -> C:\Program Files\phonostar-Player\npphonostarDetectNP.dll [Keine Datei]
FF user.js: detected! => C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\user.js [2012-12-11]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\searchplugins\fileconverter-13-customized-web-search.xml [2012-10-26]
FF SearchPlugin: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\searchplugins\Web Search.xml [2012-09-06]
FF SearchPlugin: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\searchplugins\youtube.xml [2013-12-22]
FF Extension: Avira Browser Safety - C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\Extensions\abs@avira.com [2015-11-01] [ist nicht signiert]
FF Extension: vis - C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-12-22] [ist nicht signiert]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-11-09]
FF Extension: YouTube Unblocker - C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-11-05]
FF Extension: BrowserWizard - C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\Extensions\{8fbad573-297e-4920-a0d3-5d728ee53b20}.xpi [2015-05-12] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\603do8jo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-20] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-09-06] [ist nicht signiert]
Chrome:
=======
CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kein Name) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-12-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\facemoods.com\facemoods\1.4.17.8\dealply.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Patricia\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx <nicht gefunden>
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [919608 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1213128 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2013-09-05] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-09-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-01] (Avira Operations GmbH & Co. KG)
S3 cm_ser; C:\Windows\System32\DRIVERS\cm_ser.sys [103680 2011-06-25] (C-motech Co.,Ltd.) [Datei ist nicht signiert]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [Datei ist nicht signiert]
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-12] (Realtek Semiconductor Corp.)
S3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62976 2008-12-02] (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-20 12:13 - 2015-11-20 12:14 - 00023773 _____ C:\Users\Patricia\Desktop\FRST.txt
2015-11-20 12:12 - 2015-11-20 12:13 - 00000000 ____D C:\FRST
2015-11-20 12:11 - 2015-11-20 12:12 - 01391104 _____ (Farbar) C:\Users\Patricia\Desktop\FRST.exe
2015-11-20 12:09 - 2015-11-20 12:09 - 00000478 _____ C:\Users\Patricia\Desktop\defogger_disable.log
2015-11-20 12:09 - 2015-11-20 12:09 - 00000000 _____ C:\Users\Patricia\defogger_reenable
2015-11-20 12:07 - 2015-11-20 12:07 - 00050477 _____ C:\Users\Patricia\Desktop\Defogger.exe
2015-11-20 11:13 - 2015-11-20 11:13 - 00000104 _____ C:\Users\Patricia\Desktop\E-Mail - Verknüpfung.lnk
2015-11-19 17:27 - 2015-11-19 17:27 - 08753344 _____ (McAfee, Inc.) C:\Users\Patricia\SecurityScan_Release.exe
2015-11-19 17:17 - 2015-11-19 17:20 - 00000000 ____D C:\Users\Patricia\AppData\Local\AvgSetupLog
2015-11-19 17:17 - 2015-11-19 17:17 - 00000000 ____D C:\Users\Patricia\AppData\Local\Avg
2015-11-17 19:54 - 2015-11-17 19:59 - 00000000 ____D C:\Users\Patricia\Downloads\TKKG Download Nov. 15
2015-11-13 13:22 - 2015-11-13 13:22 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 16:22 - 2015-10-17 15:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 16:19 - 2015-10-17 17:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 16:19 - 2015-10-13 15:31 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 16:19 - 2015-10-13 15:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 16:17 - 2015-10-14 21:22 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 16:17 - 2015-10-14 17:01 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-11 16:17 - 2015-10-14 17:01 - 03554752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 16:12 - 2015-10-10 17:02 - 00526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 16:06 - 2015-09-26 17:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 16:06 - 2015-09-26 17:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 16:06 - 2015-09-26 14:21 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 16:06 - 2015-09-22 14:11 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 10:05 - 2015-10-31 18:24 - 11086336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 06012416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 10:05 - 2015-10-31 18:24 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 10:05 - 2015-10-31 18:24 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-11-11 10:05 - 2015-10-31 09:41 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 10:05 - 2015-10-31 09:34 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 10:05 - 2015-10-31 09:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 10:05 - 2015-10-31 09:34 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 10:05 - 2015-10-31 09:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-08 10:29 - 2015-11-11 09:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-01 13:21 - 2015-11-01 13:23 - 00000000 ____D C:\Users\Patricia\Downloads\Downloads 2015
2015-10-28 10:39 - 2015-10-28 10:39 - 00002115 _____ C:\Users\Public\Desktop\HP Photosmart 5520 series.lnk
2015-10-28 10:39 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB111.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-20 12:10 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-20 12:10 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-20 12:09 - 2009-10-17 18:57 - 00000000 ____D C:\Users\Patricia
2015-11-20 11:43 - 2014-07-21 12:45 - 00000000 ____D C:\Users\Patricia\Documents\Sky Befunde
2015-11-20 11:23 - 2011-10-03 15:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-20 11:22 - 2010-02-20 14:42 - 00095744 _____ C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-20 11:21 - 2015-08-19 13:16 - 00001236 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1373798880-2491931855-1621115947-1000UA.job
2015-11-20 11:19 - 2012-04-04 11:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-20 11:11 - 2012-10-26 12:17 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\Winamp
2015-11-20 11:11 - 2009-08-04 16:53 - 01241040 _____ C:\Windows\WindowsUpdate.log
2015-11-20 10:37 - 2011-10-03 15:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-20 10:36 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-20 10:10 - 2012-07-06 17:35 - 00000000 ____D C:\Users\Patricia\AppData\Local\Facebook
2015-11-20 08:30 - 2010-07-29 13:44 - 00000000 ____D C:\Windows\Minidump
2015-11-20 08:23 - 2009-02-11 21:16 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-20 08:12 - 2015-03-11 18:02 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-11-19 17:05 - 2009-10-27 13:10 - 00000428 ____H C:\Windows\Tasks\User_Feed_Synchronization-{FB61473F-F838-4FEC-B5D2-837455005B65}.job
2015-11-19 17:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-11-19 17:01 - 2006-11-02 11:22 - 51642368 _____ C:\Windows\system32\config\software_previous
2015-11-19 17:01 - 2006-11-02 11:22 - 49283072 _____ C:\Windows\system32\config\components_previous
2015-11-19 17:01 - 2006-11-02 11:22 - 34078720 _____ C:\Windows\system32\config\system_previous
2015-11-19 17:01 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-11-19 17:01 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-11-19 17:01 - 2006-11-02 11:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2015-11-19 16:57 - 2015-08-20 12:17 - 00000000 ____D C:\Users\Patricia\Desktop\VRR
2015-11-19 16:57 - 2012-10-27 13:36 - 00000000 ____D C:\Users\Public\StarStableOnline
2015-11-19 16:57 - 2010-12-04 12:34 - 00000000 ____D C:\Users\Gast
2015-11-19 16:57 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2015-11-19 16:57 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2015-11-19 16:36 - 2009-10-22 15:09 - 00007836 _____ C:\Users\Patricia\AppData\Local\d3d9caps.dat
2015-11-17 17:34 - 2006-11-02 14:01 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-17 17:25 - 2012-10-27 13:36 - 00000000 ____D C:\Windows\system32\directx
2015-11-16 14:21 - 2015-08-19 13:16 - 00001184 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1373798880-2491931855-1621115947-1000Core.job
2015-11-13 19:45 - 2013-12-15 09:40 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\HpUpdate
2015-11-13 13:23 - 2014-04-11 15:04 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\Dropbox
2015-11-13 13:06 - 2013-08-15 05:45 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 12:52 - 2006-11-02 11:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-12 08:25 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-11-12 07:42 - 2006-11-02 11:33 - 01576086 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 07:35 - 2006-11-02 13:47 - 00346256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 07:31 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 16:21 - 2009-03-12 04:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 16:01 - 2013-03-01 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-11 15:19 - 2012-04-04 11:04 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-11 15:19 - 2011-06-13 06:31 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 09:29 - 2014-08-08 14:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 09:25 - 2012-06-04 10:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-05 18:38 - 2011-09-21 07:40 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-11-03 15:26 - 2015-09-21 14:15 - 00000000 ____D C:\Users\Patricia\Documents\Bewerbungen Jan 2015
2015-10-31 18:54 - 2011-08-29 12:20 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\vlc
2015-10-28 10:39 - 2014-01-04 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-28 10:36 - 2013-12-15 09:37 - 00000000 ____D C:\ProgramData\HP
2015-10-28 10:36 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\twain_32
2015-10-28 10:29 - 2014-01-04 16:08 - 00001757 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-10-21 11:57 - 2011-05-19 13:39 - 00000000 ___RD C:\Users\Patricia\Download´s
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2007-03-12 17:59 - 2007-03-12 17:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2015-04-29 10:36 - 2015-04-29 10:40 - 0000615 _____ () C:\Users\Patricia\AppData\Roaming\bietermodul.ini
2010-09-09 11:08 - 2010-09-09 11:08 - 0028176 _____ () C:\Users\Patricia\AppData\Roaming\Microsoft Excel.ADR
2010-07-02 19:48 - 2014-06-30 13:36 - 0019238 _____ () C:\Users\Patricia\AppData\Roaming\UserTile.png
2009-10-20 15:04 - 2009-10-27 13:02 - 0000120 _____ () C:\Users\Patricia\AppData\Roaming\wklnhst.dat
2009-10-22 15:09 - 2015-11-19 16:36 - 0007836 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
2010-02-20 14:42 - 2015-11-20 11:22 - 0095744 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-25 13:44 - 2014-11-25 13:44 - 0004096 ____H () C:\Users\Patricia\AppData\Local\keyfile3.drm
2009-12-12 15:44 - 2009-12-12 15:47 - 0006475 _____ () C:\Users\Patricia\AppData\Local\MyWinLockerInstaller.txt-20091212.log
2015-10-01 07:17 - 2015-10-01 07:17 - 0001348 _____ () C:\Users\Patricia\AppData\Local\recently-used.xbel
2010-05-22 12:53 - 2010-05-22 12:53 - 0017408 _____ () C:\Users\Patricia\AppData\Local\WebpageIcons.db
2014-01-04 16:10 - 2014-01-04 16:10 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-03-12 04:26 - 2009-08-04 17:10 - 0004536 _____ () C:\ProgramData\ArcadeDeluxe2.log
2009-12-28 17:03 - 2009-12-28 17:03 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2009-12-12 15:37 - 2009-12-12 15:38 - 0000090 _____ () C:\ProgramData\PS.log
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Patricia\Firefox Setup 6.0.exe
C:\Users\Patricia\Firefox Setup Stub 26.0.exe
C:\Users\Patricia\SecurityScan_Release.exe
Einige Dateien in TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Patricia\AppData\Local\Temp\avgnt.exe
C:\Users\Patricia\AppData\Local\Temp\GdiPlus.dll
C:\Users\Patricia\AppData\Local\Temp\icqsetup.exe
C:\Users\Patricia\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Patricia\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Patricia\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Patricia\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-20 10:52
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:19-11-2015
durchgeführt von Patricia (2015-11-20 12:14:44)
Gestartet von C:\Users\Patricia\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-08-04 15:57:23)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1373798880-2491931855-1621115947-500 - Administrator - Disabled)
Gast (S-1-5-21-1373798880-2491931855-1621115947-501 - Limited - Disabled) => C:\Users\Gast
Patricia (S-1-5-21-1373798880-2491931855-1621115947-1000 - Administrator - Enabled) => C:\Users\Patricia
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ATI Catalyst Install Manager (HKLM\...\{502D4628-92AD-416A-0580-00D64320DBB7}) (Version: 3.0.728.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.14.259 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
ccc-core-static (Version: 2009.0602.2224.38408 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
CIB pdf brewer (HKLM\...\{DF71EB8A-6E59-4249-BCB8-38EC406E4353}) (Version: 2.6.0034 - CIB software GmbH)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DarkSide (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114969777}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Freemake Video Converter Version 3.1.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.1.1 - Ellora Assets Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{88EFC235-396D-4A12-96AE-48C3451A0F79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HS Nettoeinkommen Pro 2010 TESTVERSION (HKLM\...\HS Nettoeinkommen Pro 2010 TESTVERSION) (Version: - )
Java 2 Runtime Environment, SE v1.4.2 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
Java(TM) 6 Update 27 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 de) (HKLM\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skins (Version: 2009.0602.2224.38408 - ATI) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
VSDC Free Video Editor Version 3.2.1.373 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.2.1.373 - Flash-Integro LLC)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\A5C76F143DE85710B0FDBABC39480EC492EE05CF) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{E763661E-E497-4D41-AFF4-6BBCB62B9E89}\InprocServer32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Patricia\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1373798880-2491931855-1621115947-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Patricia\AppData\Local\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {027F1D9F-5075-47A9-B3F4-4DCE619B75EC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {13FD9790-6F81-4D52-A132-BCAEB4F39FF5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1373798880-2491931855-1621115947-1000UA => C:\Users\Patricia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-19] (Dropbox, Inc.)
Task: {2281CECC-AD5D-4E83-9E89-26DB81D47A2E} - System32\Tasks\{F08C37EF-BF4C-4513-9E03-C1B4316BAB44} => C:\Program Files\Skype\Phone\Skype.exe
Task: {412A3695-61C6-46BA-AC5A-E2DF9834846D} - System32\Tasks\{9849A0E8-836C-4577-8655-3B2B3BC138A3} => pcalua.exe -a "C:\Program Files\Hentrich-Software\NettoProTest\UNWISE.EXE"
Task: {55612307-59F0-4DAE-BDED-81ADD975321B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1373798880-2491931855-1621115947-1000Core => C:\Users\Patricia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-19] (Dropbox, Inc.)
Task: {557F4C99-CFEF-477C-BA3B-4E39D3EF85D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {579D9158-09B7-4156-A5D0-4834B9684F1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {853CDFAA-CB60-4699-8905-1C15F7348569} - System32\Tasks\{88CAEF08-8584-42A8-A16D-818A786D5F65} => pcalua.exe -a C:\Users\Patricia\Download´s\korrektur.exe -d "C:\Program Files\Mozilla Firefox"
Task: {9ACF8C84-86A1-47C9-B77F-B7D2CCDA2C29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AD684C4F-250A-4F57-9BCA-D1F736411B6E} - System32\Tasks\shutdown => shutdown
Task: {B9EB0402-E11F-42BF-9B91-A3707D034785} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe
Task: {F1DF0607-4521-4550-AD81-9B917C31738E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {F9C93357-023F-41E6-A3B5-C5B86F1D15E9} - System32\Tasks\{0E287988-D671-464F-9558-5D5527CB3762} => pcalua.exe -a D:\Install.exe -d D:\
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1373798880-2491931855-1621115947-1000Core.job => C:\Users\Patricia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1373798880-2491931855-1621115947-1000UA.job => C:\Users\Patricia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{FB61473F-F838-4FEC-B5D2-837455005B65}.job => C:\Windows\system32\msfeedssync.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2009-11-12 17:09 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-09-24 16:40 - 2015-09-24 16:40 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
2009-08-04 17:03 - 2008-07-29 18:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2009-08-04 17:01 - 2009-08-04 17:01 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-03-31 16:45 - 2009-03-31 16:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-08-04 17:01 - 2009-08-04 17:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-08-05 01:29 - 2009-06-03 08:42 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-08-21 07:29 - 2013-09-05 17:40 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-08-21 07:29 - 2013-08-21 07:26 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-08-21 07:29 - 2013-08-21 07:26 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-08-21 07:29 - 2013-08-21 07:26 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-08-21 07:29 - 2013-08-21 07:26 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-08-21 07:29 - 2013-08-21 07:26 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-08-21 07:29 - 2013-08-21 07:26 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-05 01:33 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2015-11-20 12:07 - 2015-11-20 12:07 - 00050477 _____ () C:\Users\Patricia\Desktop\Defogger.exe
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:90108DD7
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:F591490A
AlternateDataStreams: C:\ProgramData\Temp:F72BF074
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1373798880-2491931855-1621115947-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Patricia\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: )
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Facebook Update => "C:\Users\Patricia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Orb => "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{59D7ECC3-1D25-4D86-A5C5-E7571576410B}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{AE4AF426-0752-41FE-A533-F7886DE302D8}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{565654F8-F40D-4390-93C6-8058E1ACD914}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{8D514C19-9B7F-4B3D-9039-760270250D49}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [TCP Query User{8C57B243-025B-48C4-A4C3-BBFCDE437561}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8432A41-5452-43FD-8274-F8C69826002C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{190D7E11-3BDB-4D17-915C-6B99F1928F58}] => (Allow) C:\Program Files\Winamp Remote\bin\Orb.exe
FirewallRules: [{7D5D9E63-C70E-4B32-8369-5F490E6B6B9A}] => (Allow) C:\Program Files\Winamp Remote\bin\Orb.exe
FirewallRules: [{EEDB743A-5447-4D58-9C4B-830721ABCB82}] => (Allow) C:\Program Files\Winamp Remote\bin\OrbTray.exe
FirewallRules: [{32332257-48C6-48BC-B182-C476CA6BDCAB}] => (Allow) C:\Program Files\Winamp Remote\bin\OrbTray.exe
FirewallRules: [{8224F982-5976-4CF6-8327-970289759DC2}] => (Allow) C:\Program Files\Winamp Remote\bin\OrbIR.exe
FirewallRules: [{B01515B4-FDB8-4BE5-B9B7-C135BC3A2F22}] => (Allow) C:\Program Files\Winamp Remote\bin\OrbIR.exe
FirewallRules: [{18995752-0AC0-4C48-B78E-E9A1126EFD72}] => (Allow) C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe
FirewallRules: [{12EE3FA2-C0AB-4691-93F3-3E7BF2DB5BDE}] => (Allow) C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe
FirewallRules: [TCP Query User{710D8F02-0A57-4F97-B4A3-FCBFA05C16F3}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{79AE2CFB-93F8-4D97-8E7F-30E0A3C3E74A}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{752E2D85-2041-4905-B725-8E95882EE209}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{CFB9C5DF-FEF1-41AD-9543-A471936438EF}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{D35F3E00-FF6E-4C9D-9728-B7FA59CBFA23}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{8783C3DA-26FE-45C3-8EB8-11D1CA3C17FE}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7350C63D-0398-4C64-A70E-13EDB2EE2C28}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{639EA99A-FC98-4C6E-A4CC-C8E68A1D9B06}] => (Allow) svchost.exe
FirewallRules: [{0198C78F-AE7E-4A3D-AD57-7A14FFA5B57F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0FB99A6E-7381-4795-AC3D-BDFAC98BD0B6}] => (Allow) LPort=80
FirewallRules: [{C4B2E356-D861-47A8-9F6F-81D09A7DFC4B}] => (Allow) LPort=80
FirewallRules: [{120D9F20-AA18-41D1-B255-9750133E3112}] => (Allow) LPort=80
FirewallRules: [TCP Query User{C57A1562-B544-4623-8F89-5F7444FE3BF3}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{0160521D-971E-42E5-BF29-E1A428CD650A}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E0C80472-9E61-4491-9E0A-3B48434DA801}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D61E3B3A-F010-4F06-8444-DBC8961741AC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{CB1017A8-0832-4F55-BF95-74A42C0B720E}C:\users\patricia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\patricia\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E47DC016-5E82-4172-AC60-8696E8DBEF2B}C:\users\patricia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\patricia\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0B0E2F70-E3D1-44EF-A1E5-2FD9E5F2431C}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{AF382AC3-BFBB-466D-9030-4F807250A608}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{3E7930F4-44AC-4355-B11E-A2361F5DF112}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{BE86CE5F-77AF-4CF0-A4CA-7FE7E50548F2}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{14C244CB-F3C3-4659-8150-D1905B7CB361}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS1D19\HPDiagnosticCoreUI.exe
FirewallRules: [{9D9030C2-7884-4EB0-83F5-524E8D43CE94}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS1D19\HPDiagnosticCoreUI.exe
FirewallRules: [{E8440646-B78F-42DF-9CAD-956524661F64}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS234A\HPDiagnosticCoreUI.exe
FirewallRules: [{BEEFBA93-1444-4C96-8F7F-543EC6FD0927}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS234A\HPDiagnosticCoreUI.exe
FirewallRules: [{62D38AC1-CDC0-41D1-9BDE-B67084F84D83}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E272A0B2-E63F-44A0-AEBF-2131D0E2396D}] => (Allow) D:\o2CD.exe
FirewallRules: [{02BAAAFD-8DE4-4F91-A3AA-61E7A2562B52}] => (Allow) D:\o2CD.exe
FirewallRules: [{21027777-5DA9-493E-8DC8-CEEA7D4BA2A3}] => (Allow) C:\Users\Patricia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{639D73F9-A92D-49C2-9333-F0C67C76ADEE}] => (Allow) C:\Users\Patricia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9A98F04C-A6F6-40DF-A565-C8D50262AF18}C:\users\patricia\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\patricia\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{89CF26A4-9918-48B7-BF7B-66289D4F3FA4}C:\users\patricia\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\patricia\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F418B273-227B-4652-B29C-CFC78170BB8B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1B4084DE-F13B-4BE3-85FB-9098EC3C07C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9D7646B1-19FE-4C6A-9806-69FB0CD432C7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3367C8C2-A285-44D8-A325-8E59A2F5B3B6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{4E88F45B-BF24-4330-9A41-779D97EC244F}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{81AE3EE2-81B7-4C31-B771-99AFB04959E5}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{7CCFCABA-BC30-4688-B790-9CD7ADC02B60}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{7BEB222C-BFE8-4E6F-A5FE-E2EB0D95FE5D}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{206CFF69-12C0-46A6-A683-DF88C0B79FAD}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS09E8\HPDiagnosticCoreUI.exe
FirewallRules: [{C0BC9B4A-E57B-4EAA-851E-F021AFA6B60E}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS09E8\HPDiagnosticCoreUI.exe
FirewallRules: [{BAFAE1E1-C619-436C-8CD9-2E7ECF639FF5}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS0A3A\HPDiagnosticCoreUI.exe
FirewallRules: [{82EA5380-A103-4830-9865-A3C4A8EE5A01}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS0A3A\HPDiagnosticCoreUI.exe
FirewallRules: [{EF8D9F5E-D7A1-498B-9029-0A0EA74F5B5E}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS2473\HPDiagnosticCoreUI.exe
FirewallRules: [{80C49BF4-832F-4325-B7A0-A3D3F9976ED5}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS2473\HPDiagnosticCoreUI.exe
FirewallRules: [{467F65A8-7D0C-48B4-B87E-1C409299FD05}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS2473\HPDiagnosticCoreUI.exe
FirewallRules: [{7623A44F-3850-4982-892A-83004085553E}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS2473\HPDiagnosticCoreUI.exe
FirewallRules: [{39C2BC2C-43A8-4A05-A534-F632A5CD848F}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS1C36\HPDiagnosticCoreUI.exe
FirewallRules: [{987439F1-4C75-4778-B9BB-9A7FD2D0760F}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS1C36\HPDiagnosticCoreUI.exe
FirewallRules: [{ADA21BA7-1126-4BDE-A6EF-CF26642406BD}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS257C\HPDiagnosticCoreUI.exe
FirewallRules: [{F4E82B13-59D6-4370-979A-A3BCE69D10EF}] => (Allow) C:\Users\Patricia\AppData\Local\Temp\7zS257C\HPDiagnosticCoreUI.exe
FirewallRules: [{4725F274-CC2D-4D30-AF68-982EB42AB066}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{6D4CEA33-E326-4C0F-AC8C-CAAE888700FB}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BB29AF17-1898-495F-BD48-599969CA16C7}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{476A9742-8658-41E1-8DED-2CDEDFFC37EF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E2F3805F-1D1F-47F9-9ED5-1B617572A982}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/20/2015 11:38:27 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PATRICIA\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\T017I04E\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/20/2015 10:38:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2015 07:49:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 06:29:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 06:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 05:27:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {97b70800-3eb2-420d-82ba-b6be344f19ab}
Error: (11/19/2015 05:13:35 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (11/19/2015 05:02:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 05:02:43 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (11/19/2015 04:45:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (11/20/2015 10:54:10 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/20/2015 10:38:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Mobile Partner. OUC%%1053
Error: (11/20/2015 10:38:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Mobile Partner. OUC
Error: (11/20/2015 10:38:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (11/20/2015 10:36:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.11.2015 um 10:23:57 unerwartet heruntergefahren.
Error: (11/20/2015 08:00:10 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/20/2015 07:50:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Mobile Partner. OUC%%1053
Error: (11/20/2015 07:50:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Mobile Partner. OUC
Error: (11/20/2015 07:50:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (11/20/2015 07:49:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 19.11.2015 um 18:38:01 unerwartet heruntergefahren.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 3065.9 MB
Verfügbarer physikalischer RAM: 1455.77 MB
Summe virtueller Speicher: 6332.06 MB
Verfügbarer virtueller Speicher: 4437.37 MB
==================== Laufwerke ================================
Drive c: (ACER) (Fixed) (Total:455.99 GB) (Free:215.87 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E7A19A5B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-20 12:57:51
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Patricia\AppData\Local\Temp\agtdapoc.sys
---- System - GMER 2.1 ----
SSDT 8E17DF96 ZwCreateSymbolicLinkObject
SSDT 8E17DF9B ZwLoadDriver
SSDT 8E17DF91 ZwOpenSection
SSDT 8E17DFA0 ZwSetSystemInformation
SSDT 8E17DF5F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 21D 836C28A0 4 Bytes [96, DF, 17, 8E]
.text ntkrnlpa.exe!KeSetEvent + 37D 836C2A00 4 Bytes [9B, DF, 17, 8E]
.text ntkrnlpa.exe!KeSetEvent + 3FD 836C2A80 4 Bytes [91, DF, 17, 8E]
.text ntkrnlpa.exe!KeSetEvent + 5DD 836C2C60 4 Bytes [A0, DF, 17, 8E]
.text ntkrnlpa.exe!KeSetEvent + 621 836C2CA4 4 Bytes [5F, DF, 17, 8E]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FE10000, 0x2C81C4, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!LdrLoadDll 77819358 5 Bytes JMP 6E13A8A8 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtCreateFile 778541C0 5 Bytes JMP 54C1B983 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtFlushBuffersFile 778546C0 5 Bytes JMP 54C1B6C3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtQueryFullAttributesFile 77854BF0 5 Bytes JMP 54C1B7F8 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtReadFile 77854E20 5 Bytes JMP 54C1B6FD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtReadFileScatter 77854E30 5 Bytes JMP 54FA2E91 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtWriteFile 77855430 5 Bytes JMP 54C1BB27 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] ntdll.dll!NtWriteFileGather 77855440 5 Bytes JMP 54FA2EE1 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] kernel32.dll!HeapSetInformation + 26 7692A9B8 7 Bytes JMP 54CEAFF1 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] kernel32.dll!LockResource + C 76946BD3 7 Bytes JMP 54F8B5A5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] kernel32.dll!VirtualAllocEx + 54 7694B030 7 Bytes JMP 54F8BFAC C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] USER32.dll!GetWindowInfo 7794428E 5 Bytes JMP 55A6AE81 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4192] GDI32.dll!Rectangle + AE 768B7C4F 7 Bytes JMP 54F8AF5D C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Patricia\Download\xb4s\korrektur.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Patricia\Download\xb4s\setupnettopro.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Patricia\Download\xb4s\Firstload-Setup.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Patricia\Download\xb4s\avira_free_antivirus_de.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Patricia\Download\xb4s\streamripper-windows-installer-1.64.6.exe 1
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich hoffe Ihr könnt mir und meinem "Rentner" helfen. Lieben Gruß und hoffentlich bis gleich Patricia |
| Themen zu Windows Vista 32 Bit stürzt ständig ab, Strg+Alt+Entf=Fehlermeldung, Maus aktiv |
| antivir, antivirus, avira, bildschirm, cpu, device driver, dnsapi.dll, e-mail, fehlermeldung, firefox, flash player, home, iexplore.exe, install.exe, installation, internet, maus, mozilla, realtek, registry, rundll, scan, services.exe, sicherheitsoptionen, software, svchost.exe, taskmanager, vista, windows |
Baum-Darstellung