Rootkit in syswow64

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
durchgeführt von Hans (Administrator) auf LAPTOP (24-12-2015 00:08:10)
Gestartet von C:\Users\Hans\Downloads
Geladene Profile: Hans & UpdatusUser (Verfügbare Profile: Hans & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Dropbox, Inc.) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Identive) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
(SCM Microsystems) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe
() C:\Windows\System32\DnsBlockUpdateSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [MyKey] => C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [3757416 2013-12-02] (Identive)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-22] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [Dropbox Update] => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f39-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f46-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f54-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {8decd099-7cbb-11e2-9583-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {a980f5b3-46e9-11e3-9545-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e64f-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e66c-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e693-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {c46076b6-471b-11e3-a3f5-002454e7f112} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2014-09-11]
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * 
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FB4F90BB-A333-4E59-B56C-DF8C6275CDC7}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338618843537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338618999537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338619155537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {9B68959E-CB34-4310-AEB9-29D97D4A2E71} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {F0B806F9-E7A4-4EEF-997A-DC5E27C7A74F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=FFB6CD93-1193-4B51-A555-CC45789B9BFB&apn_sauid=03538CF5-E558-421C-A409-41FD4C0FC506
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-22] (AVAST Software)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{7E01E4ED-0B55-4913-81E3-294590499695}\{49A7C928-0C4C-4194-BF4E-B02BAC3F933E}.bin [2015-12-23] (Download Protect)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-22] (AVAST Software)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{26E60582-0A89-4A5A-AAE4-4B8A7900329D}\{F9F9C990-FEDC-4343-B46E-4C910592E58E}.bin [2015-12-23] (Download Protect)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF SelectedSearchEngine: google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\user.js [2015-12-23]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\11-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\ask-search.xml [2014-04-20]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\englische-ergebnisse.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\gmx-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\google-avast.xml [2015-11-03]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\lastminute.xml [2014-06-05]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\mystartsearch.xml [2015-11-03]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\preisde.xml [2015-03-22]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\webde-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\wir-lieben-preisede.xml [2015-03-22]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\yahoo-avast.xml [2015-07-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{FACC66B7-E49F-49ed-997E-66A221FD956D}] - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox
FF Extension: MyKey Interface - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox [2014-09-11] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\extensions\deskCutv2@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}] - C:\windows\Installer\{A789F495-94D3-4A15-823A-B22492A93E97}\{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}.xpi
FF Extension: Download Protect - C:\windows\Installer\{A789F495-94D3-4A15-823A-B22492A93E97}\{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}.xpi [2015-12-23]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com" 
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR HKU\S-1-5-21-522234228-4192544273-3428825822-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-22]
StartMenuInternet: Google Chrome.KJOE5CON4YSEURCOUTJD6SBO2M - chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-22] (AVAST Software)
R2 DnsBlockUpdateSvc; C:\windows\system32\DnsBlockUpdateSvc.exe [151072 2015-11-03] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [Datei ist nicht signiert]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [495800 2015-11-02] (Sony Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-22] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2014-01-02] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-09-30] (EldoS Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-03] (Windows (R) 2003 DDK 3790 provider)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-05-30] (Identive)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
U3 uxldapow; \??\C:\Users\Hans\AppData\Local\Temp\uxldapow.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-24 00:08 - 2015-12-24 00:08 - 00025990 _____ C:\Users\Hans\Downloads\FRST.txt
2015-12-24 00:08 - 2015-12-24 00:08 - 00000000 ____D C:\FRST
2015-12-24 00:07 - 2015-12-24 00:07 - 02370560 _____ (Farbar) C:\Users\Hans\Downloads\FRST64.exe
2015-12-23 23:49 - 2015-12-23 23:49 - 00380416 _____ C:\Users\Hans\Downloads\Gmer-19357.exe
2015-12-23 15:30 - 2015-12-23 15:30 - 00000000 ____D C:\Program Files\{7E01E4ED-0B55-4913-81E3-294590499695}
2015-12-23 15:30 - 2015-12-23 15:30 - 00000000 ____D C:\Program Files (x86)\{26E60582-0A89-4A5A-AAE4-4B8A7900329D}
2015-12-23 14:19 - 2015-12-23 14:22 - 00010528 _____ C:\Users\Hans\Downloads\Hof_Frech_Jan_16.xlsx
2015-12-23 06:47 - 2015-12-23 06:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-23 06:47 - 2015-12-23 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-22 17:33 - 2015-12-23 21:23 - 00003042 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1450802017
2015-12-22 17:33 - 2015-12-22 17:33 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-12-22 17:33 - 2015-12-22 17:33 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-22 17:32 - 2015-12-22 20:36 - 00000000 ____D C:\Program Files\{EA4A7ED6-4E60-46E5-8087-B3774C49DF3E}
2015-12-22 17:25 - 2015-12-22 17:25 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-12-22 17:24 - 2015-12-22 17:24 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-12-22 17:24 - 2015-12-22 17:24 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-12-21 11:26 - 2015-12-21 11:26 - 00000000 ____D C:\Program Files\{F6648511-BC56-45B8-A5E9-F6918182648E}
2015-12-21 11:26 - 2015-12-21 11:26 - 00000000 ____D C:\Program Files (x86)\{D1230C96-3FDF-4B49-A76E-0C35A5326394}
2015-12-20 13:29 - 2015-12-20 13:29 - 00000000 ____D C:\Program Files (x86)\Babylon
2015-12-20 13:28 - 2015-12-20 13:28 - 00676720 _____ (Babylon Software Ltd.) C:\Users\Hans\Downloads\Babylon10_setup_ns.exe
2015-12-20 13:06 - 2015-12-23 06:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-11 15:56 - 2015-12-11 15:56 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 13:13 - 2015-12-10 13:13 - 00027770 _____ C:\Users\Hans\Downloads\PB_KAZ_KtoNr_0795121708_07-12-2015_1049.pdf
2015-12-10 02:17 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-10 02:17 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-10 02:17 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-10 02:17 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-10 02:17 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-10 02:17 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-10 02:17 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-10 02:17 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-10 02:16 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-10 02:16 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-10 02:16 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-10 02:16 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-10 02:16 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-10 02:16 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-10 02:16 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-10 02:16 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-10 02:16 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-10 02:16 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-10 02:16 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-10 02:16 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-10 02:16 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-10 02:16 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-10 02:16 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-10 02:16 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-10 02:16 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-10 02:16 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-10 02:16 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-10 02:16 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-10 02:16 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-10 02:16 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-10 02:16 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-10 02:16 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-10 02:16 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-10 02:16 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-10 02:16 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-10 02:16 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-10 02:16 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-10 02:16 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-10 02:16 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-10 02:16 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-10 02:16 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-10 02:16 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-10 02:16 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-10 02:16 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-10 02:16 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-10 02:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-10 02:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-10 02:16 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2015-12-10 02:16 - 2015-10-08 20:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2015-12-10 02:16 - 2015-10-08 19:52 - 00419928 _____ C:\windows\system32\locale.nls
2015-12-10 02:15 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-10 02:15 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-10 02:15 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-10 02:15 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-10 02:15 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-10 02:15 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-10 02:15 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-10 02:15 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-10 02:15 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-10 02:15 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-10 02:15 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-10 02:15 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-10 02:15 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-10 02:15 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-10 02:15 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-10 02:15 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-10 02:15 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-10 02:15 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-10 02:15 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-10 02:15 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-10 02:15 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-10 02:15 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-10 02:15 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-10 02:15 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-10 02:15 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-10 02:15 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-10 02:15 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-10 02:15 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-10 02:15 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-10 02:15 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-10 02:15 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-10 02:15 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-10 02:15 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-10 02:15 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-10 02:15 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-10 02:15 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-10 02:15 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-10 02:15 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-10 02:15 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-10 02:15 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-10 02:15 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-10 02:13 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-10 02:13 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-12-05 19:18 - 2015-12-05 19:18 - 02146312 _____ C:\Users\Hans\Downloads\22000-56_grind__brew_coffee_maker_ib_552-825.pdf
2015-12-03 13:49 - 2015-12-03 13:49 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2015-12-03 13:49 - 2015-12-03 13:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-28 20:37 - 2015-11-28 20:37 - 00070299 _____ C:\Users\Hans\Downloads\RG150232205871.pdf
2015-11-25 16:12 - 2015-11-25 16:13 - 00177179 _____ C:\Users\Hans\Downloads\Angebot_AN1534658.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-24 00:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-23 23:56 - 2015-06-16 14:25 - 00001220 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job
2015-12-23 23:31 - 2013-02-28 15:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-23 22:56 - 2009-07-14 05:45 - 00022752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-23 22:56 - 2009-07-14 05:45 - 00022752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 21:40 - 2015-06-16 14:25 - 00001168 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job
2015-12-23 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2015-12-23 15:33 - 2014-09-12 11:54 - 00000000 ___RD C:\Users\Hans\Documents\Dropbox
2015-12-23 15:32 - 2014-07-05 10:37 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Dropbox
2015-12-23 15:31 - 2012-07-07 14:56 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-12-23 15:30 - 2015-11-03 18:01 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-12-23 15:27 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-23 12:37 - 2011-06-18 19:11 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4AC904EB-88D0-40F8-9C3F-D3356DCC3A43}
2015-12-23 12:30 - 2009-07-14 06:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-12-23 06:48 - 2011-06-17 18:49 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype
2015-12-23 06:47 - 2012-09-06 02:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-23 06:46 - 2010-08-04 03:29 - 00000000 ____D C:\ProgramData\Skype
2015-12-22 17:26 - 2011-06-16 20:50 - 00451040 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2015-12-22 17:26 - 2011-06-16 20:50 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2015-12-22 17:25 - 2015-03-14 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-22 17:25 - 2014-04-23 20:43 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-12-22 17:25 - 2013-12-26 20:13 - 00155304 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-12-22 17:25 - 2013-02-28 16:39 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-12-22 17:25 - 2013-02-28 16:39 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-12-22 17:25 - 2012-03-19 14:55 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-12-22 17:25 - 2011-06-16 20:49 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-22 17:24 - 2015-03-14 16:58 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2015-12-22 17:24 - 2011-06-16 20:50 - 01055560 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-12-22 17:24 - 2011-06-16 20:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-21 11:23 - 2012-04-27 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-20 16:52 - 2015-02-23 18:21 - 00000000 ____D C:\Users\Hans\Documents\Weihnachten Grußkarten
2015-12-20 13:48 - 2015-07-12 17:54 - 00000000 ____D C:\Program Files\Babylon
2015-12-19 19:38 - 2015-07-27 17:02 - 00014187 _____ C:\Users\Hans\Documents\Benzinkosten CRV.xlsx
2015-12-19 06:38 - 2015-04-04 19:19 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-19 06:38 - 2015-04-04 19:19 - 00000000 ___SD C:\windows\system32\GWX
2015-12-11 16:35 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2015-12-10 08:20 - 2009-07-14 05:45 - 00427872 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-10 08:17 - 2012-05-11 08:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 08:17 - 2012-05-11 08:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 07:53 - 2011-06-16 21:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 07:49 - 2012-05-11 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 07:43 - 2013-08-15 07:43 - 00000000 ____D C:\windows\system32\MRT
2015-12-10 03:08 - 2011-06-16 22:47 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-10 01:48 - 2015-03-17 22:47 - 00000000 ____D C:\Users\Hans\AppData\Local\Skype
2015-12-09 04:39 - 2011-06-16 20:41 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-08 21:22 - 2013-02-28 15:47 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 21:22 - 2013-02-28 15:47 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 21:22 - 2011-06-16 21:45 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-26 18:12 - 2011-06-16 00:13 - 00000000 ____D C:\Users\Hans
2015-11-26 18:10 - 2015-10-31 13:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-12-21 09:01 - 2013-12-21 09:01 - 0000030 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG
2011-06-17 18:52 - 2011-06-17 18:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-06-16 00:15 - 2010-01-16 06:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-04 03:37 - 2010-08-04 03:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-08-04 03:35 - 2010-08-04 03:36 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-08-04 03:32 - 2010-08-04 03:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-04 03:36 - 2010-08-04 03:37 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-08-04 03:31 - 2010-08-04 03:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-08-04 03:33 - 2010-08-04 03:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-20 15:32

==================== Ende von FRST.txt ============================
         

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-12-2015
durchgeführt von Hans (2015-12-24 00:09:30)
Gestartet von C:\Users\Hans\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-15 23:13:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-522234228-4192544273-3428825822-500 - Administrator - Disabled)
Gast (S-1-5-21-522234228-4192544273-3428825822-501 - Limited - Enabled)
Hans (S-1-5-21-522234228-4192544273-3428825822-1000 - Administrator - Enabled) => C:\Users\Hans
HomeGroupUser$ (S-1-5-21-522234228-4192544273-3428825822-1253 - Limited - Enabled)
UpdatusUser (S-1-5-21-522234228-4192544273-3428825822-1254 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Avast Internet Security (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1001}) (Version: 12.16.1.1670 - APN, LLC)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
CHIPDRIVE MyKey (HKLM-x32\...\CHIPDRIVE MyKey_CDInst21) (Version:  - Identive)
Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ACHTUNG
DReport Viewer 4 (HKLM-x32\...\{811E4E77-05C8-422E-8077-B9A80BF15C68}) (Version: 4.00.0043 - DÖRR EDV-Beratung)
Dropbox (HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version:  - )
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.03.11020 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.0.03 - Sony Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.46.1990.144 (x32 Version: 1.46.1990.144 - Avast Software) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SCR3xxx Smart Card Reader (HKLM-x32\...\{37C4109C-F80B-4D3A-A8B3-1FA0618BFDBA}) (Version: 8.57 - Identive)
Sigel Label- und Barcode Software (HKLM-x32\...\Sigel Label- und Barcode Software) (Version:  - )
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version:  - Softwarenetz)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

26-11-2015 19:46:40 Avast Cleanup
28-11-2015 09:38:12 Avast Cleanup
28-11-2015 20:32:57 Avast Cleanup
28-11-2015 20:44:28 Windows Update
02-12-2015 08:15:22 Avast Cleanup
02-12-2015 20:44:17 Avast Cleanup
02-12-2015 20:55:45 Windows Update
05-12-2015 18:16:33 Avast Cleanup
06-12-2015 08:55:00 Avast Cleanup
06-12-2015 15:25:45 Windows Update
08-12-2015 21:22:40 Avast Cleanup
10-12-2015 02:36:37 Windows Update
10-12-2015 03:01:12 Windows Update
13-12-2015 19:19:29 Windows Update
13-12-2015 19:46:34 Avast Cleanup
14-12-2015 19:50:21 Avast Cleanup
15-12-2015 05:20:46 Avast Cleanup
15-12-2015 21:36:42 Avast Cleanup
17-12-2015 06:08:56 Windows Update
19-12-2015 06:35:53 Windows Update
19-12-2015 06:37:38 Avast Cleanup
19-12-2015 19:46:30 Avast Cleanup
21-12-2015 10:39:25 Avast Cleanup
22-12-2015 11:03:15 Windows Update
22-12-2015 17:26:46 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
23-12-2015 21:21:12 Avast Cleanup

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {069858DD-921D-498F-AB04-69391758E7D4} - System32\Tasks\{69993F70-2728-48FC-A3D1-2B84988B78CC} => pcalua.exe -a C:\Users\Hans\Downloads\WISOMeinGeldPro.exe -d C:\Users\Hans\Downloads
Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {0D7930B3-6A49-4D7D-9A63-9FF506D60576} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {187532B4-A586-4AFE-B656-10C74CB6164A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-22] (AVAST Software)
Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {2312CE41-3E02-491F-84F7-39724334A4A7} - System32\Tasks\SafeZone scheduled Autoupdate 1450802017 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-21] (Avast Software)
Task: {4C65F9A8-BFC7-498F-AB0B-C01C336DAAA0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {886F123B-D25A-4AEB-A115-32CE07A5D0F9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {88CB6344-90D7-473F-8B7F-6FDA32A04AEB} - System32\Tasks\{C83758FD-D099-41C3-AF3A-7837E460469A} => pcalua.exe -a C:\Users\Hans\Downloads\Sigel_Label_Barcode\Sigel_Label_Barcode.exe -d C:\Users\Hans\Downloads\Sigel_Label_Barcode
Task: {89769842-211C-42FC-AFF5-7A19A5054D6B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {8EE25771-606E-4AB4-B92C-B58E7B92D5BA} - System32\Tasks\{DDB14B00-0C0A-4E30-8664-00655C907F16} => C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [2013-12-02] (Identive)
Task: {9A8A9326-1E2B-4E8C-A1D2-B866FA0A85C4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {9D8651A2-298B-4CB3-81FE-2B1C7A9BD6E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {A18B1661-6189-4500-A3EC-BCC307994B64} - System32\Tasks\{E33FBC09-FD58-411A-8474-4D3FD8130D81} => pcalua.exe -a C:\Users\Hans\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {A8FD0358-5254-4117-BF84-36DF363A538F} - System32\Tasks\{9C480DBD-C6AD-4764-888A-4D756689E5EC} => pcalua.exe -a C:\Users\Hans\Downloads\wlsetup-web.exe -d C:\Users\Hans\Downloads
Task: {A9E72616-884E-4835-BD1B-A6230FDC5D2A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {AA0A902A-E288-4D36-B273-908CABD39194} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AD20D237-7C34-4F5E-882B-28CF62A99A7D} - System32\Tasks\{FE7AABDC-65F5-4543-AE8D-84BF39BC93B0} => pcalua.exe -a C:\Users\Hans\AppData\Local\Temp\Temp1_Sigel_Professional_Label(1).zip\Sigel_Professional_Label.exe
Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FAC1579F-FCEE-447D-9547-767ED09DB72A} - System32\Tasks\{0237ABB1-4425-4A9A-AF07-06A47FF07CAB} => pcalua.exe -a C:\Users\Hans\Downloads\epson377873eu.exe -d C:\Users\Hans\Downloads
Task: {FC9393C7-8D64-4B71-B649-70CD953B3A0C} - \DealPlyUpdate -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-09-09 16:11 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-17 17:24 - 2008-06-04 07:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2009-09-01 04:31 - 2009-09-01 04:31 - 00022016 _____ () C:\windows\System32\ssp2ml6.dll
2015-11-03 17:59 - 2015-11-03 18:01 - 00151072 _____ () C:\windows\system32\DnsBlockUpdateSvc.exe
2014-09-11 16:22 - 2013-03-08 08:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2010-08-04 03:27 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe
2015-12-22 17:24 - 2015-12-22 17:24 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-22 17:24 - 2015-12-22 17:24 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-23 12:34 - 2015-12-23 12:34 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122300\algo.dll
2015-12-22 17:24 - 2015-12-22 17:24 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-23 21:20 - 2015-12-23 21:20 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122302\algo.dll
2010-08-04 03:39 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2015-12-11 15:56 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 15:55 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 15:56 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 15:56 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 15:55 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 15:56 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 15:56 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 15:56 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 15:56 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 15:55 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 15:55 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-11 15:56 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-12-11 15:55 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-11 15:56 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-12-11 15:56 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-12-22 17:25 - 2015-12-22 17:25 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-22 17:33 - 2015-12-01 09:12 - 60742136 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.dll
2015-12-22 17:33 - 2015-12-01 09:12 - 01919480 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\libglesv2.dll
2015-12-22 17:33 - 2015-12-01 09:12 - 00081400 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\libegl.dll
2015-12-08 21:21 - 2015-12-08 21:21 - 17647296 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\windows\system32\DnsBlockUpdateSvc.exe:IID
AlternateDataStreams: C:\Users\Hans\Documents\Bilder RA Straub:com.dropbox.attributes

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F1C06C51-379A-4301-93B4-40EDE8E10C56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{A3278E63-97AB-4714-823D-1F17DAA2F2ED}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{C68843DA-AF1A-4A53-B9E3-424489A064CB}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{6BB63C6C-B35C-4072-868E-D7536A699E6D}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{5BA07D47-6BAA-4D8F-BC74-E74A31E4CC75}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{4EEFA51E-CFCE-4AB4-93F1-82E8BD153C40}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{614E6B8A-8265-43B4-B4FF-43FC1F7C884B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{4EB91C82-4AC8-48A3-981C-EEB36AE2839E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{70D81D79-2CB2-40F3-AD17-58D46E717806}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7E2EDA01-CADA-49AF-9472-F960F806BD82}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [UDP Query User{6D81C02C-6A9B-4401-AC00-599269E0C2C0}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [TCP Query User{16B0C971-331D-4A82-8F52-02DF5F516DAB}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [UDP Query User{0C0966E4-DD09-41EC-9F32-B34DC98AC5EE}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [{40EACEB4-D2EC-4090-A566-624D41F70924}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{07329A11-3AAA-4A0C-B9BE-10B342564943}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{5B91196D-41A2-4C38-B7DE-9362D6809FFC}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{6366165C-C50E-4B95-8263-81ECC670B084}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{554C9539-3F86-417F-8B7D-2FD268257B6C}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{695AE07E-C5FC-4ADC-AFD4-804CFB6738B4}] => (Allow) C:\Users\Hans\AppData\Local\Temp\EPSON SX235 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe
FirewallRules: [{4A420D02-EFE5-411B-9FBA-E38FBDD87D91}] => (Allow) C:\Users\Hans\AppData\Local\Temp\EPSON SX235 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe
FirewallRules: [{8495A371-01D0-4537-86B7-951D8F4AA584}] => (Allow) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{464D0807-DB2B-4511-AE01-4B9D9516F195}] => (Allow) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4BF36673-D381-4C9F-B699-22CCDAF2AE9F}] => (Allow) chrome.exe
FirewallRules: [{73967FFF-CCF9-4C88-BCA8-73F4268A18BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{07668923-ED88-4C5A-88E6-2ED5BF35DE23}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{D33EBF02-4FAC-4508-831D-A28839948DF4}C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{27A78594-DA0A-492B-81C3-E329F3BCEB2F}C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C68C2C0D-AC7F-4628-BB3C-C2B2D60E14C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FFECC67-0D1B-4B4D-BA5B-FAC57D413190}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DF405A78-E460-4C2E-B91D-72DEFF2A4D4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95EFCC0E-537A-483E-AC5B-669545847071}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{069379B9-6785-4545-A69E-5A421B27D6BB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{20A5E0D9-BA5A-4659-A41F-B44C09B663E8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1C7E774C-6FAE-4B20-B024-A3B6E4A1498D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{62FB722A-E926-4485-BE0C-B463D35CB5E8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3AC0571D-98AD-45F1-A2BD-ACD8E7B93C80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B604476-E8BC-4D30-8119-59D839D276F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61F1CC4F-F606-4887-8E80-2F9B40B96F8E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/23/2015 11:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f84

Startzeit: 01d13dd44a70b6ed

Endzeit: 8

Anwendungspfad: C:\Users\Hans\Downloads\Gmer-19357.exe

Berichts-ID: a3153f3e-a9c7-11e5-be81-002454e7f112

Error: (12/23/2015 09:19:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/23/2015 06:45:30 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion.

Error: (12/20/2015 12:54:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 42.0.0.5780, Zeitstempel: 0x5632d0a4
Name des fehlerhaften Moduls: mozglue.dll, Version: 42.0.0.5780, Zeitstempel: 0x5632ba58
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed50
ID des fehlerhaften Prozesses: 0x15d4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (12/17/2015 06:14:32 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion.

Error: (12/11/2015 04:29:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AitStatic.exe, Version: 10.0.10004.0, Zeitstempel: 0x54c65a8b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56259271
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000000b3dd
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xAitStatic.exe0
Pfad der fehlerhaften Anwendung: AitStatic.exe1
Pfad des fehlerhaften Moduls: AitStatic.exe2
Berichtskennung: AitStatic.exe3

Error: (12/11/2015 02:53:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SafeZoneBrowser.exe, Version: 38.0.2078.1, Zeitstempel: 0x53f612a6
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18952, Zeitstempel: 0x55c39c76
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f21e3
ID des fehlerhaften Prozesses: 0x1d74
Startzeit der fehlerhaften Anwendung: 0xSafeZoneBrowser.exe0
Pfad der fehlerhaften Anwendung: SafeZoneBrowser.exe1
Pfad des fehlerhaften Moduls: SafeZoneBrowser.exe2
Berichtskennung: SafeZoneBrowser.exe3

Error: (12/11/2015 02:48:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\AVAST Software\Avast\AvastSvc.exe Files\AVAST Software\Avast\AvastSvc.exe"; Beschreibung = Avast Cleanup; Fehler = 0x81000101).

Error: (12/11/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SafeZoneBrowser.exe, Version: 38.0.2078.1, Zeitstempel: 0x53f612a6
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18952, Zeitstempel: 0x55c39c76
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f21e3
ID des fehlerhaften Prozesses: 0x1ec0
Startzeit der fehlerhaften Anwendung: 0xSafeZoneBrowser.exe0
Pfad der fehlerhaften Anwendung: SafeZoneBrowser.exe1
Pfad des fehlerhaften Moduls: SafeZoneBrowser.exe2
Berichtskennung: SafeZoneBrowser.exe3

Error: (12/10/2015 11:46:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.


Systemfehler:
=============
Error: (12/23/2015 03:35:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/23/2015 03:33:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (12/23/2015 03:28:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (12/23/2015 03:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/23/2015 12:33:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/23/2015 12:30:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (12/23/2015 12:25:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (12/23/2015 12:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/23/2015 06:04:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/23/2015 05:57:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 3956.55 MB
Verfügbarer physikalischer RAM: 1663.09 MB
Summe virtueller Speicher: 7911.31 MB
Verfügbarer virtueller Speicher: 5341.68 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:112 GB) (Free:19.83 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:115.42 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8C0FBFDC)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-12-24 00:02:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Hans\AppData\Local\Temp\uxldapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\AVAST Software\Avast\afwServ.exe[1676] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter     0000000075758781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text   C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\SysWOW64\ntdll.dll!LdrAccessResource                    000000007762d284 5 bytes JMP 0000000100518940
.text   C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\SysWOW64\ntdll.dll!LdrFindResource_U                    000000007762d2a1 5 bytes JMP 00000001005188b0
.text   C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\syswow64\KERNELBASE.dll!LoadStringA                     0000000075264b54 5 bytes JMP 00000001005187c0
.text   C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\syswow64\KERNELBASE.dll!LoadStringW                     0000000075264bc1 5 bytes JMP 0000000100518850
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17      00000000769d1401 2 bytes JMP 7577b21b C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17        00000000769d1419 2 bytes JMP 7577b346 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17      00000000769d1431 2 bytes JMP 757f8fd1 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42      00000000769d144a 2 bytes CALL 7575489d C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                      * 9
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17         00000000769d14dd 2 bytes JMP 757f88c4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17  00000000769d14f5 2 bytes JMP 757f8aa0 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17         00000000769d150d 2 bytes JMP 757f87ba C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17  00000000769d1525 2 bytes JMP 757f8b8a C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17        00000000769d153d 2 bytes JMP 7576fca8 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17             00000000769d1555 2 bytes JMP 757768ef C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17      00000000769d156d 2 bytes JMP 757f9089 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17        00000000769d1585 2 bytes JMP 757f8bea C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17           00000000769d159d 2 bytes JMP 757f877e C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17        00000000769d15b5 2 bytes JMP 7576fd41 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17      00000000769d15cd 2 bytes JMP 7577b2dc C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20  00000000769d16b2 2 bytes JMP 757f8f4c C:\windows\syswow64\kernel32.dll
.text   C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31  00000000769d16bd 2 bytes JMP 757f8713 C:\windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4876:5336]                                                           000007fefb742af8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982                                              
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)                          

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----