okay
defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:49 on 14/10/2015 (XXXXXXXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST
FRST Logfile: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
durchgeführt von XXXXXXXX (Administrator) auf XXXXXXXX-PC (14-10-2015 23:58:58)
Gestartet von C:\Users\XXXXXXXX\Downloads
Geladene Profile: XXXXXXXX & ADDISON Service (Verfügbare Profile: XXXXXXXX & ADDISON Service)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ADDISON Software und Service GmbH) C:\Program Files (x86)\ADDISON\Installer Server\ADInstallerSrv.exe
(ADDISON Software und Service GmbH) D:\Programme\ADDISON\Addison.ServiceHosts.WindowsServiceHost.exe
(ADDISON Software und Service GmbH) D:\Programme\ADDISON\Internet-Assistent\ADUpdateSrv.exe
(Versant Corporation) D:\Programme\ADDISON\fastobjectsserver.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files (x86)\Tor\tor.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Dropbox, Inc.) C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022368 2009-08-04] (Trend Micro Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2152512 2015-05-06] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\Run: [Dropbox Update] => C:\Users\XXXXXXXX\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\MountPoints2: {2f8cc0c9-fae2-11de-9df5-806e6f6e6963} - E:\InstAll.exe
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\MountPoints2: {47f2aee2-0275-11df-b180-e0cb4e2e1b14} - F:\AutoRun.exe
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\MountPoints2: {71584d67-346f-11e1-b4e3-e0cb4e2e1b14} - F:\Start.exe
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\MountPoints2: {db51ae96-93ab-11e1-b2a2-e0cb4e2e1b14} - F:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\MountPoints2: {f8a33ab0-8cdf-11e4-8d5d-e0cb4e2e1b14} - F:\StorioSetup.exe
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ASUS_C~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{461C2136-7193-4931-B683-D09744029021}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B753B8F5-E0EE-4868-BEB8-E961EFD713F7}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DCE00E31-FB8D-4168-8067-6698CE147876}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
SearchScopes: HKU\S-1-5-21-1404696492-121838758-2073707362-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-1404696492-121838758-2073707362-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/o2cplayer.cab
DPF: HKLM-x32 {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://portal.postbank.de/dana-cached/sc/JuniperSetupClient.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-03] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-16] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-01-20] <==== ACHTUNG
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => Keine Datei
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Keine Datei
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-06]
CHR Extension: (Google Drive) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-06]
CHR Extension: (Google-Suche) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-10]
StartMenuInternet: Google Chrome.XOV2WETCQI73BN7GPRQFNUKE4A - C:\Users\XXXXXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ADDISON Installer Server; C:\Program Files (x86)\ADDISON\Installer Server\ADInstallerSrv.exe [55296 2009-12-12] (ADDISON Software und Service GmbH) [Datei ist nicht signiert]
R2 ADDISON Scheduler Server; D:\Programme\ADDISON\Addison.ServiceHosts.WindowsServiceHost.exe [19456 2011-12-07] (ADDISON Software und Service GmbH) [Datei ist nicht signiert]
R2 ADDISON Update Server; D:\Programme\ADDISON\Internet-Assistent\ADUpdateSrv.exe [128512 2011-12-14] (ADDISON Software und Service GmbH) [Datei ist nicht signiert]
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [Datei ist nicht signiert]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Datei ist nicht signiert]
R2 FastObjects Server 11.0; D:\Programme\ADDISON\FastObjectsServer.exe [509440 2011-01-19] (Versant Corporation) [Datei ist nicht signiert]
R3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [Datei ist nicht signiert]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [838528 2009-08-04] (Trend Micro Inc.)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-08-04] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-08-04] (Trend Micro Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-02] () [Datei ist nicht signiert] <==== ACHTUNG
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
R3 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42000 2009-08-04] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-08-04] (Trend Micro Inc.)
R3 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [258064 2009-08-04] (Trend Micro Inc.)
R3 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1883152 2009-08-04] (Trend Micro Inc.)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf; kein ImagePath
U3 tmwfp; kein ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-14 23:50 - 2015-10-14 23:50 - 00000000 ____D C:\Users\XXXXXXXX\Downloads\FRST-OlderVersion
2015-10-14 23:48 - 2015-10-14 23:49 - 00000478 _____ C:\Users\XXXXXXXX\Downloads\defogger_disable.log
2015-10-14 23:48 - 2015-10-14 23:48 - 00050477 ____N C:\Users\XXXXXXXX\Downloads\Defogger.exe
2015-10-14 23:48 - 2015-10-14 23:48 - 00000000 _____ C:\Users\XXXXXXXX\defogger_reenable
2015-10-09 00:59 - 2015-10-08 10:46 - 02870984 _____ (ESET) C:\Users\XXXXXXXX\Desktop\esetsmartinstaller_deu.exe
2015-10-09 00:59 - 2015-10-08 10:40 - 01798976 _____ (Malwarebytes) C:\Users\XXXXXXXX\Desktop\JRT.exe
2015-10-09 00:24 - 2015-10-09 00:45 - 00041015 _____ C:\Users\XXXXXXXX\Downloads\Addition.txt
2015-10-09 00:22 - 2015-10-14 23:58 - 00019340 _____ C:\Users\XXXXXXXX\Downloads\FRST.txt
2015-10-09 00:21 - 2015-10-14 23:59 - 00000000 ____D C:\FRST
2015-10-09 00:20 - 2015-10-14 23:50 - 02196992 _____ (Farbar) C:\Users\XXXXXXXX\Downloads\FRST64.exe
2015-10-08 23:51 - 2015-10-08 23:51 - 00001259 _____ C:\Users\XXXXXXXX\Desktop\JRT.txt
2015-10-08 22:48 - 2015-10-08 23:22 - 00000000 ____D C:\AdwCleaner
2015-10-04 18:41 - 2015-10-04 18:42 - 36282350 _____ C:\Users\XXXXXXXX\Downloads\install_flash_player_19 (1).zip
2015-10-04 18:19 - 2015-10-04 18:42 - 00000000 ____D C:\Users\XXXXXXXX\Downloads\install_flash_player_19
2015-10-04 18:17 - 2015-10-04 18:19 - 36282350 _____ C:\Users\XXXXXXXX\Downloads\install_flash_player_19.zip
2015-10-04 18:11 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-10-04 18:11 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-10-04 18:11 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-10-04 18:11 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-10-04 18:10 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-04 18:10 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-04 18:10 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-04 18:10 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-04 18:10 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-04 18:10 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-04 18:10 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-04 18:10 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-04 18:10 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-04 18:10 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-04 18:10 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-04 18:10 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-04 18:10 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-04 18:10 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-04 18:10 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-04 18:10 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-04 18:10 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-04 18:10 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-04 18:10 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-04 18:10 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-04 18:10 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-04 18:09 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-04 18:09 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-04 18:09 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-04 18:09 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-04 18:09 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-04 18:09 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-04 18:09 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-04 18:09 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-04 18:09 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-04 18:09 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-04 18:09 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-04 18:09 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-04 18:09 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-04 18:09 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-04 18:09 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-04 18:09 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-04 18:09 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-04 18:09 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-04 18:09 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-04 18:09 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-04 18:09 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-04 18:09 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-04 18:09 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-04 18:09 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-04 18:09 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-04 18:09 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-04 18:09 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-04 18:09 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-04 18:09 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-04 18:09 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-04 18:09 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-04 18:09 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-04 18:09 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-04 18:09 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-04 18:09 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-04 18:09 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-04 18:09 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-04 18:09 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-04 18:09 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-04 18:08 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-04 18:08 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-10-04 18:00 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-10-04 18:00 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-10-04 18:00 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-04 17:59 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-04 17:54 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-10-04 17:54 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-10-04 17:54 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-10-04 17:54 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-10-03 13:47 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-03 13:47 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-03 13:47 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-03 13:47 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-03 13:47 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-03 13:47 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-03 13:47 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-03 13:47 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-03 13:47 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-03 13:47 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-03 13:47 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-03 13:47 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-03 13:47 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-03 13:47 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-03 13:47 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-03 13:47 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-03 13:47 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-03 13:47 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-03 13:47 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-03 13:47 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-03 13:47 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-03 13:47 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-03 13:47 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-03 13:47 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-03 13:47 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-03 13:47 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-03 13:47 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-03 13:47 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-03 13:47 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-03 13:47 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-10-03 13:47 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-03 13:47 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-03 13:47 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-03 13:47 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-03 13:47 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-03 13:47 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-03 13:47 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-03 13:45 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-03 13:45 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-03 13:45 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-10-03 13:45 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-10-03 13:45 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-03 13:45 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-03 13:45 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-10-03 13:45 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-10-03 13:45 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-03 13:45 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-03 13:45 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-03 13:45 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-03 13:45 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-03 13:45 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-03 13:45 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-03 13:45 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-03 13:44 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-03 13:43 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-10-03 13:43 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-03 13:43 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-10-03 13:43 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-10-03 13:43 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-10-03 13:43 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-03 13:43 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-10-03 13:43 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-10-03 13:43 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-03 13:43 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-03 13:43 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-03 13:42 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-03 13:42 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-03 13:42 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-03 13:42 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-03 13:42 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-03 13:42 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-03 13:42 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-03 13:42 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-03 13:42 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-03 13:42 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-03 09:45 - 2015-10-03 09:45 - 00000000 ____D C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-03 09:37 - 2015-10-03 09:37 - 00000000 ____D C:\Windows\system32\emi
2015-10-03 09:36 - 2015-10-03 09:37 - 00000000 ____D C:\Windows\TEMPfolder
2015-09-15 23:38 - 2015-09-15 23:38 - 00007605 _____ C:\Users\XXXXXXXX\AppData\Local\Resmon.ResmonCfg
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-15 00:01 - 2014-09-17 23:36 - 00000856 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2015-10-15 00:01 - 2010-08-16 17:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 00:00 - 2010-01-06 19:17 - 00000856 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2015-10-14 23:56 - 2010-01-06 18:43 - 01221402 _____ C:\Windows\WindowsUpdate.log
2015-10-14 23:55 - 2013-11-18 23:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-14 23:48 - 2010-01-06 18:49 - 00000000 ____D C:\Users\XXXXXXXX
2015-10-14 23:09 - 2015-06-16 23:29 - 00001236 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1404696492-121838758-2073707362-1000UA.job
2015-10-14 22:58 - 2009-07-14 06:45 - 00026528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 22:58 - 2009-07-14 06:45 - 00026528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 22:51 - 2010-01-06 19:08 - 00003072 _____ C:\Windows\System32\Tasks\ACMON
2015-10-14 22:51 - 2010-01-06 19:08 - 00003006 _____ C:\Windows\System32\Tasks\ASUS Live Update
2015-10-14 22:51 - 2010-01-06 19:06 - 00003094 _____ C:\Windows\System32\Tasks\WC3
2015-10-14 22:49 - 2010-08-16 17:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 22:48 - 2010-01-06 19:14 - 00000069 _____ C:\Windows\system32\BootTime.ini
2015-10-14 22:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 22:48 - 2009-07-14 06:51 - 00167713 _____ C:\Windows\setupact.log
2015-10-08 23:33 - 2010-01-06 21:57 - 00000000 ____D C:\Users\ADDISON Service
2015-10-08 23:22 - 2014-01-20 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-08 23:22 - 2010-04-28 22:17 - 00028553 _____ C:\Windows\TMFilter.log
2015-10-08 21:41 - 2009-07-14 19:58 - 00714458 _____ C:\Windows\system32\perfh007.dat
2015-10-08 21:41 - 2009-07-14 19:58 - 00154510 _____ C:\Windows\system32\perfc007.dat
2015-10-08 21:41 - 2009-07-14 07:13 - 01649592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-08 21:11 - 2015-04-12 15:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-08 21:11 - 2015-04-12 15:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 22:28 - 2014-09-05 19:22 - 00000000 ____D C:\Users\XXXXXXXX\AppData\Local\SWDS
2015-10-07 21:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-05 16:03 - 2009-07-14 06:45 - 00306224 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 15:58 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-05 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-05 15:12 - 2013-08-04 13:21 - 00000000 ____D C:\Windows\system32\MRT
2015-10-05 15:05 - 2010-01-06 20:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-05 14:20 - 2013-10-19 20:58 - 00000000 ___RD C:\Users\XXXXXXXX\Dropbox
2015-10-05 14:20 - 2013-09-26 19:11 - 00000000 ____D C:\Users\XXXXXXXX\AppData\Roaming\Dropbox
2015-10-05 14:16 - 2010-01-06 19:14 - 00000080 _____ C:\Windows\system32\Defrag.ini
2015-10-03 13:08 - 2015-06-16 23:29 - 00001184 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1404696492-121838758-2073707362-1000Core.job
2015-10-03 12:01 - 2013-11-18 23:11 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-03 12:01 - 2012-06-08 19:13 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-03 12:01 - 2011-05-21 15:27 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-03 10:27 - 2013-03-05 20:15 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-03 09:57 - 2010-08-16 17:15 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-03 09:56 - 2010-08-16 17:15 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-03 09:54 - 2010-08-16 17:08 - 00000000 ____D C:\Users\XXXXXXXX\AppData\Local\Google
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-08-04 14:23 - 2013-08-04 14:22 - 0021494 _____ () C:\Program Files\0x0409.ini
2013-08-04 14:23 - 2013-08-04 14:22 - 0003584 _____ () C:\Program Files\1033.MST
2013-08-04 14:23 - 2013-08-04 14:22 - 69731840 _____ () C:\Program Files\Samsung Kies.msi
2007-06-12 10:34 - 2007-06-12 10:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 09:35 - 2008-05-22 09:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 11:31 - 2009-04-08 11:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-11 22:45 - 2008-08-11 22:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2013-04-15 22:13 - 2015-06-19 10:42 - 0000600 _____ () C:\Users\XXXXXXXX\AppData\Local\PUTTY.RND
2015-09-15 23:38 - 2015-09-15 23:38 - 0007605 _____ () C:\Users\XXXXXXXX\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
C:\Users\XXXXXXXX\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4cjlho.dll
C:\Users\XXXXXXXX\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk5jpcw.dll
C:\Users\XXXXXXXX\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\XXXXXXXX\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll FEHLT <==== ACHTUNG
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-03-16 23:51
==================== Ende von FRST.txt ============================
--- --- ---
Addition
FRST Additions Logfile: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
durchgeführt von XXXXXXXX (2015-10-15 00:01:36)
Gestartet von C:\Users\XXXXXXXX\Downloads
Windows 7 Professional Service Pack 1 (X64) (2010-01-06 16:49:03)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
ADDISON Service (S-1-5-21-1404696492-121838758-2073707362-1001 - Administrator - Enabled) => C:\Users\ADDISON Service
Administrator (S-1-5-21-1404696492-121838758-2073707362-500 - Administrator - Disabled)
XXXXXXXX (S-1-5-21-1404696492-121838758-2073707362-1000 - Administrator - Enabled) => C:\Users\XXXXXXXX
Gast (S-1-5-21-1404696492-121838758-2073707362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1404696492-121838758-2073707362-1003 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Trend Micro Internet Security (Enabled - Out of date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Trend Micro Internet Security (Enabled - Out of date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
AddExcel2007 (HKLM-x32\...\{409A5B89-0C37-4E72-98A0-021C89F1654D}) (Version: 1.7.2 - ADDISON Software und Service GmbH)
ADDISON Connect (HKLM-x32\...\AConnect) (Version: - ADDISON Software und Service GmbH)
ADDISON Installer Server (HKLM-x32\...\ADDISON Installer Server) (Version: 1.1 - ADDISON Software und Service GmbH)
ADDISON Kassenbuch 2.1 (HKLM-x32\...\KASSBUCH) (Version: 2.1 - ADDISON Software und Service GmbH)
ADDISON Scheduler Server (HKLM-x32\...\AScheduler) (Version: - ADDISON Software und Service GmbH)
ADDISON Software 9.10 (HKLM-x32\...\ZMIS) (Version: 9.10 - ADDISON Software und Service GmbH)
ADDISON Update Server (HKLM-x32\...\ADDISON Update Server) (Version: 1.1 - ADDISON Software und Service GmbH)
AddWord2007 (HKLM-x32\...\{FDA6E406-E2C6-4902-B8C6-30D5006C6BDE}) (Version: 1.7.2 - ADDISON Software und Service GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
AMD USB Filter Driver (HKLM-x32\...\{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}) (Version: 1.0.13.88 - Advanced Micro Devices, Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.5 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
Asus_Camera_ScreenSaver (HKLM-x32\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
ATI Catalyst Install Manager (HKLM\...\{4BDE1305-35D5-56F3-8B91-5BF29A8DB939}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0005 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
BudRedhead (HKLM-x32\...\BudRedhead) (Version: - )
ccc-core-static (x32 Version: 2009.0625.1812.30825 - Ihr Firmenname) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
Crystalix (HKLM-x32\...\Crystalix) (Version: - )
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.1924 - CyberLink Corp.)
Data Doctor Recovery - SIM Card (Demo) (HKLM-x32\...\Data Doctor Recovery - SIM Card (Demo)) (Version: 5.3.1.2 - Pro Data Doctor Pvt. Ltd.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: - )
Dropbox (HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
ETDWare PS/2-x64 7.0.5.5_WHQL (HKLM\...\Elantech) (Version: - )
everpixx 6.2 (HKLM-x32\...\{592ED299-14EF-4C0F-92B4-B62E7CD5A2BE}_is1) (Version: - everpixx)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.2 - ASUS)
FIFA 2001 (HKLM-x32\...\{C640CAE0-8024-11D4-0090-B700902724B3}) (Version: - )
FILSHtray Version 0.11 (HKLM-x32\...\{5928359F-BF46-4646-BF19-B64E55171EB5}_is1) (Version: 0.11 - FILSH Media GmbH)
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Juniper Networks Host Checker (HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\Neoteris_Host_Checker) (Version: 7.3.1.21949 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\Juniper_Setup_Client) (Version: 7.3.1.26369 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Meine CEWE FOTOWELT Postversand (HKLM-x32\...\Meine CEWE FOTOWELT Postversand) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NB Probe (HKLM-x32\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
NeoBall (HKLM-x32\...\NeoBall) (Version: - )
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0017 - ASUS)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Smilebox (HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - Ihr Firmenname)
STRIKE FX GAMEPAD (HKLM-x32\...\{BCE5AA19-FE65-43C5-B021-BEF78A9358CE}) (Version: 1.00.0000 - MyPower)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 17.50 - Trend Micro Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1404696492-121838758-2073707362-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
16-09-2015 01:01:48 Windows Update
05-10-2015 14:24:56 Windows Update
07-10-2015 17:22:16 Windows Update
08-10-2015 21:10:49 Windows Update
08-10-2015 23:40:23 JRT Pre-Junkware Removal
14-10-2015 23:37:35 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-09-02 18:46 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00967E1A-B5E5-49BE-807E-327B935EB21B} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-03] ()
Task: {00FF5B7F-6EDE-46BC-9D8A-0DF4E0302622} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {03CB31CF-68A1-4C06-9030-96455BA1B6A0} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {0C60F5F6-D039-4691-B94B-869DB2B16624} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2015-01-12] (1&1 Mail & Media GmbH)
Task: {0CFD940E-3B13-475A-B877-78C1559A5CD8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1C8DB418-F998-4967-BBE3-0A82DC042B43} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1404696492-121838758-2073707362-1000UA => C:\Users\XXXXXXXX\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {222281FE-BD0D-47D7-A22A-A15FA81E2F6F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1404696492-121838758-2073707362-1000Core => C:\Users\XXXXXXXX\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {2E04D60F-1678-4E81-B81D-F9203AF432C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {4748824B-C7E7-4E53-A8B8-E7B14C35F9EB} - System32\Tasks\PresentationSettingsTurnOff_XXXXXXXX-PC_XXXXXXXX => C:\Windows\system32\PresentationSettings.exe [2010-11-20] (Microsoft Corporation)
Task: {59E86B3A-6643-455F-AA81-6668D00E8E37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-03] (Adobe Systems Incorporated)
Task: {5F6656FF-6093-43ED-A81A-A9BCCE7A8238} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-07-28] (ATK)
Task: {B6857A36-75BA-42B4-820E-6D5B1E69A4CC} - \AdobeFlashPlayerUpdate -> Keine Datei <==== ACHTUNG
Task: {BF069B89-A59D-4AC5-A1D0-EFCA21777DA9} - \AdobeFlashPlayerUpdate 2 -> Keine Datei <==== ACHTUNG
Task: {CAA54240-6B42-4E62-8583-ECE235220518} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-15] ()
Task: {CBA8F26F-71A0-45C7-8C27-55567F8165EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {CC4634F9-4CE2-4A95-9A0E-C9F0DF9AF524} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1404696492-121838758-2073707362-1000Core.job => C:\Users\XXXXXXXX\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1404696492-121838758-2073707362-1000UA.job => C:\Users\XXXXXXXX\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2010-01-06 19:14 - 2009-09-03 18:59 - 00274560 _____ () C:\Windows\system32\GetBootTime.dll
2010-01-06 18:59 - 2007-08-08 01:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2009-08-05 02:09 - 2009-08-05 02:09 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2013-09-02 09:10 - 2013-09-02 09:10 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2007-06-15 11:28 - 2007-06-15 11:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 17:52 - 2007-06-01 17:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-09-03 11:33 - 2009-09-03 11:33 - 00054400 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-05-05 11:00 - 2009-05-05 11:00 - 00041472 _____ () C:\Program Files\P4G\DevMng.dll
2009-07-27 11:12 - 2009-07-27 11:12 - 00026624 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-06 18:59 - 2007-03-09 19:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2010-01-06 19:09 - 2007-08-03 13:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-10-01 00:02 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-06 19:08 - 2007-11-30 12:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-15 18:34 - 2009-09-15 18:34 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2015-10-14 22:51 - 2015-10-14 22:51 - 00071168 _____ () c:\users\XXXXXXXX\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk5jpcw.dll
2010-01-06 19:09 - 2007-09-14 11:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2010-01-06 19:09 - 2003-11-28 03:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2010-01-06 19:09 - 2005-08-29 16:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2010-01-06 19:09 - 2003-09-09 17:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2010-01-06 19:09 - 2006-04-04 11:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2010-01-06 19:09 - 2005-04-07 20:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 14:59 - 2007-08-14 14:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-07-18 20:52 - 2008-07-18 20:52 - 00649704 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2008-06-09 10:55 - 2008-06-09 10:55 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-10-03 10:24 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-03 10:24 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1404696492-121838758-2073707362-1000\...\postbank.de -> hxxps://portal.postbank.de
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1404696492-121838758-2073707362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^Users^XXXXXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Camera ScreenSaver => C:\Windows\AsScrProlog.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: FILSHtray => "C:\Program Files (x86)\FILSHtray\FILSHtray.exe"
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\XXXXXXXX\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MailCheck IE Broker => "C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe"
MSCONFIG\startupreg: P2Go_Menu => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: SmileboxTray => "C:\Users\XXXXXXXX\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{5472FA91-0867-4A4B-8F45-5230F12DC389}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{61DC16B1-6D86-4774-AE40-46F5FD92B12A}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{16607BF5-AE63-4F8A-803C-1179C187A0EA}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{EB3C3B1A-E686-46B1-BEB6-830449B86957}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{242691F9-0D4B-434E-9DED-2796C2442E79}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{8CCE0FDC-8A1F-451F-AA9D-F76806E23D66}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{B539E816-986F-4E9B-943C-358ABB7135C1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D9AEABD0-B0B7-44C6-BD4D-72F40112F19D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{A3F4963B-EBEC-4FB7-8330-5951C44F9C87}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{07E748FE-A5AD-46F4-BF63-7476E5CC88B7}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [{91667433-7E1C-4701-9343-4181DF2CE680}] => (Allow) C:\Users\XXXXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOCB9Y7X\PCPerformerSetup.exe
FirewallRules: [{74CD62AA-61A2-434E-B425-5EC3CF7922B3}] => (Allow) C:\Users\XXXXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOCB9Y7X\PCPerformerSetup.exe
FirewallRules: [{8DF2578C-B004-4EAA-B38C-CA64AA661524}] => (Allow) C:\Users\XXXXXXXX\AppData\Local\Temp\ibtmp3f6c444\component_442.decrpt
FirewallRules: [{DBA67194-9244-4502-A192-03B50BFE3707}] => (Allow) C:\Users\XXXXXXXX\AppData\Local\Temp\ibtmp3f6c444\component_442.decrpt
FirewallRules: [{625E413E-E22F-4C58-A0AD-6615E6FED30D}] => (Allow) C:\Users\XXXXXXXX\AppData\Local\Temp\ibtmp3f6c444\component_358.decrpt
FirewallRules: [{8FC00079-5709-4FC6-A034-5C31CF15214B}] => (Allow) C:\Users\XXXXXXXX\AppData\Local\Temp\ibtmp3f6c444\component_358.decrpt
FirewallRules: [{B86000BC-5258-4420-AF36-98D1D4D25739}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{36B8C48A-5EB5-4424-AC39-6FFD6DFF5CBE}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{844D0F72-5CE2-4918-BECF-50A141E88CB2}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{5D4CA395-4D67-4773-93EB-479FE957234A}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{A943D58D-620F-4C81-887D-6351E1C73DE7}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{D617B3BF-E8EF-4EFA-BAD7-4FDB3B477971}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{B259FF57-6A35-4D5B-A72A-44FEB952BB0C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{73556517-EAF1-498D-AAE2-B2A9E4D37082}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EEC3312F-4516-4238-B8C6-629C3C88C867}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{C3DE1852-8ED3-44B2-9E37-71816AC1EB26}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{A78C9D0A-BF76-4144-81EB-FF5CA9EE7BE0}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{41DA2BB7-A1DD-46A3-9DD7-814E1520B5FB}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1B8D0A10-5263-44E6-A1D5-1A2CCF7D5CFA}] => (Allow) C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E0057DE9-FB4C-4392-AEBA-5FBA989713B7}] => (Allow) C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{97C0BA80-D6C3-4452-98AA-4FA946AC4735}C:\users\XXXXXXXX\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\XXXXXXXX\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4776511A-33F0-4683-8B75-AEE95F20C4B8}C:\users\XXXXXXXX\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\XXXXXXXX\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{70D3EADC-C5A9-4498-919A-EDC0C6D12159}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/14/2015 10:50:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (10/09/2015 12:59:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (10/09/2015 12:59:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (10/09/2015 12:58:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (10/08/2015 10:31:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (10/07/2015 05:36:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 45.0.2454.101 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a88
Startzeit: 01d10113bbc6817f
Endzeit: 68
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: fcb02b6d-6d08-11e5-a2b0-e0cb4e2e1b14
Error: (10/05/2015 05:43:26 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile Microsoft.GroupPolicy.Interop, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86 because of the following error: Zugriff verweigert (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
Error: (10/04/2015 06:48:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1eb0
Startzeit: 01d0fec0b4734502
Endzeit: 52
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: c14675bb-6ab7-11e5-b385-e0cb4e2e1b14
Error: (10/03/2015 09:54:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17937 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b48
Startzeit: 01d0fdb0486f12c0
Endzeit: 125
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (10/03/2015 09:52:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17937 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3a4
Startzeit: 01d0fdafd7b5a91e
Endzeit: 780
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Systemfehler:
=============
Error: (10/14/2015 11:17:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (10/14/2015 10:52:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Schedule erreicht.
Error: (10/09/2015 12:09:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (10/08/2015 11:44:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/08/2015 11:42:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/08/2015 11:42:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/08/2015 11:42:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "spmgr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2015 11:42:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2015 11:42:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ADSM Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2015 11:42:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Tor Win32 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) II Dual-Core M300
Prozentuale Nutzung des RAM: 66%
Installierter physikalischer RAM: 4095.12 MB
Verfügbarer physikalischer RAM: 1391.52 MB
Summe virtueller Speicher: 8188.44 MB
Verfügbarer virtueller Speicher: 5976.78 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:47.44 GB) NTFS
Drive d: () (Fixed) (Total:190.67 GB) (Free:182.88 GB) NTFS
Drive e: (SCHENKDIGITAL) (CDROM) (Total:1.23 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=190.7 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
--- --- ---
Gmer
GMER Logfile: Code:
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2015-10-15 01:11:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005e ST932032 rev.0002 298,09GB
Running: gmer.exe; Driver: C:\Users\XXXXXXXX\AppData\Local\Temp\uwldqkod.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077cf1401 2 bytes JMP 75efb20b C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077cf1419 2 bytes JMP 75efb336 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077cf1431 2 bytes JMP 75f78f39 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000077cf144a 2 bytes CALL 75ed4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000077cf14dd 2 bytes JMP 75f78832 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077cf14f5 2 bytes JMP 75f78a08 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000077cf150d 2 bytes JMP 75f78728 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077cf1525 2 bytes JMP 75f78af2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000077cf153d 2 bytes JMP 75eefc98 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077cf1555 2 bytes JMP 75ef68df C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000077cf156d 2 bytes JMP 75f78ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077cf1585 2 bytes JMP 75f78b52 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000077cf159d 2 bytes JMP 75f786ec C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000077cf15b5 2 bytes JMP 75eefd31 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000077cf15cd 2 bytes JMP 75efb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000077cf16b2 2 bytes JMP 75f78eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3712] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000077cf16bd 2 bytes JMP 75f78681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cf1401 2 bytes JMP 75efb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cf1419 2 bytes JMP 75efb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cf1431 2 bytes JMP 75f78f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cf144a 2 bytes CALL 75ed4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cf14dd 2 bytes JMP 75f78832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cf14f5 2 bytes JMP 75f78a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cf150d 2 bytes JMP 75f78728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cf1525 2 bytes JMP 75f78af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cf153d 2 bytes JMP 75eefc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cf1555 2 bytes JMP 75ef68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cf156d 2 bytes JMP 75f78ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cf1585 2 bytes JMP 75f78b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cf159d 2 bytes JMP 75f786ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cf15b5 2 bytes JMP 75eefd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cf15cd 2 bytes JMP 75efb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cf16b2 2 bytes JMP 75f78eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cf16bd 2 bytes JMP 75f78681 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B21F6AF6-52E3-4BF0-AFC0-2105B2B86403}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [796] (Microsoft Malware Protection Engine/Microsoft Corporation(2015-10-14 21:38:58) 000007feec420000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2252] 000007fef7930000
Process C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 00000000008a0000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\MSVCR120.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2015-09-13 10:25:03) 0000000075080000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\PYTHON27.DLL (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 000000001e000000
Library c:\users\XXXXXXXX\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk5jpcw.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 000000006b680000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 0000000068e90000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\icuin55.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 000000004a900000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\icuuc55.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 0000000005210000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\icudt55.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 00000000675d0000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\MSVCP120.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2015-09-13 10:25:03) 000000006bd10000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 0000000066390000
Library C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] 0000000065f50000
Library \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3284] (Individualized Black Box DLL/Microsoft Corporation SIGNED)(2010-10-30 08:16:31) 000000000ac00000
Process C:\Users\XXXXXXXX\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe (*** suspicious ***) @ C:\Users\XXXXXXXX\AppData\Local\Temp\Temp1_gmer_2.1.19355.zip\gmer.exe [3380](2014-01-21 19:56:24) 0000000000400000
---- EOF - GMER 2.1 ----
--- --- --- |
So funktioniert es:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop