![]() |
|
Log-Analyse und Auswertung: Rootkit in syswow64Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Rootkit in syswow64 Hey, AVAST hat einen Rootkit gefunden in der syswow64. Er heisst Win32:Rootki-gen [Rtk]. Anbei logs von GMER und FRST. Könntet ihr da mal drüber schauen, ob das eh alles ok ist? generic rootkit hört sich so an, als könnte das auch nur einfach eine falsch positive Meldung sein: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015 durchgeführt von Hans (Administrator) auf LAPTOP (24-12-2015 00:08:10) Gestartet von C:\Users\Hans\Downloads Geladene Profile: Hans & UpdatusUser (Verfügbare Profile: Hans & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe (Dropbox, Inc.) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Identive) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe (SCM Microsystems) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe () C:\Windows\System32\DnsBlockUpdateSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE () C:\Program Files (x86)\HDD Health\HDDHealthService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\SysWOW64\Rezip.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.exe (Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [MyKey] => C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [3757416 2013-12-02] (Identive) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-22] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [Dropbox Update] => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f39-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f46-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f54-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {8decd099-7cbb-11e2-9583-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {a980f5b3-46e9-11e3-9545-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e64f-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e66c-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e693-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {c46076b6-471b-11e3-a3f5-002454e7f112} - F:\AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-22] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2014-09-11] ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk /p \??\F:autocheck autochk * GroupPolicy: Beschränkung - Chrome <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FB4F90BB-A333-4E59-B56C-DF8C6275CDC7}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338618843537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338618999537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338619155537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6 HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms} SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {9B68959E-CB34-4310-AEB9-29D97D4A2E71} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {F0B806F9-E7A4-4EEF-997A-DC5E27C7A74F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=FFB6CD93-1193-4B51-A555-CC45789B9BFB&apn_sauid=03538CF5-E558-421C-A409-41FD4C0FC506 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-22] (AVAST Software) BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{7E01E4ED-0B55-4913-81E3-294590499695}\{49A7C928-0C4C-4194-BF4E-B02BAC3F933E}.bin [2015-12-23] (Download Protect) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-10-21] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-22] (AVAST Software) BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{26E60582-0A89-4A5A-AAE4-4B8A7900329D}\{F9F9C990-FEDC-4343-B46E-4C910592E58E}.bin [2015-12-23] (Download Protect) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default FF NewTab: about:newtab FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF SelectedSearchEngine: google FF Homepage: hxxp://www.google.de?hl=de&gl=de FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006 FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] () FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\user.js [2015-12-23] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\11-suche.xml [2014-06-06] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\ask-search.xml [2014-04-20] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\englische-ergebnisse.xml [2014-06-06] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\gmx-suche.xml [2014-06-06] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\google-avast.xml [2015-11-03] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\lastminute.xml [2014-06-05] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\mystartsearch.xml [2015-11-03] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\preisde.xml [2015-03-22] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\webde-suche.xml [2014-06-06] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\wir-lieben-preisede.xml [2015-03-22] FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\yahoo-avast.xml [2015-07-18] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-22] FF HKLM-x32\...\Firefox\Extensions: [{FACC66B7-E49F-49ed-997E-66A221FD956D}] - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox FF Extension: MyKey Interface - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox [2014-09-11] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\extensions\deskCutv2@gmail.com => nicht gefunden FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-22] FF HKLM-x32\...\Firefox\Extensions: [{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}] - C:\windows\Installer\{A789F495-94D3-4A15-823A-B22492A93E97}\{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}.xpi FF Extension: Download Protect - C:\windows\Installer\{A789F495-94D3-4A15-823A-B22492A93E97}\{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}.xpi [2015-12-23] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Keine Datei CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-13] CHR Extension: (Google Wallet) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13] CHR HKU\S-1-5-21-522234228-4192544273-3428825822-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - <kein Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - <kein Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-22] StartMenuInternet: Google Chrome.KJOE5CON4YSEURCOUTJD6SBO2M - chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-22] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-22] (AVAST Software) R2 DnsBlockUpdateSvc; C:\windows\system32\DnsBlockUpdateSvc.exe [151072 2015-11-03] () R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [Datei ist nicht signiert] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [495800 2015-11-02] (Sony Corporation) R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert] S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-22] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-22] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-22] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-22] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2014-01-02] (EldoS Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-09-30] (EldoS Corporation) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-03] (Windows (R) 2003 DDK 3790 provider) S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-05-30] (Identive) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] U3 uxldapow; \??\C:\Users\Hans\AppData\Local\Temp\uxldapow.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-24 00:08 - 2015-12-24 00:08 - 00025990 _____ C:\Users\Hans\Downloads\FRST.txt 2015-12-24 00:08 - 2015-12-24 00:08 - 00000000 ____D C:\FRST 2015-12-24 00:07 - 2015-12-24 00:07 - 02370560 _____ (Farbar) C:\Users\Hans\Downloads\FRST64.exe 2015-12-23 23:49 - 2015-12-23 23:49 - 00380416 _____ C:\Users\Hans\Downloads\Gmer-19357.exe 2015-12-23 15:30 - 2015-12-23 15:30 - 00000000 ____D C:\Program Files\{7E01E4ED-0B55-4913-81E3-294590499695} 2015-12-23 15:30 - 2015-12-23 15:30 - 00000000 ____D C:\Program Files (x86)\{26E60582-0A89-4A5A-AAE4-4B8A7900329D} 2015-12-23 14:19 - 2015-12-23 14:22 - 00010528 _____ C:\Users\Hans\Downloads\Hof_Frech_Jan_16.xlsx 2015-12-23 06:47 - 2015-12-23 06:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-23 06:47 - 2015-12-23 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-22 17:33 - 2015-12-23 21:23 - 00003042 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1450802017 2015-12-22 17:33 - 2015-12-22 17:33 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2015-12-22 17:33 - 2015-12-22 17:33 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2015-12-22 17:32 - 2015-12-22 20:36 - 00000000 ____D C:\Program Files\{EA4A7ED6-4E60-46E5-8087-B3774C49DF3E} 2015-12-22 17:25 - 2015-12-22 17:25 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2015-12-22 17:24 - 2015-12-22 17:24 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys 2015-12-22 17:24 - 2015-12-22 17:24 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr 2015-12-21 11:26 - 2015-12-21 11:26 - 00000000 ____D C:\Program Files\{F6648511-BC56-45B8-A5E9-F6918182648E} 2015-12-21 11:26 - 2015-12-21 11:26 - 00000000 ____D C:\Program Files (x86)\{D1230C96-3FDF-4B49-A76E-0C35A5326394} 2015-12-20 13:29 - 2015-12-20 13:29 - 00000000 ____D C:\Program Files (x86)\Babylon 2015-12-20 13:28 - 2015-12-20 13:28 - 00676720 _____ (Babylon Software Ltd.) C:\Users\Hans\Downloads\Babylon10_setup_ns.exe 2015-12-20 13:06 - 2015-12-23 06:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-11 15:56 - 2015-12-11 15:56 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-10 13:13 - 2015-12-10 13:13 - 00027770 _____ C:\Users\Hans\Downloads\PB_KAZ_KtoNr_0795121708_07-12-2015_1049.pdf 2015-12-10 02:17 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-12-10 02:17 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-12-10 02:17 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-12-10 02:17 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2015-12-10 02:17 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2015-12-10 02:17 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2015-12-10 02:17 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2015-12-10 02:17 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2015-12-10 02:17 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2015-12-10 02:17 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-12-10 02:17 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2015-12-10 02:17 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2015-12-10 02:17 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2015-12-10 02:16 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-12-10 02:16 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll 2015-12-10 02:16 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll 2015-12-10 02:16 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll 2015-12-10 02:16 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll 2015-12-10 02:16 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-12-10 02:16 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-12-10 02:16 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-12-10 02:16 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-12-10 02:16 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-12-10 02:16 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll 2015-12-10 02:16 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2015-12-10 02:16 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll 2015-12-10 02:16 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-12-10 02:16 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-12-10 02:16 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-12-10 02:16 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-12-10 02:16 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-12-10 02:16 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-12-10 02:16 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-12-10 02:16 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-10 02:16 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2015-12-10 02:16 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-12-10 02:16 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-12-10 02:16 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-12-10 02:16 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-12-10 02:16 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-12-10 02:16 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-12-10 02:16 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-12-10 02:16 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-12-10 02:16 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-12-10 02:16 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2015-12-10 02:16 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-12-10 02:16 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll 2015-12-10 02:16 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll 2015-12-10 02:16 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys 2015-12-10 02:16 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll 2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL 2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll 2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL 2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL 2015-12-10 02:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll 2015-12-10 02:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL 2015-12-10 02:16 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll 2015-12-10 02:16 - 2015-10-08 20:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls 2015-12-10 02:16 - 2015-10-08 19:52 - 00419928 _____ C:\windows\system32\locale.nls 2015-12-10 02:15 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-12-10 02:15 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-12-10 02:15 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-12-10 02:15 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-12-10 02:15 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-12-10 02:15 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-12-10 02:15 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-12-10 02:15 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-12-10 02:15 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-12-10 02:15 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-12-10 02:15 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-12-10 02:15 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-12-10 02:15 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-12-10 02:15 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-12-10 02:15 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2015-12-10 02:15 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-12-10 02:15 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-12-10 02:15 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-12-10 02:15 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-12-10 02:15 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-12-10 02:15 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-12-10 02:15 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-12-10 02:15 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-12-10 02:15 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-12-10 02:15 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-12-10 02:15 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-12-10 02:15 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-12-10 02:15 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-12-10 02:15 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-12-10 02:15 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-12-10 02:15 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-12-10 02:15 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-12-10 02:15 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-12-10 02:15 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2015-12-10 02:15 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-12-10 02:15 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-12-10 02:15 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-12-10 02:15 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-12-10 02:15 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-12-10 02:15 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-12-10 02:15 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-12-10 02:13 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll 2015-12-10 02:13 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll 2015-12-05 19:18 - 2015-12-05 19:18 - 02146312 _____ C:\Users\Hans\Downloads\22000-56_grind__brew_coffee_maker_ib_552-825.pdf 2015-12-03 13:49 - 2015-12-03 13:49 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software 2015-12-03 13:49 - 2015-12-03 13:49 - 00000000 ____D C:\Program Files\Common Files\AV 2015-11-28 20:37 - 2015-11-28 20:37 - 00070299 _____ C:\Users\Hans\Downloads\RG150232205871.pdf 2015-11-25 16:12 - 2015-11-25 16:13 - 00177179 _____ C:\Users\Hans\Downloads\Angebot_AN1534658.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-24 00:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-23 23:56 - 2015-06-16 14:25 - 00001220 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job 2015-12-23 23:31 - 2013-02-28 15:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-12-23 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF 2015-12-23 22:56 - 2009-07-14 05:45 - 00022752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-23 22:56 - 2009-07-14 05:45 - 00022752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-23 21:40 - 2015-06-16 14:25 - 00001168 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job 2015-12-23 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2015-12-23 15:33 - 2014-09-12 11:54 - 00000000 ___RD C:\Users\Hans\Documents\Dropbox 2015-12-23 15:32 - 2014-07-05 10:37 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Dropbox 2015-12-23 15:31 - 2012-07-07 14:56 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2015-12-23 15:30 - 2015-11-03 18:01 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-12-23 15:27 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-12-23 12:37 - 2011-06-18 19:11 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4AC904EB-88D0-40F8-9C3F-D3356DCC3A43} 2015-12-23 12:30 - 2009-07-14 06:32 - 00000000 ____D C:\windows\system32\FxsTmp 2015-12-23 06:48 - 2011-06-17 18:49 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype 2015-12-23 06:47 - 2012-09-06 02:01 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-23 06:46 - 2010-08-04 03:29 - 00000000 ____D C:\ProgramData\Skype 2015-12-22 17:26 - 2011-06-16 20:50 - 00451040 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2015-12-22 17:26 - 2011-06-16 20:50 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys 2015-12-22 17:25 - 2015-03-14 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-12-22 17:25 - 2014-04-23 20:43 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys 2015-12-22 17:25 - 2013-12-26 20:13 - 00155304 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2015-12-22 17:25 - 2013-02-28 16:39 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys 2015-12-22 17:25 - 2013-02-28 16:39 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys 2015-12-22 17:25 - 2012-03-19 14:55 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2015-12-22 17:25 - 2011-06-16 20:49 - 00000000 ____D C:\ProgramData\AVAST Software 2015-12-22 17:24 - 2015-03-14 16:58 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2015-12-22 17:24 - 2011-06-16 20:50 - 01055560 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2015-12-22 17:24 - 2011-06-16 20:49 - 00000000 ____D C:\Program Files\AVAST Software 2015-12-21 11:23 - 2012-04-27 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-20 16:52 - 2015-02-23 18:21 - 00000000 ____D C:\Users\Hans\Documents\Weihnachten Grußkarten 2015-12-20 13:48 - 2015-07-12 17:54 - 00000000 ____D C:\Program Files\Babylon 2015-12-19 19:38 - 2015-07-27 17:02 - 00014187 _____ C:\Users\Hans\Documents\Benzinkosten CRV.xlsx 2015-12-19 06:38 - 2015-04-04 19:19 - 00000000 ___SD C:\windows\SysWOW64\GWX 2015-12-19 06:38 - 2015-04-04 19:19 - 00000000 ___SD C:\windows\system32\GWX 2015-12-11 16:35 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2015-12-10 08:20 - 2009-07-14 05:45 - 00427872 _____ C:\windows\system32\FNTCACHE.DAT 2015-12-10 08:17 - 2012-05-11 08:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-10 08:17 - 2012-05-11 08:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-10 07:53 - 2011-06-16 21:14 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 07:49 - 2012-05-11 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-10 07:43 - 2013-08-15 07:43 - 00000000 ____D C:\windows\system32\MRT 2015-12-10 03:08 - 2011-06-16 22:47 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-12-10 01:48 - 2015-03-17 22:47 - 00000000 ____D C:\Users\Hans\AppData\Local\Skype 2015-12-09 04:39 - 2011-06-16 20:41 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-12-08 21:22 - 2013-02-28 15:47 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-12-08 21:22 - 2013-02-28 15:47 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-12-08 21:22 - 2011-06-16 21:45 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-26 18:12 - 2011-06-16 00:13 - 00000000 ____D C:\Users\Hans 2015-11-26 18:10 - 2015-10-31 13:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-12-21 09:01 - 2013-12-21 09:01 - 0000030 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG 2011-06-17 18:52 - 2011-06-17 18:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-06-16 00:15 - 2010-01-16 06:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-08-04 03:37 - 2010-08-04 03:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-08-04 03:35 - 2010-08-04 03:36 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2010-08-04 03:32 - 2010-08-04 03:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-08-04 03:36 - 2010-08-04 03:37 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2010-08-04 03:31 - 2010-08-04 03:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-08-04 03:33 - 2010-08-04 03:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\windows\system32\winlogon.exe => Datei ist digital signiert C:\windows\system32\wininit.exe => Datei ist digital signiert C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\windows\explorer.exe => Datei ist digital signiert C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\windows\system32\svchost.exe => Datei ist digital signiert C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\windows\system32\services.exe => Datei ist digital signiert C:\windows\system32\User32.dll => Datei ist digital signiert C:\windows\SysWOW64\User32.dll => Datei ist digital signiert C:\windows\system32\userinit.exe => Datei ist digital signiert C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\windows\system32\rpcss.dll => Datei ist digital signiert C:\windows\system32\dnsapi.dll => Datei ist digital signiert C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-20 15:32 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-12-2015 durchgeführt von Hans (2015-12-24 00:09:30) Gestartet von C:\Users\Hans\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-06-15 23:13:07) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-522234228-4192544273-3428825822-500 - Administrator - Disabled) Gast (S-1-5-21-522234228-4192544273-3428825822-501 - Limited - Enabled) Hans (S-1-5-21-522234228-4192544273-3428825822-1000 - Administrator - Enabled) => C:\Users\Hans HomeGroupUser$ (S-1-5-21-522234228-4192544273-3428825822-1253 - Limited - Enabled) UpdatusUser (S-1-5-21-522234228-4192544273-3428825822-1254 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros) Avast Internet Security (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software) Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery) Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1001}) (Version: 12.16.1.1670 - APN, LLC) BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung) CHIPDRIVE MyKey (HKLM-x32\...\CHIPDRIVE MyKey_CDInst21) (Version: - Identive) Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.) CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.) CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.) DealPly (HKU\.DEFAULT\...\DealPly) (Version: - ) <==== ACHTUNG DReport Viewer 4 (HKLM-x32\...\{811E4E77-05C8-422E-8077-B9A80BF15C68}) (Version: 4.00.0043 - DÖRR EDV-Beratung) Dropbox (HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen) Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - ) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell) MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.03.11020 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 10.0.03 - Sony Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.) SafeZone Stable 1.46.1990.144 (x32 Version: 1.46.1990.144 - Avast Software) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung) Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SCR3xxx Smart Card Reader (HKLM-x32\...\{37C4109C-F80B-4D3A-A8B3-1FA0618BFDBA}) (Version: 8.57 - Identive) Sigel Label- und Barcode Software (HKLM-x32\...\Sigel Label- und Barcode Software) (Version: - ) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version: - Softwarenetz) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) ==================== Wiederherstellungspunkte ========================= 26-11-2015 19:46:40 Avast Cleanup 28-11-2015 09:38:12 Avast Cleanup 28-11-2015 20:32:57 Avast Cleanup 28-11-2015 20:44:28 Windows Update 02-12-2015 08:15:22 Avast Cleanup 02-12-2015 20:44:17 Avast Cleanup 02-12-2015 20:55:45 Windows Update 05-12-2015 18:16:33 Avast Cleanup 06-12-2015 08:55:00 Avast Cleanup 06-12-2015 15:25:45 Windows Update 08-12-2015 21:22:40 Avast Cleanup 10-12-2015 02:36:37 Windows Update 10-12-2015 03:01:12 Windows Update 13-12-2015 19:19:29 Windows Update 13-12-2015 19:46:34 Avast Cleanup 14-12-2015 19:50:21 Avast Cleanup 15-12-2015 05:20:46 Avast Cleanup 15-12-2015 21:36:42 Avast Cleanup 17-12-2015 06:08:56 Windows Update 19-12-2015 06:35:53 Windows Update 19-12-2015 06:37:38 Avast Cleanup 19-12-2015 19:46:30 Avast Cleanup 21-12-2015 10:39:25 Avast Cleanup 22-12-2015 11:03:15 Windows Update 22-12-2015 17:26:46 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst 23-12-2015 21:21:12 Avast Cleanup ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {069858DD-921D-498F-AB04-69391758E7D4} - System32\Tasks\{69993F70-2728-48FC-A3D1-2B84988B78CC} => pcalua.exe -a C:\Users\Hans\Downloads\WISOMeinGeldPro.exe -d C:\Users\Hans\Downloads Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.) Task: {0D7930B3-6A49-4D7D-9A63-9FF506D60576} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {187532B4-A586-4AFE-B656-10C74CB6164A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-22] (AVAST Software) Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.) Task: {2312CE41-3E02-491F-84F7-39724334A4A7} - System32\Tasks\SafeZone scheduled Autoupdate 1450802017 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-21] (Avast Software) Task: {4C65F9A8-BFC7-498F-AB0B-C01C336DAAA0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {886F123B-D25A-4AEB-A115-32CE07A5D0F9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.) Task: {88CB6344-90D7-473F-8B7F-6FDA32A04AEB} - System32\Tasks\{C83758FD-D099-41C3-AF3A-7837E460469A} => pcalua.exe -a C:\Users\Hans\Downloads\Sigel_Label_Barcode\Sigel_Label_Barcode.exe -d C:\Users\Hans\Downloads\Sigel_Label_Barcode Task: {89769842-211C-42FC-AFF5-7A19A5054D6B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {8EE25771-606E-4AB4-B92C-B58E7B92D5BA} - System32\Tasks\{DDB14B00-0C0A-4E30-8664-00655C907F16} => C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [2013-12-02] (Identive) Task: {9A8A9326-1E2B-4E8C-A1D2-B866FA0A85C4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated) Task: {9D8651A2-298B-4CB3-81FE-2B1C7A9BD6E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software) Task: {A18B1661-6189-4500-A3EC-BCC307994B64} - System32\Tasks\{E33FBC09-FD58-411A-8474-4D3FD8130D81} => pcalua.exe -a C:\Users\Hans\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1 Task: {A8FD0358-5254-4117-BF84-36DF363A538F} - System32\Tasks\{9C480DBD-C6AD-4764-888A-4D756689E5EC} => pcalua.exe -a C:\Users\Hans\Downloads\wlsetup-web.exe -d C:\Users\Hans\Downloads Task: {A9E72616-884E-4835-BD1B-A6230FDC5D2A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {AA0A902A-E288-4D36-B273-908CABD39194} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {AD20D237-7C34-4F5E-882B-28CF62A99A7D} - System32\Tasks\{FE7AABDC-65F5-4543-AE8D-84BF39BC93B0} => pcalua.exe -a C:\Users\Hans\AppData\Local\Temp\Temp1_Sigel_Professional_Label(1).zip\Sigel_Professional_Label.exe Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.) Task: {FAC1579F-FCEE-447D-9547-767ED09DB72A} - System32\Tasks\{0237ABB1-4425-4A9A-AF07-06A47FF07CAB} => pcalua.exe -a C:\Users\Hans\Downloads\epson377873eu.exe -d C:\Users\Hans\Downloads Task: {FC9393C7-8D64-4B71-B649-70CD953B3A0C} - \DealPlyUpdate -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-09-09 16:11 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-06-17 17:24 - 2008-06-04 07:53 - 00027648 _____ () C:\windows\System32\spd__l.dll 2009-09-01 04:31 - 2009-09-01 04:31 - 00022016 _____ () C:\windows\System32\ssp2ml6.dll 2015-11-03 17:59 - 2015-11-03 18:01 - 00151072 _____ () C:\windows\system32\DnsBlockUpdateSvc.exe 2014-09-11 16:22 - 2013-03-08 08:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe 2010-08-04 03:27 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe 2015-12-22 17:24 - 2015-12-22 17:24 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-22 17:24 - 2015-12-22 17:24 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-12-23 12:34 - 2015-12-23 12:34 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122300\algo.dll 2015-12-22 17:24 - 2015-12-22 17:24 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-12-23 21:20 - 2015-12-23 21:20 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122302\algo.dll 2010-08-04 03:39 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2015-12-11 15:56 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2015-12-11 15:55 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd 2015-12-11 15:55 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-11 15:56 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-11 15:56 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-11 15:56 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32api.pyd 2015-12-11 15:55 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-11 15:56 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-11 15:56 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-11 15:56 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-11 15:56 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\fastpath.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-11 15:55 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-11 15:56 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32file.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32ts.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32service.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2015-12-11 15:55 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\librsync.dll 2015-12-11 15:56 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32profile.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2015-12-11 15:56 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-11 15:56 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2015-12-11 15:55 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2015-12-11 15:55 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2015-12-11 15:55 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-11 15:56 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\sip.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-11 15:56 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2015-12-11 15:55 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-12-11 15:56 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-12-11 15:55 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-12-11 15:56 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-12-11 15:56 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-12-22 17:25 - 2015-12-22 17:25 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-12-22 17:33 - 2015-12-01 09:12 - 60742136 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.dll 2015-12-22 17:33 - 2015-12-01 09:12 - 01919480 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\libglesv2.dll 2015-12-22 17:33 - 2015-12-01 09:12 - 00081400 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\libegl.dll 2015-12-08 21:21 - 2015-12-08 21:21 - 17647296 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\windows\system32\DnsBlockUpdateSvc.exe:IID AlternateDataStreams: C:\Users\Hans\Documents\Bilder RA Straub:com.dropbox.attributes ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: APNMCP => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{F1C06C51-379A-4301-93B4-40EDE8E10C56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE FirewallRules: [{A3278E63-97AB-4714-823D-1F17DAA2F2ED}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{C68843DA-AF1A-4A53-B9E3-424489A064CB}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{6BB63C6C-B35C-4072-868E-D7536A699E6D}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{5BA07D47-6BAA-4D8F-BC74-E74A31E4CC75}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [TCP Query User{4EEFA51E-CFCE-4AB4-93F1-82E8BD153C40}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{614E6B8A-8265-43B4-B4FF-43FC1F7C884B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{4EB91C82-4AC8-48A3-981C-EEB36AE2839E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{70D81D79-2CB2-40F3-AD17-58D46E717806}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{7E2EDA01-CADA-49AF-9472-F960F806BD82}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe FirewallRules: [UDP Query User{6D81C02C-6A9B-4401-AC00-599269E0C2C0}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe FirewallRules: [TCP Query User{16B0C971-331D-4A82-8F52-02DF5F516DAB}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe FirewallRules: [UDP Query User{0C0966E4-DD09-41EC-9F32-B34DC98AC5EE}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe FirewallRules: [{40EACEB4-D2EC-4090-A566-624D41F70924}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{07329A11-3AAA-4A0C-B9BE-10B342564943}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{5B91196D-41A2-4C38-B7DE-9362D6809FFC}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [{6366165C-C50E-4B95-8263-81ECC670B084}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{554C9539-3F86-417F-8B7D-2FD268257B6C}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{695AE07E-C5FC-4ADC-AFD4-804CFB6738B4}] => (Allow) C:\Users\Hans\AppData\Local\Temp\EPSON SX235 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe FirewallRules: [{4A420D02-EFE5-411B-9FBA-E38FBDD87D91}] => (Allow) C:\Users\Hans\AppData\Local\Temp\EPSON SX235 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe FirewallRules: [{8495A371-01D0-4537-86B7-951D8F4AA584}] => (Allow) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{464D0807-DB2B-4511-AE01-4B9D9516F195}] => (Allow) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4BF36673-D381-4C9F-B699-22CCDAF2AE9F}] => (Allow) chrome.exe FirewallRules: [{73967FFF-CCF9-4C88-BCA8-73F4268A18BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{07668923-ED88-4C5A-88E6-2ED5BF35DE23}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [TCP Query User{D33EBF02-4FAC-4508-831D-A28839948DF4}C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{27A78594-DA0A-492B-81C3-E329F3BCEB2F}C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{C68C2C0D-AC7F-4628-BB3C-C2B2D60E14C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6FFECC67-0D1B-4B4D-BA5B-FAC57D413190}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{DF405A78-E460-4C2E-B91D-72DEFF2A4D4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{95EFCC0E-537A-483E-AC5B-669545847071}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{069379B9-6785-4545-A69E-5A421B27D6BB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{20A5E0D9-BA5A-4659-A41F-B44C09B663E8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{1C7E774C-6FAE-4B20-B024-A3B6E4A1498D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{62FB722A-E926-4485-BE0C-B463D35CB5E8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3AC0571D-98AD-45F1-A2BD-ACD8E7B93C80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6B604476-E8BC-4D30-8119-59D839D276F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{61F1CC4F-F606-4887-8E80-2F9B40B96F8E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/23/2015 11:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1f84 Startzeit: 01d13dd44a70b6ed Endzeit: 8 Anwendungspfad: C:\Users\Hans\Downloads\Gmer-19357.exe Berichts-ID: a3153f3e-a9c7-11e5-be81-002454e7f112 Error: (12/23/2015 09:19:03 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1". Die abhängige Assemblierung "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (12/23/2015 06:45:30 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT) Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion. Error: (12/20/2015 12:54:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 42.0.0.5780, Zeitstempel: 0x5632d0a4 Name des fehlerhaften Moduls: mozglue.dll, Version: 42.0.0.5780, Zeitstempel: 0x5632ba58 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000ed50 ID des fehlerhaften Prozesses: 0x15d4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (12/17/2015 06:14:32 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT) Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion. Error: (12/11/2015 04:29:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AitStatic.exe, Version: 10.0.10004.0, Zeitstempel: 0x54c65a8b Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56259271 Ausnahmecode: 0xc000000d Fehleroffset: 0x000000000000b3dd ID des fehlerhaften Prozesses: 0x18dc Startzeit der fehlerhaften Anwendung: 0xAitStatic.exe0 Pfad der fehlerhaften Anwendung: AitStatic.exe1 Pfad des fehlerhaften Moduls: AitStatic.exe2 Berichtskennung: AitStatic.exe3 Error: (12/11/2015 02:53:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SafeZoneBrowser.exe, Version: 38.0.2078.1, Zeitstempel: 0x53f612a6 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18952, Zeitstempel: 0x55c39c76 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001f21e3 ID des fehlerhaften Prozesses: 0x1d74 Startzeit der fehlerhaften Anwendung: 0xSafeZoneBrowser.exe0 Pfad der fehlerhaften Anwendung: SafeZoneBrowser.exe1 Pfad des fehlerhaften Moduls: SafeZoneBrowser.exe2 Berichtskennung: SafeZoneBrowser.exe3 Error: (12/11/2015 02:48:41 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\AVAST Software\Avast\AvastSvc.exe Files\AVAST Software\Avast\AvastSvc.exe"; Beschreibung = Avast Cleanup; Fehler = 0x81000101). Error: (12/11/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SafeZoneBrowser.exe, Version: 38.0.2078.1, Zeitstempel: 0x53f612a6 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18952, Zeitstempel: 0x55c39c76 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001f21e3 ID des fehlerhaften Prozesses: 0x1ec0 Startzeit der fehlerhaften Anwendung: 0xSafeZoneBrowser.exe0 Pfad der fehlerhaften Anwendung: SafeZoneBrowser.exe1 Pfad des fehlerhaften Moduls: SafeZoneBrowser.exe2 Berichtskennung: SafeZoneBrowser.exe3 Error: (12/10/2015 11:46:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Systemfehler: ============= Error: (12/23/2015 03:35:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (12/23/2015 03:33:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error: (12/23/2015 03:28:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (12/23/2015 03:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/23/2015 12:33:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (12/23/2015 12:30:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error: (12/23/2015 12:25:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (12/23/2015 12:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/23/2015 06:04:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (12/23/2015 05:57:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Prozentuale Nutzung des RAM: 57% Installierter physikalischer RAM: 3956.55 MB Verfügbarer physikalischer RAM: 1663.09 MB Summe virtueller Speicher: 7911.31 MB Verfügbarer virtueller Speicher: 5341.68 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:112 GB) (Free:19.83 GB) NTFS Drive d: () (Fixed) (Total:165.99 GB) (Free:115.42 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 8C0FBFDC) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended) ==================== Ende von Addition.txt ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-12-24 00:02:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\Hans\AppData\Local\Temp\uxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1676] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075758781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\SysWOW64\ntdll.dll!LdrAccessResource 000000007762d284 5 bytes JMP 0000000100518940 .text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\SysWOW64\ntdll.dll!LdrFindResource_U 000000007762d2a1 5 bytes JMP 00000001005188b0 .text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\syswow64\KERNELBASE.dll!LoadStringA 0000000075264b54 5 bytes JMP 00000001005187c0 .text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\syswow64\KERNELBASE.dll!LoadStringW 0000000075264bc1 5 bytes JMP 0000000100518850 .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 7577b21b C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 7577b346 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 757f8fd1 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 7575489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 757f88c4 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 757f8aa0 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 757f87ba C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 757f8b8a C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 7576fca8 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000769d1555 2 bytes JMP 757768ef C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 757f9089 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 757f8bea C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 757f877e C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 7576fd41 C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 7577b2dc C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 757f8f4c C:\windows\syswow64\kernel32.dll .text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 757f8713 C:\windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4876:5336] 000007fefb742af8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
Themen zu Rootkit in syswow64 |
antivirus, defender, desktop, device driver, dnsapi.dll, downloadprotect, excel, firefox, flash player, google, home, homepage, installation, mozilla, onedrive, port, prozesse, realtek, registry, rootkit, scan, security, services.exe, software, starten, svchost.exe, system, udp, windows |