| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Notebook soll Junkmails verschickenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.09.2015, 19:15
| #1 |
| |  Windows 7: Notebook soll Junkmails verschicken hallo, habe heute einen anruf von windowsoft.net erhalten mit dem hinweis, dass mein notebook als junkmailversender identifiziert wurde. nach 30 minuten indischem englisch habe ich das gespräch abgebrochen.  fakt ist aber, dass ich probleme beim starten meines notebook habe, da es die ersten 15-20 minuten praktisch durch andere prozesse komplett blockiert ist. erst danach ist es nutzbar. scanner nach viren, rootkits und malware blieben bislang ohne ergebnis. darum bin ich jetzt hier. frage: ist mein notebook ein junkmailsender bzw. verseucht oder nicht?  vielen dank im voraus!  gruß h-r Code:
ATTFilter 1: defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:22 on 01/09/2015 (hanns-robert)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter 2: first
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (01-09-2015 19:25:42)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert & admin (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files\Mozilla Firefox\updated\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-07-30] (SUPERAntiSpyware)
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\gaaihodoc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\gpdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\pdfrouter.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1
Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1148431976-1086807397-2611512696-1003_classes] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF user.js: detected! => C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\user.js [2012-05-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
S4 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl1ab0d0d1; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{488E16AD-3C74-43FA-AF65-FF09C78A0ECB}\MpKsl1ab0d0d1.sys [39168 2015-09-01] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [30632 2015-06-04] (TuneUp Software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-01 19:25 - 2015-09-01 19:25 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:18 - 2015-09-01 19:18 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-01 19:25 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:45 - 2015-09-01 19:04 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4.job
2015-09-01 16:44 - 2015-09-01 19:04 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785.job
2015-09-01 16:44 - 2015-09-01 16:44 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\SUPERAntiSpyware.com
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-26 21:45 - 2015-08-26 21:45 - 00001376 _____ C:\Windows\PFRO.log
2015-08-25 19:07 - 2015-08-25 19:07 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 18:12 - 2015-09-01 19:04 - 00001187 _____ C:\Windows\setupact.log
2015-08-22 18:12 - 2015-08-22 18:12 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts
2015-08-03 17:15 - 2015-08-03 17:16 - 00000000 ____D C:\Users\hanns-robert\Downloads\hotel
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-09-01 19:21 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 19:20 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 19:19 - 2014-10-15 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 19:19 - 2014-08-20 20:12 - 01078570 _____ C:\Windows\WindowsUpdate.log
2015-09-01 19:16 - 2014-10-15 20:50 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 19:13 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 19:13 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 19:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-01 19:05 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-01 19:05 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-01 19:04 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 17:32 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-01 16:08 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-25 19:28 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-08-22 18:16 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 00:27 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 17:05 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\cct.dll
C:\Users\hanns-robert\AppData\Local\Temp\JavaIC.dll
C:\Users\hanns-robert\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\hanns-robert\AppData\Local\Temp\msscct32.dll
C:\Users\hanns-robert\AppData\Local\Temp\YSearchUtil.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-23 21:06
==================== Ende vom FRST.txt ============================
Code:
ATTFilter 3: additions
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-01 19:27:08)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version: - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version: - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version: - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.353 - TuneUp Software) Hidden
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
10-08-2015 20:33:58 Windows Update
12-08-2015 16:28:02 Windows Update
14-08-2015 19:58:24 Windows Update
18-08-2015 10:07:25 Windows Update
22-08-2015 18:19:04 Windows Update
24-08-2015 11:54:00 Windows Update
27-08-2015 16:44:52 Windows Update
01-09-2015 16:08:07 Windows Update
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {19F7EA9E-EAF3-4149-826A-920CA16E34B1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {A117B4CF-7A58-4505-8288-87176FAC2669} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {FA1DDE7C-0804-4A96-B138-7CAC97E64852} - System32\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00586040 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-07-17 19:34 - 2015-07-17 19:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1148431976-1086807397-2611512696-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 09:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/25/2015 05:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/24/2015 11:47:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/22/2015 06:14:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/22/2015 06:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0x6c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/18/2015 10:01:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2015 09:01:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (09/01/2015 07:21:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (09/01/2015 04:22:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (09/01/2015 04:13:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/27/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/26/2015 10:08:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/26/2015 09:50:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/25/2015 05:48:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/24/2015 12:08:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/24/2015 11:51:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (08/22/2015 06:23:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 60%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 810.52 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 2826.71 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:105.59 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
Code:
ATTFilter 4: gmer
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-01 19:50:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 HITACHI_HTS542525K9SA00 rev.BBFZC3HP 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\hanns-robert\AppData\Local\Temp\kwdiipow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwReplaceKey + 1525 82C6EB15 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8EEB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90803340, 0x3EE217, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollRange 77608EC5 5 Bytes JMP 0019A104 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollInfo 77612DA3 5 Bytes JMP 0019A097 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollInfo 776148DA 5 Bytes JMP 0019A13B C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollRange 7763045A 5 Bytes JMP 0019A03A C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollPos 776304BE 5 Bytes JMP 0019A015 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollPos 77630E43 5 Bytes JMP 0019A072 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!EnableScrollBar 776319CE 5 Bytes JMP 0019A16F C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!ShowScrollBar 77633C89 5 Bytes JMP 0019A0CA C:\Program Files\CCleaner\CCleaner.exe
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1e4623d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1e4623d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x4C 0xFE 0xDB 0xB3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\UseNeXT\UseNeXT.exe 0xC4 0x5B 0xAE 0xC6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\WINWORD.EXE 0x16 0xAE 0x8F 0x2F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Duden\Duden Korrektor\WebUpdate.exe 0x80 0x73 0x55 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Duden\Duden Korrektor\Register.exe 0x81 0xA8 0x61 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\EXCEL.EXE 0xA3 0xA5 0x70 0xA8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x8F 0xE1 0xF0 0x12 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x54 0x3D 0x5F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\PROGRA~1\MICROS~3\Office12\EXCEL.EXE 0x37 0x8D 0x63 0x1D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x50 0x90 0x8C 0x09 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0xCC 0xB4 0x6A 0xF9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe 0xE8 0x9A 0x10 0x07 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x2B 0x59 0xBE 0xB2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\KeePass Password Safe 2\KeePass.exe 0x73 0x4E 0x0D 0x6B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x53 0xD7 0xFB 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe 0xCA 0xA7 0xE1 0x9A ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe 0x13 0xC5 0xEB 0x7B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe 0xFC 0xCE 0x05 0xB5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\CDBurnerXP\cdbxpp.exe 0xE7 0xC3 0x04 0xF9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe 0x3E 0xC7 0xA6 0x01 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x49 0xDC 0xDC 0x9E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0xAC 0xEE 0x0F 0x67 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe 0x0E 0xEF 0x80 0x88 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe 0xC1 0xF3 0xBD 0xAB ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Final Draft 9\FDUpdateProgress.exe 0x0C 0x72 0xC9 0xAC ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\$Windows.~BT\Sources\SetupHost.exe 0xA9 0x53 0xA6 0x9B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0xA1 0x04 0xE0 0x1F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C3A57EE5 511
---- EOF - GMER 2.1 ----
|
| Themen zu Windows 7: Notebook soll Junkmails verschicken |
| blockiert, bonjour, converter, cpu, desktop, dnsapi.dll, firefox, flash player, homepage, iexplore.exe, installation, junkmail, launch, malware, mozilla, prozesse, registry, rundll, scan, security, software, starten, svchost.exe, system, udp, usb, verseucht?, viren, windows, windowsoft |
Baum-Darstellung