| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Yahoo Targo12 ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.06.2016, 19:28
| #1 |
| |  Yahoo Targo12 Probleme Hallo. Hier sind meine Dateien. Vielen Dank im Voraus! Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016 durchgeführt von Gaby (Administrator) auf ASUSLAPPI (08-06-2016 12:48:14) Gestartet von C:\Users\Gaby\Desktop Geladene Profile: UpdatusUser & Gaby (Verfügbare Profile: UpdatusUser & Gaby & peter & Administrator) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe konnte nicht auf den Prozess zugreifen -> svchost.exe (TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (IvoSoft) D:\Programme\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dropbox, Inc.) C:\Users\Gaby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\nacl64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\conathst.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM\...\Run: [Classic Start Menu] => D:\Programme\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-09-16] (Oracle Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3878592002-4276831464-1221982360-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\Run: [Amazon Music] => C:\Users\Gaby\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-04-15] () HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\Run: [Dropbox Update] => C:\Users\Gaby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.) HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro_!delete!\OptProCrash_x64.dll [2603312 2013-11-09] () AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation) IFEO\asuswspanel.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\backache.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\backbone.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => D:\Programme\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => D:\Programme\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-27] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-13] ShortcutTarget: Dropbox.lnk -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{D2397064-B283-4AED-A4EC-BA70B3ADEDA0}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.5.4.24 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.5.4.24 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.5.4.24 HKU\S-1-5-21-3878592002-4276831464-1221982360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.5.4.24 HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> DefaultScope {58DA2DE2-2F0E-4E8F-A945-311ABB709A3C} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> OldSearch URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> {58DA2DE2-2F0E-4E8F-A945-311ABB709A3C} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=de_GB&gct=kwd&qsrc=2869 BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> D:\Programme\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> D:\Programme\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> D:\Programme\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-06] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-06] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> D:\Programme\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Programme\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Programme\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei Toolbar: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> Kein Name - {46575637-0076-A76A-76A7-7A786E7484D7} - Keine Datei Toolbar: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei Toolbar: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\lm63f609.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-06] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3878592002-4276831464-1221982360-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Gaby\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP) FF Extension: DownloadHelper - C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\lm63f609.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-21] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2016-06-02] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden Chrome: ======= CHR Profile: C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Yahoo Web) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-31] CHR Extension: (Google Docs) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-29] CHR Extension: (YouTube) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Norton Security Toolbar) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-02] CHR Extension: (Google-Suche) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Tampermonkey) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-06-02] CHR Extension: (Google Kalender) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-28] CHR Extension: (Google Docs Offline) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Isoball 3) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-10-23] CHR Extension: (Norton Identity Safe) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-11] CHR Extension: (Sync Google Drive™ with Dropbox, Box, ...) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2015-09-10] CHR Extension: (Earth) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2016-01-11] CHR Extension: (Google Maps) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-25] CHR Extension: (Download) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp [2015-08-20] CHR Extension: (Norton Safe) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-04-13] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-01-11] CHR Extension: (Enhanced Steam) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-06-02] CHR Extension: (Google Mail) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Profile: C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Präsentationen) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02] CHR Extension: (Google Docs) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02] CHR Extension: (Google Drive) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02] CHR Extension: (YouTube) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02] CHR Extension: (Norton Security Toolbar) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-02] CHR Extension: (Google Tabellen) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02] CHR Extension: (Google Docs Offline) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-02] CHR Extension: (Norton Identity Safe) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-02] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02] CHR Extension: (Google Mail) - C:\Users\Gaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-06-01] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <kein Path/update_url> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-06-01] CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <kein Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert] S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [1832176 2016-05-20] (Symantec Corporation) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-31] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-31] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20160607.001\IDSvia64.sys [876248 2016-05-30] (Symantec Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20160607.024\ENG64.SYS [138456 2016-05-31] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20160607.024\EX64.SYS [2148056 2016-05-31] (Symantec Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-09-17] (ASUSTek Computer Inc.) R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-31] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation) R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-08 12:48 - 2016-06-08 12:48 - 00033051 _____ C:\Users\Gaby\Desktop\FRST.txt 2016-06-08 12:47 - 2016-06-08 12:48 - 00000000 ____D C:\FRST 2016-06-08 12:38 - 2016-06-08 12:38 - 02385408 _____ (Farbar) C:\Users\Gaby\Desktop\FRST64.exe 2016-06-07 20:41 - 2016-06-07 20:41 - 00042589 _____ C:\Users\Gaby\Downloads\Altpapier Juni 2016.pdf 2016-06-07 12:12 - 2016-06-07 12:12 - 00312335 _____ C:\Users\Gaby\Downloads\Sommerkonzert 2016.pdf 2016-06-06 19:36 - 2016-06-06 19:36 - 00011154 _____ C:\Users\Gaby\Downloads\2016-04-10 Briefkette an Dwight.xlsx 2016-06-06 17:34 - 2016-06-06 18:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-06-06 17:34 - 2016-06-06 17:34 - 00001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-06-06 17:34 - 2016-06-06 17:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2016-06-06 17:34 - 2016-06-06 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-06-06 17:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2016-06-06 17:33 - 2016-06-06 17:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-06-06 17:31 - 2016-06-06 17:31 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Gaby\Downloads\spybot-2.4.exe 2016-06-04 05:40 - 2016-06-04 05:40 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-06-02 09:54 - 2016-06-02 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security 2016-06-02 08:50 - 2016-06-02 09:50 - 00001177 _____ C:\Users\Gaby\Desktop\Dropbox.lnk 2016-06-02 08:47 - 2016-06-02 08:47 - 00000424 _____ C:\Users\Gaby\Desktop\Dieser PC.lnk 2016-05-31 14:50 - 2016-06-02 09:48 - 00003218 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-05-31 14:50 - 2016-05-31 17:37 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-05-31 14:50 - 2016-05-31 17:37 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2016-05-31 14:50 - 2016-05-31 14:50 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-05-31 14:48 - 2016-06-02 09:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64 2016-05-31 14:48 - 2016-06-02 09:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2016-05-31 14:48 - 2016-05-31 14:48 - 00000000 ____D C:\Program Files (x86)\Norton Security 2016-05-29 13:41 - 2016-05-29 13:41 - 00000000 ___HD C:\ProgramData\CanonIJEGV 2016-05-12 14:07 - 2016-05-12 14:08 - 00000000 ____D C:\Users\Gaby\Documents\Wissenswertes 2016-05-12 05:35 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-05-12 05:35 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll 2016-05-12 05:35 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-05-12 05:35 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-05-12 05:35 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-05-12 05:35 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll 2016-05-12 05:35 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-05-12 05:35 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-05-12 05:35 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-12 05:35 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-05-12 05:35 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-12 05:34 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-12 05:34 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-12 05:34 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-12 05:34 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-12 05:34 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-12 05:34 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-12 05:34 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-12 05:34 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-12 05:34 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-05-12 05:34 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-12 05:34 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-12 05:34 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-05-12 05:34 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-05-12 05:34 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-05-12 05:34 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-05-12 05:34 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-05-12 05:34 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-12 05:34 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-05-12 05:34 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-12 05:34 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-05-12 05:34 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-05-12 05:34 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-05-12 05:34 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-05-12 05:34 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-05-12 05:34 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-12 05:34 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-05-12 05:34 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-05-12 05:34 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-12 05:34 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-12 05:33 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-05-12 05:32 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2016-05-12 05:32 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-12 05:32 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-12 05:32 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-12 05:32 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-12 05:32 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-12 05:32 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-12 05:32 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-05-12 05:32 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-12 05:32 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-12 05:32 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-12 05:32 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-12 05:32 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-12 05:32 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-05-12 05:32 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-05-12 05:32 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2016-05-12 05:32 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-05-12 05:32 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL 2016-05-12 05:32 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL 2016-05-12 05:32 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll 2016-05-12 05:32 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2016-05-12 05:32 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-05-12 05:32 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll 2016-05-12 05:32 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2016-05-12 05:32 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-05-12 05:32 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-12 05:32 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-05-12 05:32 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2016-05-12 05:32 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2016-05-12 05:32 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-05-09 21:26 - 2016-05-09 21:26 - 00350943 _____ C:\Users\Gaby\Desktop\sssssss.xps 2016-05-09 17:43 - 2016-05-09 17:43 - 00000000 ____D C:\Users\Gaby\Documents\HGÖ ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-06-08 12:42 - 2015-06-17 11:32 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3878592002-4276831464-1221982360-1002UA.job 2016-06-08 12:39 - 2014-06-21 01:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-08 11:55 - 2014-10-10 13:28 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-08 11:09 - 2014-10-10 13:28 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-08 11:09 - 2014-07-29 14:41 - 00000000 __RDO C:\Users\Gaby\OneDrive 2016-06-08 11:09 - 2014-07-29 12:07 - 00000000 ___RD C:\Users\Gaby\Dropbox 2016-06-08 11:09 - 2014-03-18 12:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-08 11:09 - 2014-03-18 11:25 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2016-06-08 11:09 - 2014-03-18 11:25 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2016-06-08 11:09 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-06-07 22:39 - 2014-08-02 11:36 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\ClassicShell 2016-06-07 22:38 - 2013-06-30 22:08 - 00118784 ___SH C:\Users\Gaby\Downloads\Thumbs.db 2016-06-07 11:32 - 2014-07-29 14:54 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9DBE0F37-62DE-4E10-963F-55DD74526E21} 2016-06-07 08:42 - 2015-06-17 11:32 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3878592002-4276831464-1221982360-1002Core.job 2016-06-07 06:11 - 2012-10-27 07:06 - 00002766 _____ C:\WINDOWS\System32\Tasks\BtvStack 2016-06-07 06:11 - 2012-10-27 07:06 - 00002762 _____ C:\WINDOWS\System32\Tasks\BtTray 2016-06-07 06:09 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-07 06:08 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-06-06 18:49 - 2012-10-27 07:03 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite 2016-06-06 17:50 - 2013-02-26 21:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3878592002-4276831464-1221982360-1002 2016-06-06 17:45 - 2014-06-21 01:17 - 00000000 ___RD C:\Users\Gaby\Desktop\Utilities 2016-06-06 17:40 - 2015-12-04 13:31 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-05 21:40 - 2014-12-29 09:12 - 00000000 ____D C:\Users\Gaby\Documents\Urlaubsliste 2016-06-05 12:30 - 2016-03-30 11:07 - 00000000 ____D C:\Users\Gaby\Documents\Abfallwirtschaft Hohenlohekreis 2016-06-04 21:17 - 2014-06-21 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-06-04 20:56 - 2016-03-28 11:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-04 05:39 - 2014-03-07 19:49 - 00000000 ____D C:\Users\Gaby\AppData\Roaming\Dropbox 2016-06-02 16:31 - 2013-07-13 13:25 - 00000000 ____D C:\Users\Gaby\Documents\Gedanken 2016-06-02 09:51 - 2015-12-04 13:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2016-06-02 09:47 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-06-01 17:06 - 2013-11-20 16:20 - 00000000 ____D C:\Users\Gaby\Documents\Briefe 2016-06-01 16:01 - 2016-01-24 20:14 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-05-31 19:15 - 2015-10-28 15:41 - 00000306 __RSH C:\ProgramData\ntuser.pol 2016-05-31 16:36 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2016-05-31 16:16 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-31 16:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-31 15:48 - 2013-06-18 22:46 - 00000000 ____D C:\Users\Gaby\Documents\Sounds of Joy 2016-05-31 15:43 - 2016-04-11 20:48 - 02923980 _____ C:\Users\Gaby\Downloads\RSD_0.61.zip 2016-05-31 14:56 - 2014-11-10 19:08 - 00000000 ____D C:\ProgramData\Norton 2016-05-31 14:48 - 2014-11-10 19:10 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-05-30 10:08 - 2013-11-25 16:35 - 00000000 ____D C:\Users\Gaby\Documents\BZB Bretzfeld 2016-05-29 18:02 - 2015-04-05 18:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-05-29 18:02 - 2015-04-05 18:04 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-05-29 13:39 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-25 23:56 - 2013-03-12 18:36 - 00000000 ____D C:\Users\Gaby\AppData\Local\CrashDumps 2016-05-13 05:56 - 2014-10-10 13:29 - 00002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-13 05:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-05-13 05:19 - 2014-12-25 11:08 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-05-12 12:47 - 2014-12-10 22:33 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-12 12:47 - 2014-03-18 11:40 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-12 05:46 - 2013-08-22 16:44 - 00490600 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-12 05:44 - 2013-08-19 10:13 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-12 05:38 - 2013-03-01 16:24 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-12 05:31 - 2016-04-13 15:04 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-12 05:31 - 2016-04-13 15:04 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-05-12 05:31 - 2016-04-13 15:04 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-05-12 05:31 - 2016-04-13 15:04 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-12 05:31 - 2016-04-13 15:04 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-05-12 05:31 - 2016-04-13 15:04 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-05-12 05:31 - 2016-04-13 15:04 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-05-11 22:08 - 2013-08-22 17:38 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-11 22:08 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 05:50 - 2014-10-10 13:28 - 00004110 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 05:50 - 2014-10-10 13:28 - 00003874 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-09 17:44 - 2014-07-21 14:17 - 00000000 ____D C:\Users\Gaby\Documents\NIls ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-02-26 20:57 - 2015-02-28 21:38 - 0000500 _____ () C:\Users\Gaby\AppData\Roaming\sp_data.sys 2013-12-20 20:11 - 2014-03-28 20:11 - 0000086 _____ () C:\Users\Gaby\AppData\Roaming\WB.CFG 2013-02-26 21:44 - 2013-02-26 21:44 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-08-17 02:52 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2012-08-17 02:52 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-06-07 06:26 ==================== Ende von FRST.txt ============================ Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-06-2016 durchgeführt von Gaby (2016-06-08 12:48:45) Gestartet von C:\Users\Gaby\Desktop Windows 8.1 (Update) (X64) (2014-07-29 12:37:44) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3878592002-4276831464-1221982360-500 - Administrator - Disabled) => C:\Users\Administrator Gaby (S-1-5-21-3878592002-4276831464-1221982360-1002 - Administrator - Enabled) => C:\Users\Gaby Gast (S-1-5-21-3878592002-4276831464-1221982360-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3878592002-4276831464-1221982360-1010 - Limited - Enabled) peter (S-1-5-21-3878592002-4276831464-1221982360-1004 - Administrator - Enabled) => C:\Users\peter UpdatusUser (S-1-5-21-3878592002-4276831464-1221982360-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\Amazon Amazon Music) (Version: 4.3.0.1330 - Amazon Services LLC) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.) Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.) Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version: - *Canon Inc.) Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.) Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Dropbox (HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.) EG21 Vokabelkartei interaktiv 2 (HKLM-x32\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.60 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Rapidshare Auto Downloader 4.1 (HKLM-x32\...\{B0B46A1F-EC96-44A4-A9FB-62FE33BAF7DE}) (Version: 4.1 - vSoft) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows-Treiberpaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3878592002-4276831464-1221982360-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Gaby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {09ABCFE4-3EB6-4EAD-9CE6-307F1FDDEA8A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-26] (Symantec Corporation) Task: {141F1F08-F7A9-49E0-A57C-FE51C1F11D10} - System32\Tasks\BtTray => C:\Program Task: {238539DA-A030-4165-AA7F-34739F40FB17} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {315E525C-03F3-4634-BD91-352BED6D45FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-12] (Microsoft Corporation) Task: {38DFE194-236D-419E-982D-6C0AFD949A94} - System32\Tasks\BtvStack => C:\Program Task: {42F0235E-15A5-44B7-9DDF-9E0618E7940C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {62A1E344-7B64-43F7-81D6-E297C317161C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => D:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software) Task: {64A4D990-B5BC-4032-B1E8-2E6DC0751340} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {81260276-475D-4253-8C98-8714DC81581E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3878592002-4276831464-1221982360-1002Core => C:\Users\Gaby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.) Task: {81B1A4EF-3144-4E0B-967A-63A5C6EC2B7F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.) Task: {8DF1D12D-688D-4C61-96B0-2EA107CDA1D2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation) Task: {9FEFB28E-0C9E-43CC-BCCF-1F330DB9B12C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {A209D4EA-609D-4B63-8923-ABA7E9D40380} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {B1F71917-2997-4629-A8A4-D96C92B5D709} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {B4579026-837C-4C90-AFAC-959B4E699181} - System32\Tasks\{A468D6ED-4C2E-4CA5-92AA-F1051420B9E4} => pcalua.exe -a C:\Users\Gaby\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe -c /Uninstall Task: {C24BF85E-CC46-4DB0-88B4-D766051241D3} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-09-17] (ASUS) Task: {D0336BCC-CDB3-418A-A010-D26F62DBBF69} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {DC1813EB-1E4F-4BFC-8863-B80D324B814F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-09-16] (Oracle Corporation) Task: {DC7FB5E3-00DC-4963-A634-FD86ADA0B225} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3878592002-4276831464-1221982360-1002UA => C:\Users\Gaby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.) Task: {E14C3C45-4C52-4D27-8D69-C87799FBF662} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe Task: {E9519496-7624-4A85-870B-D25222BBF231} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {EF4789E6-B56A-4732-87F4-207EA21C6CBB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {F309C8C1-E65D-4B75-B639-0E38BE8F0533} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3878592002-4276831464-1221982360-1002Core.job => C:\Users\Gaby\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3878592002-4276831464-1221982360-1002UA.job => C:\Users\Gaby\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST1000DM003-9YN162_S1D4RD8DXXXXS1D4RD8D&ts=1384020705 ShortcutWithArgument: C:\Users\Gaby\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Gaby - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-01-24 20:28 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () D:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-09-17 16:05 - 2012-09-17 16:05 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-09-17 16:05 - 2012-09-17 16:05 - 00028544 _____ () C:\Program Files\ASUS\P4G\plctrl.dll 2016-06-06 17:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-06-06 17:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-06-06 17:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-06-06 17:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-06-06 17:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-10-27 07:02 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-12-09 06:43 - 2016-05-05 12:09 - 00034768 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-06-04 05:40 - 2016-05-05 12:10 - 00019408 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-06-04 05:40 - 2016-05-05 12:09 - 00116688 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-09 06:43 - 2016-05-05 12:09 - 00093640 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-09 06:43 - 2016-05-05 12:09 - 00018376 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-09 06:43 - 2016-05-31 20:34 - 00019760 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00105928 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-06-04 05:40 - 2016-05-05 12:09 - 00392144 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-09 06:43 - 2016-05-31 20:34 - 00381752 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-09 06:43 - 2016-05-05 12:09 - 00692688 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00020816 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-09 06:43 - 2016-05-05 12:10 - 00123856 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 01682760 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00020808 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-09 06:43 - 2016-05-31 20:34 - 00021840 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00038696 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-06-04 05:40 - 2016-05-05 12:11 - 00020936 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00024528 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00114640 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00124880 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-02-11 15:14 - 2016-05-31 20:34 - 00021832 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00024016 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00175560 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00030160 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00043472 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00048592 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-02-11 15:14 - 2016-05-31 20:34 - 00023872 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-06-04 05:40 - 2016-05-05 12:09 - 00134088 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00026456 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00057808 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00024016 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-06-04 05:40 - 2016-05-31 20:33 - 00246592 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00028616 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00052024 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-09 06:43 - 2016-05-05 12:09 - 00134608 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-06-04 05:40 - 2016-05-05 12:10 - 00240584 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-02-11 15:14 - 2016-05-31 20:34 - 00020800 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-02-11 15:14 - 2016-05-31 20:34 - 00019776 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-02-11 15:14 - 2016-05-31 20:34 - 00020800 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00020280 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-09 06:43 - 2016-05-31 20:34 - 00023376 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00350152 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-02-11 15:14 - 2016-05-31 20:34 - 00022352 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00024392 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-06-04 05:40 - 2016-05-05 12:12 - 00036296 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\librsync.dll 2016-06-04 05:40 - 2016-05-31 20:34 - 00084280 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-06-04 05:40 - 2016-05-31 20:34 - 01826096 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-09 06:43 - 2016-05-05 12:10 - 00083912 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\sip.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 03928880 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 01971504 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00531248 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00132912 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00223544 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00207672 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-09 06:43 - 2016-05-05 12:11 - 00060880 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\win32print.pyd 2015-12-09 06:43 - 2016-05-31 20:34 - 00024904 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00546096 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-06-04 05:40 - 2016-05-31 20:34 - 00357680 _____ () C:\Users\Gaby\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2016-05-13 05:56 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-13 05:56 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll 2016-05-13 05:56 - 2016-05-11 13:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\WINDOWS\SysWOW64\CN252BWGJ905KC:NW [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3878592002-4276831464-1221982360-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaby\Pictures\Desktops\marc-chagall-die-verliebten-von-vence.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk" HKLM\...\StartupApproved\Run: => "ACMON" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "BDRegion" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_48AF19F4DF32E7A8701C0772463A410E" HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall" HKU\S-1-5-21-3878592002-4276831464-1221982360-1002\...\StartupApproved\Run: => "Spybot-S&D Cleaning" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E6E86207-7B50-49D1-A057-2074D3B31424}] => (Allow) C:\Users\Gaby\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{87AB6EB5-40EE-4E34-92B7-7E232A568D96}] => (Allow) C:\Users\Gaby\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [UDP Query User{52D973BC-AB67-4302-8C3C-C6E8DA1842F3}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe FirewallRules: [TCP Query User{C1F98ADE-9C21-4DD5-BA53-F426D9CDE638}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{B8C29D85-CB5C-4FC2-A98E-C91B51B81F9F}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{C0A28A49-763C-4967-A12D-3CF678819989}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe FirewallRules: [{208AA3C5-83E6-4963-914F-E61A7B5863B5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{5B29D702-982E-4E29-95FF-82DACD19261C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{2D98DC88-3952-43C9-93FD-3BCDD6CDA116}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{447332FF-0FA7-4F59-BB77-2787A9E8B71E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{74A7BA1D-990C-452B-9372-CE0DAB89D570}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{5F6AF48E-C400-4BB3-A350-1B7362B0CE75}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{2B44D8EE-8E7A-40A3-A70E-29D9D9BBF50D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B2809CC4-635B-4464-8C91-5498BAABFD24}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{CFE68A57-E6EA-4E5D-82E2-BA7483D80E1B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{C742DF90-2D78-4717-97CB-2422A3993B19}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [TCP Query User{D72A7BDD-D8C5-4AB1-B07D-85CE6A223ECD}C:\users\gaby\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gaby\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{CCF4D823-2E39-45B1-92FC-B3709FB4A447}C:\users\gaby\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gaby\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{25E271E8-DD89-4442-81BC-A4A1A6060FC2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8F5B370A-7F07-43F7-8B62-2F25B90BE9CA}] => (Allow) E:\fsetup.exe FirewallRules: [{7FDE1155-C40F-40AB-8431-0401EA169780}] => (Allow) E:\fsetup.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Wiederherstellungspunkte ========================= 06-06-2016 18:19:07 Säuberung (Spybot - Search & Destroy 2.6, Administratorrechte) ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (06/07/2016 12:15:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm chrome.exe, Version 50.0.2661.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7e4 Startzeit: 01d1c0a4d07b0f70 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Berichts-ID: c94e9257-2c98-11e6-bf7e-20689dbf4cc3 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/07/2016 06:14:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ce4 Startzeit: 01d1c07263af7fb3 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 5e05e8c9-2c66-11e6-bf7e-20689dbf4cc3 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (06/07/2016 06:14:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ce4 Startzeit: 01d1c07263af7fb3 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 57d147f1-2c66-11e6-bf7e-20689dbf4cc3 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (06/07/2016 06:09:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0xe04 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Error: (06/07/2016 06:07:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm WINWORD.EXE, Version 12.0.6748.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16e0 Startzeit: 01d1c0720356bb01 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: 4e780c7e-2c65-11e6-bf7d-20689dbf4cc3 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/04/2016 09:20:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm mbam-setup.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2120 Startzeit: 01d1be95a0c94ff6 Endzeit: 4294967295 Anwendungspfad: C:\Users\Gaby\AppData\Local\Temp\is-F8EIQ.tmp\mbam-setup.tmp Berichts-ID: 6dce4fb4-2a89-11e6-bf7b-20689dbf4cc3 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/03/2016 07:02:11 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT-AUTORITÄT) Description: There was an error communicating to the Orion inference server Error: (06/02/2016 11:14:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUSLAPPI) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/02/2016 11:14:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUSLAPPI) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/02/2016 11:12:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm WINWORD.EXE, Version 12.0.6748.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 364 Startzeit: 01d1bd12650746bc Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Berichts-ID: be59b593-2906-11e6-bf7b-20689dbf4cc3 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (06/07/2016 06:16:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/07/2016 06:16:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet. Error: (06/07/2016 06:14:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error: (06/06/2016 05:35:57 PM) (Source: DCOM) (EventID: 10010) (User: ASUSLAPPI) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (06/04/2016 09:01:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (06/04/2016 09:01:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (06/04/2016 05:38:45 AM) (Source: DCOM) (EventID: 10010) (User: ASUSLAPPI) Description: {BEBA2AA5-B5A7-4DD3-9AD6-43B24CDD3B7D} Error: (06/03/2016 09:00:42 PM) (Source: DCOM) (EventID: 10010) (User: ASUSLAPPI) Description: {BEBA2AA5-B5A7-4DD3-9AD6-43B24CDD3B7D} Error: (06/03/2016 03:00:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (06/03/2016 03:00:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. CodeIntegrity: =================================== Date: 2016-05-31 14:43:33.839 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:33.627 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:33.288 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:33.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:32.743 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:32.538 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:31.858 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:31.661 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:31.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-31 14:43:31.141 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Prozentuale Nutzung des RAM: 31% Installierter physikalischer RAM: 8069.61 MB Verfügbarer physikalischer RAM: 5504.29 MB Summe virtueller Speicher: 9349.61 MB Verfügbarer virtueller Speicher: 6710.19 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:246.63 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.9 GB) (Free:482.66 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: AC448E83) Partition: GPT. ==================== Ende von Addition.txt ============================ |
| Themen zu Yahoo Targo12 Probleme |
| avg, canon, computer, cpu, dnsapi.dll, downloader, error, excel, google, helper.exe, iexplore.exe, installation, mozilla, problem, proxy, prozesse, realtek, registry, safer networking, scan, security, services.exe, software, symantec, system, targa12, targo12, trojaner, udp, warnung, windows, wlan, yahoo targa12 |
Baum-Darstellung