| |
| |||||||
Log-Analyse und Auswertung: IRCBot Virut wohl auf einem meiner Computer, informierte mich die T-ComWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.08.2016, 19:44
| #1 |
 |  IRCBot Virut wohl auf einem meiner Computer, informierte mich die T-Com Hallo zusammen, habe nun den zweiten Brief von der T Com bekommen, das bei mir wohl ein Virus/Tjojaner am Werk ist. Nach Rückruf wurde mir der Name IRCBOT VIRUT genannt. Wie bekomme ich da Ding jetzt wieder weg  Ich habe auch schon eine FRST.txt erstllt.....  VIELEN lieben DANK für Eure HIlfe FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2016 01
durchgeführt von Ck (Administrator) auf CK-PC (11-08-2016 20:28:16)
Gestartet von C:\Users\Ck\Desktop
Geladene Profile: Ck (Verfügbare Profile: Ck)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(AVM GmbH) C:\Program Files\FRITZ!Powerline\PowerlineService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files\PC Beschleunigen\PCSUService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(cyberlink) C:\Program Files\Cyberlink\Shared files\brs.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
() C:\Program Files\Winamp\winampa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Dropbox, Inc.) C:\Users\Ck\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-07-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Babylon Client] => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [3460760 2012-07-30] (Babylon Ltd.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-03-30] (cyberlink)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM\...\Run: [SearchSettings] => C:\Program Files\pdfforge Toolbar\SearchSettings.exe
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2006-09-28] (SlySoft, Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2745544 2016-01-09] (Dominik Reichl)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20] (Logitech, Inc.)
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2014-01-23] (Samsung Electronics)
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Run: [Dropbox Update] => C:\Users\Ck\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.)
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\MountPoints2: {1284c770-c9ed-11e2-9b24-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\LIESMICH.htm
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\MountPoints2: {59f93d6c-02b1-11e3-a5d9-00242178ad0f} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\MountPoints2: {5f1d01bd-90f0-11e3-99cf-00242178ad0f} - K:\DTVP_Launcher.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ck\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ck\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ck\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-08-25]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ck\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-11-27]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49315;https=127.0.0.1:49315
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:49315;https=127.0.0.1:49315
ProxyServer: [S-1-5-21-1965394401-2103718357-1127923810-1000] => http=127.0.0.1:49315;https=127.0.0.1:49315
AutoConfigURL: [S-1-5-21-1965394401-2103718357-1127923810-1000] => http=127.0.0.1:49315;https=127.0.0.1:49315
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.115.100
Tcpip\..\Interfaces\{50C94D7A-C5DB-415C-8678-3F7462EF05FF}: [DhcpNameServer] 192.168.115.100
Tcpip\..\Interfaces\{E5D46DBA-07F2-4849-956E-461E87395D8B}: [DhcpNameServer] 192.168.115.100
Internet Explorer:
==================
HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 - (Kein Name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll Keine Datei
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_28¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FzyzzyE0FyByByCyE0EtAzytDtN0D0Tzu0StCyCyDyCtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyE0A0CyC0AyEyDtGtAyC0B0BtG0BtC0E0AtGyCzztCzztGzztB0D0DtAyC0EzyyEzzyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDtDzy0A0C0FyBtG0FtD0EzytGyEtB0D0AtG0B0DtByDtGzz0B0A0CtAyB0Dzzzy0AtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtBtBtC%26cr%3D876104327%26a%3Dwbf_fs_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_28¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FzyzzyE0FyByByCyE0EtAzytDtN0D0Tzu0StCyCyDyCtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyE0A0CyC0AyEyDtGtAyC0B0BtG0BtC0E0AtGyCzztCzztGzztB0D0DtAyC0EzyyEzzyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDtDzy0A0C0FyBtG0FtD0EzytGyEtB0D0AtG0B0DtByDtGzz0B0A0CtAyB0Dzzzy0AtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtBtBtC%26cr%3D876104327%26a%3Dwbf_fs_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 -> DefaultScope {C3E6F08D-366C-4806-81AE-DA013DD94FC8} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_28¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FzyzzyE0FyByByCyE0EtAzytDtN0D0Tzu0StCyCyDyCtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyE0A0CyC0AyEyDtGtAyC0B0BtG0BtC0E0AtGyCzztCzztGzztB0D0DtAyC0EzyyEzzyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDtDzy0A0C0FyBtG0FtD0EzytGyEtB0D0AtG0B0DtByDtGzz0B0A0CtAyB0Dzzzy0AtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtBtBtC%26cr%3D876104327%26a%3Dwbf_fs_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=CEDA0022437B3CA6&affID=125036&tsp=5031
SearchScopes: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cedae3900000000000000022437b3ca6&r=562
SearchScopes: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={618C921F-D468-475C-AA8E-47010B06B932}&mid=c78b2ac09d2e57d5c4b70b3084df8c77-5a73515d7d286b81fdb6302665c66b7a8f5e2d07&lang=de&ds=AVG&pr=fr&d=2012-06-07 12:50:30&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 -> {C3E6F08D-366C-4806-81AE-DA013DD94FC8} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_28¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FzyzzyE0FyByByCyE0EtAzytDtN0D0Tzu0StCyCyDyCtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyE0A0CyC0AyEyDtGtAyC0B0BtG0BtC0E0AtGyCzztCzztGzztB0D0DtAyC0EzyyEzzyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtDtDzy0A0C0FyBtG0FtD0EzytGyEtB0D0AtG0B0DtByDtGzz0B0A0CtAyB0Dzzzy0AtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtBtBtC%26cr%3D876104327%26a%3Dwbf_fs_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Keine Datei
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-28] (Oracle Corporation)
BHO: Kein Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Keine Datei
BHO: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2012-07-30] (Babylon Ltd.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-20] (Google Inc.)
BHO: Kein Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-28] (Oracle Corporation)
BHO: Kein Name -> {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> C:\Program Files\pdfforge Toolbar\SearchSettings.dll => Keine Datei
BHO: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files\Softonic\Softonic\1.8.21.14\bh\Softonic.dll [2013-06-11] (Softonic.com)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.)
Toolbar: HKLM - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll [2013-06-11] (Softonic.com)
Toolbar: HKU\S-1-5-21-1965394401-2103718357-1127923810-1000 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {5C0E257E-9DFE-4955-AA93-0A9B166BAB50} hxxp://192.168.115.107:5000/surveillance/object/SSObject.cab
DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} hxxp://kaysercam.dyndns.org/AVC_AX_724.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://kaysercam.dyndns.org/web.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Keine Datei
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)
FireFox:
========
FF ProfilePath: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! Powered
FF SelectedSearchEngine: Yahoo! Powered
FF Homepage: Google
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-03-19] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [Keine Datei]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-22] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-20] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin: JFGuide -> C:\Program Files\NetSurveillance\CMS\npGuide.dll [2016-01-12] ()
FF Plugin: JFWeb -> C:\Program Files\NetSurveillance\CMS\npWebPlugin.dll [2014-09-11] ()
FF Plugin HKU\S-1-5-21-1965394401-2103718357-1127923810-1000: runtop.com/RTPlayer -> C:\Program Files\VVVIPCamera\npRTPlayer.dll [2015-09-08] (RunTop)
FF Plugin HKU\S-1-5-21-1965394401-2103718357-1127923810-1000: webnp/nsstPlugin -> C:\Users\Ck\AppData\Roaming\WebPlugin\npnsstPlugin.dll [2015-08-08] (webnp)
FF user.js: detected! => C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\user.js [2013-12-06]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2009-12-09] (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-04-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-04-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-04-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-04-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-04-13] (Apple Inc.)
FF SearchPlugin: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\searchplugins\avg-secure-search.xml [2014-08-29]
FF SearchPlugin: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\searchplugins\conduit.xml [2012-05-08]
FF SearchPlugin: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\searchplugins\footiefox.xml [2009-12-31]
FF SearchPlugin: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\searchplugins\searchgol.xml [2013-10-10]
FF SearchPlugin: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\searchplugins\softonic.xml [2013-12-06]
FF SearchPlugin: C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\searchplugins\yahoo! powered.xml [2016-07-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-26]
FF Extension: FootieFox - C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2016-04-05]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-05-31] [ist nicht signiert]
FF Extension: AniWeather - C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2016-04-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Ck\AppData\Roaming\Mozilla\Firefox\Profiles\6w2vefvb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-14] [ist nicht signiert]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2013-05-31] [ist nicht signiert]
FF Extension: Search Settings Plugin - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2013-05-31] [ist nicht signiert]
FF Extension: pdfforge Toolbar Plugin - C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2013-05-31] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013-05-31] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-31] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-09-02] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => nicht gefunden
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26] [ist nicht signiert]
FF HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]
FF HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden
FF HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter => nicht gefunden
FF HKU\S-1-5-21-1965394401-2103718357-1127923810-1000\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin => nicht gefunden
Chrome:
=======
CHR Profile: C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Search-Gol Toolbar) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac [2013-12-24] [UpdateUrl: hxxp://img.delta-search.com/ext/chrome/update/update-delta.xml] <==== ACHTUNG
CHR Extension: (YouTube) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
CHR Extension: (Google Search) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
CHR Extension: (Babylon Translator) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2013-12-24] [UpdateUrl: hxxp://img.babylon.com/ext/chrome/update/update.xml] <==== ACHTUNG
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-24]
CHR Extension: (RealDownloader) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-24]
CHR Extension: (Wajam) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (Gmail) - C:\Users\Ck\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
CHR HKLM\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\Ck\AppData\Roaming\BabSolution\CR\searchgol.crx [2013-06-12]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [637944 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4093696 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [906512 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
R2 AVMPowerlineService; C:\Program Files\FRITZ!Powerline\PowerlineService.exe [139264 2014-05-21] (AVM GmbH) [Datei ist nicht signiert]
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2014-01-23] (Teruten) [Datei ist nicht signiert]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [Datei ist nicht signiert]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
R2 PCSUService; C:\Program Files\PC Beschleunigen\PCSUService.exe [206336 2011-07-20] () [Datei ist nicht signiert]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2009-02-25] ()
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-07-14] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [Datei ist nicht signiert]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2010-02-24] (SolidWorks) [Datei ist nicht signiert]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [255744 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2012-07-30] (Phoenix Technologies) [Datei ist nicht signiert]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-12-06] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2014-01-23] () [Datei ist nicht signiert]
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-05-29] (Duplex Secure Ltd.)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [Datei ist nicht signiert]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files\HomeCinema\PowerDVD9\000.fcl [87536 2009-03-30] (CyberLink Corp.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-08-11 20:29 - 2016-08-11 20:29 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Ck\Downloads\tdsskiller.exe
2016-08-11 20:28 - 2016-08-11 20:28 - 00035844 _____ C:\Users\Ck\Desktop\FRST.txt
2016-08-11 20:28 - 2016-08-11 20:28 - 00000000 ____D C:\FRST
2016-08-11 20:26 - 2016-08-11 20:26 - 01744384 _____ (Farbar) C:\Users\Ck\Desktop\FRST.exe
2016-08-07 21:49 - 2016-08-07 21:49 - 06870919 _____ C:\Users\Ck\Downloads\General_HZXM_IPC_HI3516C_53H20L_S38_V4.02.R11.20150812_ALL.bin
2016-08-07 21:49 - 2016-08-07 21:49 - 04183898 _____ () C:\Users\Ck\Downloads\General_DeviceManage_V2.5.1.0.R.20141023(1).exe
2016-08-07 17:57 - 2016-08-07 17:57 - 00000000 ____D C:\Users\Ck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-04 13:43 - 2016-08-04 13:44 - 00144201 _____ C:\Users\Ck\Downloads\ResetConfig(1).zip
2016-08-04 11:53 - 2016-08-04 11:53 - 00067181 _____ C:\Users\Ck\Downloads\Mitteilung_777964016_vom_30.07.2016_20160804115330.pdf
2016-08-04 11:52 - 2016-08-04 11:52 - 00077226 _____ C:\Users\Ck\Downloads\Kontoauszug_777964016__Nr.0072016_vom_30.07.2016_20160804115248.pdf
2016-08-02 23:23 - 2016-06-25 22:01 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-02 23:23 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-02 23:23 - 2016-06-25 21:53 - 01004544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-08-02 23:23 - 2016-06-25 21:53 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-02 23:23 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-02 23:23 - 2016-06-25 21:53 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-02 23:23 - 2016-06-25 21:42 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-08-02 23:23 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-08-02 23:23 - 2016-06-25 21:41 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-08-02 23:23 - 2016-06-22 15:06 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-08-02 23:23 - 2016-06-17 20:23 - 01288192 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-02 23:23 - 2016-06-17 20:23 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-08-02 23:23 - 2016-06-17 20:23 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-08-02 23:23 - 2016-06-17 20:23 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-08-02 23:23 - 2016-06-17 20:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-08-02 23:23 - 2016-06-17 20:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-02 23:23 - 2016-06-14 16:57 - 02398208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-02 23:23 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-02 23:23 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-02 23:23 - 2016-06-10 21:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-02 23:23 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-02 23:23 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-02 23:23 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-02 23:23 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-02 23:23 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-02 23:23 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-02 23:23 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-02 23:23 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-02 23:23 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-02 23:23 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-02 23:23 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-02 23:23 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-02 23:23 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-02 23:23 - 2016-06-10 20:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-02 23:23 - 2016-06-10 20:35 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-02 23:23 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-02 23:23 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 23:23 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-02 23:23 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-02 23:23 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-02 23:23 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-02 23:23 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-02 23:23 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-02 23:23 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-02 23:23 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-02 23:23 - 2016-06-10 20:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-02 23:23 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-02 23:23 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-02 23:23 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-02 23:23 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-02 23:23 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-02 23:23 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-23 09:35 - 2016-07-23 09:43 - 00000000 ____D C:\Users\Ck\Desktop\vom S Rechner
2016-07-18 17:35 - 2016-07-18 17:35 - 00052681 _____ C:\Users\Ck\Downloads\Rechnung_200000333.pdf
2016-07-18 17:34 - 2016-07-18 17:34 - 00265746 _____ C:\Users\Ck\Downloads\TGFSQ-5Z6ULWVDJE.pdf
2016-07-18 17:34 - 2016-07-18 17:34 - 00265729 _____ C:\Users\Ck\Downloads\LCHCZ-AYPQQ4RHZB.pdf
2016-07-18 17:34 - 2016-07-18 17:34 - 00265690 _____ C:\Users\Ck\Downloads\ECQXA-Y9TE9BPJHX.pdf
2016-07-18 17:34 - 2016-07-18 17:34 - 00265679 _____ C:\Users\Ck\Downloads\XUSQZ-BSM9NG5HWX.pdf
2016-07-14 21:28 - 2016-07-14 21:28 - 01065040 _____ C:\Users\Ck\Downloads\FRITZ.Box Fon WLAN 7390 84.06.51_14.07.16_2128.export
2016-07-14 21:09 - 2016-07-14 21:09 - 01061298 _____ C:\Users\Ck\Downloads\FRITZ.Box Fon WLAN 7390 84.06.30_14.07.16_2108.export
2016-07-14 21:05 - 2016-07-14 21:05 - 00000000 ____D C:\Users\Ck\Downloads\german
2016-07-14 20:58 - 2016-07-14 20:58 - 00000000 ____D C:\ProgramData\ByteFence
2016-07-14 20:48 - 2016-08-11 20:24 - 00000000 ____D C:\Program Files\ByteFence
2016-07-14 20:48 - 2016-07-17 10:59 - 00000000 ____D C:\Users\Ck\AppData\Local\{BD3A8B66-9992-E7DE-F40A-C236D0623EAE}
2016-07-14 20:48 - 2016-07-14 20:49 - 00000000 ____D C:\Users\Ck\AppData\Local\Setup1274699
2016-07-14 20:48 - 2016-07-14 20:48 - 00000000 ____D C:\Users\Ck\AppData\Roaming\{BD678BDC-9835-E6AA-F303-C1782FD13C46}
2016-07-14 20:48 - 2016-07-14 20:48 - 00000000 ____D C:\Users\Ck\AppData\Local\sesi
2016-07-14 19:13 - 2016-07-14 19:13 - 00313366 _____ C:\Users\Ck\Downloads\WindowsUpdateDiagnostic.diagcab
2016-07-14 19:09 - 2016-07-14 19:09 - 00073525 _____ C:\Users\Ck\Downloads\Kontoauszug_777964016__Nr.0062016_vom_30.06.2016_20160714070945.pdf
2016-07-14 19:09 - 2016-07-14 19:09 - 00066709 _____ C:\Users\Ck\Downloads\KundenmitteilungRechnungsabschluss_777964016_vom_30.06.2016_20160714070940.pdf
2016-07-14 19:05 - 2016-07-14 19:05 - 03838492 _____ (LIGHTNING UK!) C:\Users\Ck\Downloads\SetupImgBurn_2.5.8.0.exe
2016-07-14 17:10 - 2016-07-14 17:27 - 1940455424 _____ C:\Users\Ck\Downloads\ct_2016_12.iso
2016-07-13 21:19 - 2016-05-12 17:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-13 21:19 - 2016-05-12 17:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-13 21:19 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-13 21:19 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-13 21:19 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-13 21:19 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-13 21:19 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-13 21:19 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-13 21:19 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-13 21:18 - 2016-05-12 17:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-13 21:18 - 2016-05-12 17:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-13 21:18 - 2016-05-12 17:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-13 21:18 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-13 21:18 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-13 21:18 - 2016-05-12 16:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-13 21:18 - 2016-05-12 16:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-13 21:18 - 2016-05-12 16:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-13 21:18 - 2016-05-12 16:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-13 21:18 - 2016-05-12 16:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-13 21:18 - 2016-05-12 16:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-13 21:18 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-13 21:18 - 2016-05-12 16:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-13 21:18 - 2016-05-12 16:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-13 21:18 - 2016-05-12 15:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-13 21:18 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-13 21:18 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-13 21:18 - 2016-04-14 17:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-13 21:18 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-13 21:18 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-13 21:18 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-13 21:18 - 2016-04-14 17:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-13 21:18 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-13 21:18 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-13 21:17 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-13 21:17 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-13 21:17 - 2016-05-13 23:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-13 21:17 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-13 21:17 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-13 21:17 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-13 21:17 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-13 21:17 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-13 21:17 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-13 21:17 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-13 21:17 - 2016-05-11 16:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-13 21:17 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-13 21:11 - 2016-05-18 18:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-08-11 20:25 - 2014-02-14 17:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-11 20:24 - 2010-12-05 13:36 - 00000000 ____D C:\ProgramData\MFAData
2016-08-11 20:23 - 2013-08-27 22:54 - 00000000 ___RD C:\Users\Ck\Dropbox
2016-08-11 20:21 - 2013-12-24 16:34 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 20:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 17:56 - 2013-05-31 14:28 - 00019696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-10 17:56 - 2013-05-31 14:28 - 00019696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-10 17:55 - 2015-07-02 12:04 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1965394401-2103718357-1127923810-1000UA.job
2016-08-07 22:57 - 2013-12-24 16:34 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-07 21:50 - 2016-03-30 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Manager
2016-08-07 21:50 - 2014-10-24 12:20 - 00028088 _____ C:\Program Files\Device Manager Setup Log.txt
2016-08-07 21:50 - 2014-10-24 12:20 - 00001921 _____ C:\Users\Ck\Desktop\DeviceManage.lnk
2016-08-07 21:50 - 2014-10-24 12:20 - 00000000 ____D C:\Program Files\Device Manager
2016-08-07 18:25 - 2015-03-10 11:41 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-08-07 17:58 - 2013-08-27 22:51 - 00000000 ____D C:\Users\Ck\AppData\Roaming\Dropbox
2016-08-04 16:55 - 2015-07-02 12:04 - 00001160 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1965394401-2103718357-1127923810-1000Core.job
2016-08-04 13:17 - 2015-07-25 13:18 - 00000000 ____D C:\Windows\rescache
2016-08-02 23:58 - 2009-07-14 06:33 - 00462680 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-02 23:56 - 2014-12-17 07:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-02 23:56 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-02 23:43 - 2013-05-31 15:45 - 01601228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-02 23:43 - 2009-07-14 10:47 - 00702602 _____ C:\Windows\system32\perfh007.dat
2016-08-02 23:43 - 2009-07-14 10:47 - 00150242 _____ C:\Windows\system32\perfc007.dat
2016-08-02 23:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-08-02 23:36 - 2013-07-13 10:16 - 00000000 ____D C:\Windows\system32\MRT
2016-08-02 23:28 - 2013-06-12 08:33 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-02 21:47 - 2015-11-09 09:23 - 00000910 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-08-02 21:47 - 2014-04-01 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-02 21:40 - 2015-12-03 21:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-23 17:25 - 2009-07-18 19:43 - 00000000 ____D C:\Users\Ck\AppData\Roaming\Winamp
2016-07-23 10:37 - 2009-05-29 15:19 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2016-07-20 16:27 - 2009-09-30 22:04 - 00000000 ____D C:\Users\Ck\AppData\Roaming\vlc
2016-07-15 16:13 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-14 21:27 - 2016-04-22 12:04 - 00000000 ____D C:\Users\Ck\Desktop\The.Gift.German.DL.AC3.Dubbed.720p.BluRay.x264-PsO
2016-07-14 21:24 - 2016-04-22 12:07 - 00000000 ____D C:\Users\Ck\Desktop\The.Revenant.-.Der.Rueckkehrer.DVDScr.LD.German.x264-PsO
2016-07-14 20:51 - 2016-03-11 17:20 - 00000000 ____D C:\Users\Ck\Downloads\LUPUSEC
2016-07-14 19:15 - 2013-01-27 16:28 - 00000000 ____D C:\Users\Ck\AppData\Local\ElevatedDiagnostics
2016-07-13 22:26 - 2009-03-25 19:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 21:38 - 2010-06-13 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-12 18:25 - 2013-12-24 21:54 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-12 18:25 - 2013-12-24 21:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-12 18:25 - 2009-03-27 14:36 - 00000000 ____D C:\Windows\system32\Macromed
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-10-24 12:20 - 2016-08-07 21:50 - 0028088 _____ () C:\Program Files\Device Manager Setup Log.txt
2014-05-17 08:51 - 2014-06-23 07:14 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2009-07-21 21:13 - 2013-12-06 10:54 - 0000192 _____ () C:\Users\Ck\AppData\Roaming\default.rss
2013-12-24 21:53 - 2014-06-17 19:16 - 0000942 _____ () C:\Users\Ck\AppData\Local\cookies.ini
2013-12-22 15:07 - 2016-06-15 17:46 - 0012800 _____ () C:\Users\Ck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-04 08:02 - 2014-02-04 08:02 - 0000085 ___SH () C:\ProgramData\.zreglib
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Ck\CAPITEST.exe
Einige Dateien in TEMP:
====================
C:\Users\Ck\AppData\Local\Temp\avg-ab4dcb36-a3b8-453e-95d0-3f1420a65049.exe
C:\Users\Ck\AppData\Local\Temp\avg-bf27893e-44c6-483e-af63-2236c14e051a.exe
C:\Users\Ck\AppData\Local\Temp\avguirn_081845444654.exe
C:\Users\Ck\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfipkzx.dll
C:\Users\Ck\AppData\Local\Temp\sp_setpoint.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-08-07 19:24
==================== Ende vom FRST.txt ============================
|
| Themen zu IRCBot Virut wohl auf einem meiner Computer, informierte mich die T-Com |
| brief, bytefence, canon, compu, computer, crazy, frst.txt, hallo zusammen, hilfe, ircbot, liebe, lieben, secure search, t-com, virut, wieder weg, zusammen |
Baum-Darstellung