| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ständig öffnen sich neue Internet-FensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2015, 22:55
| #31 |
 |  Ständig öffnen sich neue Internet-Fenster Hallo Schrauber, hier das gewünschte Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-08-2015
durchgeführt von SYSTEM (2015-09-03 23:49:31) Run:4
Gestartet von D:\Dokumente\Diverses\FRST
Start-Modus: Recovery
==============================================
fixlist Inhalt:
*****************
HKLM\...\Run: [gpuminer] => C:\Users\Markus Radosztics\AppData\Roaming\cpuminer\sgminer\sgminer.cmd [218 2015-08-17] ()
C:\Users\Markus Radosztics\AppData\Roaming\cpuminer
HKU\Markus Radosztics\...\Run: [Shop-wit] => C:\Program Files (x86)\shopwit\shopwit\1.4.0.7\shopwit.exe
HKU\Markus Radosztics\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe
C:\Program Files (x86)\shopwit
C:\Program Files (x86)\baidu
AppInit_DLLs: C:\ProgramData\Saophase\StrongDubflex.dll => C:\ProgramData\Saophase\StrongDubflex.dll [212992 2015-08-27] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Alphawarm.dll => C:\ProgramData\Saophase\Alphawarm.dll [194560 2015-08-27] ()
C:\ProgramData\Saophase
S2 dojoluri; C:\Program Files (x86)\00000000-1440101150-0000-0000-448A5BA07B78\knsb4C96.tmp [X]
S2 eproduct; C:\Users\Markus Radosztics\AppData\Local\Salttex.exe uydate eproduct [X]
S2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [X]
S2 hyverumu; C:\Program Files (x86)\00000000-1440101150-0000-0000-448A5BA07B78\jnsiE347.tmp [X]
S2 igfx32; "C:\Program Files\igfx32\igfx32.exe" /s iid=2679535 did=Missing sid= ref= id=047e6a478a9cd5449350448a9fe4f569a5544d0a771fdc73cd2034f9b95a9549 [X]
S2 kefowydy; C:\Program Files (x86)\00000000-1440101150-0000-0000-448A5BA07B78\hnsf344.tmp [X]
S2 Saophase; C:\ProgramData\Saophase\Saophase.exe [X]
S2 Service Mgr GreatFind; "C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe" [X]
S2 Update Mgr GreatFind; "C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WWinManProW\ProtectWindowsManager.exe -service [X] <==== ACHTUNG
S1 {092386fb-9faf-4d52-817c-d4095ab6e5cd}Gw64; C:\Windows\System32\drivers\{092386fb-9faf-4d52-817c-d4095ab6e5cd}Gw64.sys [48784 2015-08-19] (StdLib)
S1 {8b8ff336-6f1d-48e8-bf3a-a8cbaafdd963}Gw64; C:\Windows\System32\drivers\{8b8ff336-6f1d-48e8-bf3a-a8cbaafdd963}Gw64.sys [48784 2015-08-20] (StdLib)
S1 {987371d1-e860-4e27-ba6a-35575fd33b7c}Gw64; C:\Windows\System32\drivers\{987371d1-e860-4e27-ba6a-35575fd33b7c}Gw64.sys [48784 2015-08-20] (StdLib)
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gpuminer => Wert erfolgreich entfernt
C:\Users\Markus Radosztics\AppData\Roaming\cpuminer => erfolgreich verschoben
HKU\Markus Radosztics\Software\Microsoft\Windows\CurrentVersion\Run\\Shop-wit => Wert erfolgreich entfernt
HKU\Markus Radosztics\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => Wert erfolgreich entfernt
"C:\Program Files (x86)\shopwit" => Datei/Ordner nicht gefunden.
"C:\Program Files (x86)\baidu" => Datei/Ordner nicht gefunden.
"C:\ProgramData\Saophase\StrongDubflex.dll" => Wert Daten erfolgreich entfernt.
"C:\ProgramData\Saophase\Alphawarm.dll" => Wert Daten erfolgreich entfernt.
C:\ProgramData\Saophase => erfolgreich verschoben
dojoluri => Dienst erfolgreich entfernt
eproduct => Dienst erfolgreich entfernt
ExtTag => Dienst erfolgreich entfernt
hyverumu => Dienst erfolgreich entfernt
igfx32 => Dienst erfolgreich entfernt
kefowydy => Dienst erfolgreich entfernt
Saophase => Dienst erfolgreich entfernt
Service Mgr GreatFind => Dienst erfolgreich entfernt
Update Mgr GreatFind => Dienst erfolgreich entfernt
WindowsMangerProtect => Dienst erfolgreich entfernt
{092386fb-9faf-4d52-817c-d4095ab6e5cd}Gw64 => Dienst erfolgreich entfernt
{8b8ff336-6f1d-48e8-bf3a-a8cbaafdd963}Gw64 => Dienst erfolgreich entfernt
{987371d1-e860-4e27-ba6a-35575fd33b7c}Gw64 => Dienst erfolgreich entfernt
==== Ende von Fixlog 23:49:31 ====
|
|
04.09.2015, 18:39
| #32 |
| /// the machine /// TB-Ausbilder    | Ständig öffnen sich neue Internet-Fenster Sehr schön. Jetzt bitte nochmal ein FRST Scanlog aus dem normalem Modus.
__________________
__________________ |
|
04.09.2015, 19:50
| #33 |
| | Ständig öffnen sich neue Internet-Fenster Hallo Schrauber,
__________________hier das Ergebnis des Scans im Normal-Modus: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
durchgeführt von Markus Radosztics (Administrator) auf WAUT0001 (04-09-2015 20:48:41)
Gestartet von C:\Users\Markus Radosztics\Downloads
Geladene Profile: Markus Radosztics (Verfügbare Profile: Markus Radosztics)
Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Abengine) C:\Program Files (x86)\FastSearch\acengine.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(XTab system) C:\Program Files (x86)\MiniLite\ProtectService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMUsbGuard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Valve Corporation) D:\Games\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Valve Corporation) D:\Games\bin\steamwebhelper.exe
(Dropbox, Inc.) C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragBackend64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => "D:\Programme\iTunesHelper.exe"
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [A1Servicecenter] => C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Launcher.exe [11467864 2015-05-27] (A1)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTRAY.EXE [355296 2015-08-20] (Tencent)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-12] (Voobly)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Steam] => D:\Games\Steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Dropbox Update] => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [OneDrive] => C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [GoogleChromeAutoLaunch_FEA560871AAA9104DF8D8385F4A465BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240 2015-08-28] (Google Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMGCShellExt64.dll [2015-08-20] (Tencent)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-01-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-18]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Winsock: Catalog9 01 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 16 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\..\Interfaces\{0FFDF7C3-8718-450E-A4A2-9C59BD350F78}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{DD37C3EA-4E32-4412-AC18-EA239FC6029F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSWebMon64.dat [2015-08-20] (Tencent)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Great Find -> {1cc2bb80-20ab-43e5-b958-432d72b546ca} -> C:\Program Files (x86)\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: af0.Adblock.BHO -> {90EFF544-3981-4d46-85C9-C0361D0931D6} -> C:\Windows\SysWOW64\mscoree.dll [2012-06-02] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1440141856&z=3fbd779b7c5a732cb4abd88gbz6zbeag3zcg1mawec&from=cmi&uid=SamsungXSSDX840XEVOX120GB_S1D5NEAD869028B
FireFox:
========
FF ProfilePath: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: mystartsearch
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\npQMExtensionsMozilla.dll [2015-08-20] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Markus Radosztics\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll Keine Datei
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-21] ()
FF user.js: detected! => C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\user.js [2015-08-22]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\findit.xml [2015-08-27]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\istartsurf.xml [2015-08-21]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\mystartsearch.xml [2015-08-23]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\search-provided-by-yahoo.xml [2015-08-20]
FF Extension: Default SearchProtected - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\defsearchp@gmail.com [2015-08-19]
FF Extension: deskCut - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\deskCutv2@gmail.com [2015-08-19]
FF Extension: A1 Servicecenter - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{594657B4-413A-41D0-8F85-A6D3F35C9BDF} [2015-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-06]
FF Extension: "Download Touch - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\@73ABDD53B667F486D5ACC6A263CED1CC73AB.xpi [2015-08-20]
FF Extension: Great Find - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{0a4ee680-ecac-4e89-b625-5139f7130e30}.xpi [2015-08-22]
FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-30]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\extensions\deskCutv2@gmail.com
FF HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\73ABDD53B667F486D5ACC6A263CED1CC73AB.js [2015-08-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> "url":"hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPq5njNUqi6JvXMApaBQy6dI7-zBLqJIwww8hbEZ_D2j-OfsnCYPRYpkjrKE0B6yddsyE0qCPGUtnzlvUJHWwB8uTvqEfg2JNQtn_CDHx1mxfkAnrWbsqitrPXz1eUg1EbqJin5hfsghxsvq7&q={searchTerms}"
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 acengine; C:\Program Files (x86)\FastSearch\acengine.exe [1839728 2015-08-11] (Abengine) [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 Hamachi2Svc; D:\Games\LogMeIn Hamachi\hamachi-2.exe [2545512 2015-08-03] (LogMeIn Inc.)
R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [129688 2015-08-20] (XTab system)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [1931632 2015-05-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-23] ()
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe [297608 2015-08-20] (Tencent)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-21] (Beijing Rising Information Technology Co., Ltd.)
S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TAOFrame.exe [293856 2015-08-20] (Tencent)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 acwfp; C:\Windows\system32\Drivers\acwfp64.sys [45784 2015-08-13] (Abengine)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-27] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMUdisk64.sys [62264 2015-08-20] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQSysMonX64.sys [138040 2015-08-20] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2015-08-20] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2015-08-20] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-08-20] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TS888x64.sys [28984 2015-09-04] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSDefenseBT64.sys [28472 2015-08-20] (Tencent)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSSysKit64.sys [87352 2015-08-20] (电脑管家)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S1 rrfd_vw_1_10_0_22; system32\drivers\rrfd_vw_1_10_0_22.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-04 09:19 - 2015-09-04 09:19 - 00861968 _____ C:\Windows\Minidump\090415-13125-01.dmp
2015-09-03 23:31 - 2015-09-03 23:31 - 00002123 _____ C:\Users\Markus Radosztics\Downloads\Fixlist.txt
2015-09-03 20:41 - 2015-09-03 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-03 20:41 - 2015-09-03 20:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-01 12:08 - 2015-09-01 12:08 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 08:21 - 2015-08-31 08:21 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-08-27 23:37 - 2015-08-27 23:37 - 00003248 _____ C:\Windows\System32\Tasks\uydate
2015-08-27 12:52 - 2015-08-27 12:52 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\ypiub0mz.exe
2015-08-27 12:52 - 2015-08-27 12:52 - 00000000 ____D C:\ProgramData\Saophases
2015-08-27 12:36 - 2015-08-27 12:36 - 00003156 _____ C:\Windows\System32\Tasks\r4v4x4kf
2015-08-27 12:36 - 2015-08-27 12:36 - 00000000 ____D C:\Program Files\Common Files\vkwznlph
2015-08-25 00:40 - 2015-08-25 00:40 - 00003156 _____ C:\Windows\System32\Tasks\kajl01mh
2015-08-25 00:40 - 2015-08-25 00:40 - 00000000 ____D C:\Program Files\Common Files\r5lybh4n
2015-08-23 14:58 - 2015-08-27 12:52 - 00002265 _____ C:\Users\Markus Radosztics\Desktop\Google Chrome.lnk
2015-08-23 14:58 - 2015-08-23 14:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 14:56 - 2015-08-23 14:56 - 00931408 _____ (Google Inc.) C:\Users\Markus Radosztics\Downloads\ChromeSetup.exe
2015-08-23 14:33 - 2015-08-23 14:33 - 01260832 _____ C:\Users\Markus Radosztics\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-08-23 14:04 - 2015-09-04 20:48 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\FRST-OlderVersion
2015-08-23 14:01 - 2015-09-04 20:48 - 00037596 _____ C:\Users\Markus Radosztics\Downloads\FRST.txt
2015-08-23 14:01 - 2015-08-23 14:02 - 00081428 _____ C:\Users\Markus Radosztics\Downloads\Addition.txt
2015-08-23 14:00 - 2015-08-23 14:00 - 00018325 _____ C:\Users\Markus Radosztics\Desktop\Fixlist.txt
2015-08-23 12:05 - 2015-09-04 20:35 - 00000320 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2015-08-23 12:05 - 2015-09-04 09:20 - 00000334 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2015-08-23 12:05 - 2015-08-23 12:05 - 00003248 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2015-08-23 12:05 - 2015-08-23 12:05 - 00002630 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2015-08-23 12:05 - 2015-08-23 12:05 - 00001171 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Uniblue
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\Program Files (x86)\Uniblue
2015-08-22 17:34 - 2015-08-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-22 15:20 - 2015-08-22 15:20 - 00852684 _____ C:\Users\Markus Radosztics\Desktop\SecurityCheck.exe
2015-08-22 14:31 - 2015-08-27 11:28 - 00000000 ____D C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc
2015-08-22 14:31 - 2015-08-22 14:31 - 00002215 _____ C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00002195 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\Great Find
2015-08-22 14:31 - 2015-06-25 07:53 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-08-22 14:31 - 2015-06-25 07:53 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-08-22 14:31 - 2015-06-25 07:53 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2015-08-22 14:30 - 2015-08-23 12:04 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\OpenCandy
2015-08-22 14:30 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-08-22 13:05 - 2015-08-22 13:05 - 02870984 _____ (ESET) C:\Users\Markus Radosztics\Downloads\esetsmartinstaller_deu.exe
2015-08-22 12:04 - 2015-08-22 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-21 23:42 - 2015-08-27 12:52 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-21 23:42 - 2015-08-21 23:42 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-21 15:10 - 2015-08-21 15:10 - 00957064 _____ C:\Windows\Minidump\082115-9765-01.dmp
2015-08-21 10:36 - 2015-08-21 10:36 - 01162256 _____ C:\Windows\Minidump\082115-8296-01.dmp
2015-08-21 09:25 - 2015-08-21 09:25 - 00001051 _____ C:\Users\Markus Radosztics\Desktop\AnyProtect.lnk
2015-08-21 09:25 - 2015-08-21 09:25 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-21 09:24 - 2015-09-04 20:12 - 00000000 ____D C:\ProgramData\update
2015-08-21 09:24 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-08-21 09:24 - 2015-08-22 11:46 - 00000000 ____D C:\ProgramData\WWinManProW
2015-08-21 09:24 - 2015-08-21 09:24 - 00000000 ____D C:\Program Files (x86)\MiniLite
2015-08-21 09:14 - 2015-09-04 20:48 - 02188800 _____ (Farbar) C:\Users\Markus Radosztics\Downloads\FRST64.exe
2015-08-20 23:02 - 2015-08-20 23:02 - 00002250 _____ C:\Users\Markus Radosztics\AppData\Roaming\mKEEssqw2b6jam0xKEJW.exe.lnk
2015-08-20 23:02 - 2015-08-20 23:02 - 00002228 _____ C:\Users\Markus Radosztics\AppData\Roaming\Cus4wE9mf.exe.lnk
2015-08-20 22:58 - 2015-09-04 09:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-08-20 22:58 - 2015-08-20 22:58 - 00003338 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-20 22:57 - 2015-08-21 08:25 - 00000298 _____ C:\Windows\Tasks\Tempo Runner yvegdufu.job
2015-08-20 22:57 - 2015-08-21 08:25 - 00000298 _____ C:\Windows\Tasks\Tempo Runner yveg6ufu.job
2015-08-20 22:57 - 2015-08-20 22:57 - 00002442 _____ C:\Windows\System32\Tasks\Tempo Runner yvegdufu
2015-08-20 22:57 - 2015-08-20 22:57 - 00002442 _____ C:\Windows\System32\Tasks\Tempo Runner yveg6ufu
2015-08-20 22:51 - 2015-08-21 08:53 - 00000000 ____D C:\ProgramData\Rising
2015-08-20 22:51 - 2015-08-21 08:53 - 00000000 ____D C:\Program Files (x86)\Rising
2015-08-20 22:51 - 2015-08-21 00:36 - 00000000 ___RD C:\RavBin
2015-08-20 22:51 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-08-20 22:50 - 2015-08-22 16:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-20 22:50 - 2015-08-20 22:50 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-08-20 22:50 - 2015-08-20 22:50 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-08-20 22:50 - 2015-08-20 22:50 - 00074040 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-08-20 22:50 - 2015-08-20 22:50 - 00000000 ____D C:\ProgramData\TXQMPC
2015-08-20 22:50 - 2015-08-20 22:50 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-08-20 22:49 - 2015-08-20 23:31 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Tencent
2015-08-20 22:49 - 2015-08-20 22:52 - 00000000 ____D C:\ProgramData\Tencent
2015-08-20 22:49 - 2015-08-20 22:49 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-08-20 22:44 - 2015-08-20 22:44 - 00001113 _____ C:\Users\Markus Radosztics\Desktop\Continue Live Installation.lnk
2015-08-20 22:44 - 2015-08-20 22:44 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\istartsurf
2015-08-20 22:37 - 2015-08-20 22:37 - 00000000 _____ C:\dummy.htm
2015-08-20 22:32 - 2015-08-20 22:33 - 00000000 ____D C:\ProgramData\LocalStorage
2015-08-20 22:30 - 2015-08-20 22:30 - 00000000 ____D C:\Users\Markus Radosztics\.android
2015-08-20 22:29 - 2015-08-20 22:29 - 00001318 _____ C:\Users\Markus Radosztics\Desktop\全网影视.lnk
2015-08-20 22:29 - 2015-08-20 22:29 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\ppslog
2015-08-20 22:19 - 2015-08-21 08:25 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-20 22:19 - 2015-08-20 22:55 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-20 22:19 - 2015-08-20 22:49 - 00002832 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-08-20 22:19 - 2015-08-20 22:49 - 00002830 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-08-20 22:19 - 2015-08-20 22:49 - 00002830 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-08-20 22:19 - 2015-08-20 22:49 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-20 22:17 - 2015-08-21 08:47 - 00000000 ____D C:\IQIYI Video
2015-08-20 22:17 - 2015-08-21 08:46 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-08-20 22:17 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Unity
2015-08-20 22:17 - 2015-08-20 22:30 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\IQIYI Video
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 __SHD C:\Users\Markus Radosztics\AppData\Roaming\AnyProtectEx
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 ____D C:\Users\Public\QiYi
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\SysassistByHotWheel
2015-08-20 22:16 - 2015-08-20 22:16 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\node-webkit
2015-08-20 22:15 - 2015-08-20 22:15 - 00000217 _____ C:\task.vbs
2015-08-20 22:10 - 2015-08-20 22:10 - 29727656 _____ (Oracle Corporation) C:\Users\Markus Radosztics\Desktop\jre-8u25-windows-i586.exe
2015-08-20 22:09 - 2015-08-20 23:09 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Gameo
2015-08-20 22:09 - 2015-08-20 22:26 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Opera Software
2015-08-20 22:09 - 2015-08-20 22:26 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Opera Software
2015-08-20 22:09 - 2015-08-20 22:09 - 00000185 _____ C:\Users\Markus Radosztics\Desktop\Play Games Online.url
2015-08-20 22:09 - 2015-08-20 22:09 - 00000185 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2015-08-20 22:09 - 2015-08-20 22:09 - 00000000 ___HD C:\Users\Markus Radosztics\AppData\Roaming\GoldenGate
2015-08-20 22:09 - 2015-08-20 22:09 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Gameo
2015-08-20 22:07 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\WarThunder
2015-08-20 22:07 - 2015-08-20 22:07 - 29727656 _____ (Oracle Corporation) C:\Users\Markus Radosztics\Downloads\setup [1].exe
2015-08-20 22:06 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\Cinem Plus 2.4cV20.08
2015-08-20 22:06 - 2015-08-23 14:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\00000000-1440108399-0000-0000-448A5BA07B78
2015-08-20 22:06 - 2015-08-20 09:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{8b8ff336-6f1d-48e8-bf3a-a8cbaafdd963}Gw64.sys
2015-08-20 22:06 - 2015-07-23 15:47 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-20 22:05 - 2015-08-23 14:05 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-08-20 22:05 - 2015-08-20 23:02 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\{1A0B2C57-3EA3-40EF-533B-65077753999F}
2015-08-20 22:05 - 2015-08-20 22:05 - 00004008 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-08-20 22:04 - 2015-08-20 22:26 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-20 21:58 - 2015-08-20 21:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Sun
2015-08-20 21:58 - 2015-08-20 21:58 - 00000000 ____D C:\Users\Markus Radosztics\.oracle_jre_usage
2015-08-20 20:37 - 2015-08-21 00:38 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\WindSolutions
2015-08-20 20:37 - 2015-08-20 20:44 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-20 12:29 - 2015-08-20 14:13 - 00000190 _____ C:\mylog.log
2015-08-20 12:29 - 2015-08-20 12:29 - 00000000 ____D C:\Program Files (x86)\MSI
2015-08-20 12:22 - 2015-08-20 12:22 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\intel_usb30
2015-08-20 12:21 - 2015-08-20 12:21 - 06227267 _____ C:\Users\Markus Radosztics\Downloads\intel_usb30.zip
2015-08-20 12:19 - 2015-08-20 12:19 - 02837521 _____ C:\Users\Markus Radosztics\Downloads\intel_chipse_9_w10.zip
2015-08-20 12:19 - 2015-08-20 12:19 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\intel_chipse_9_w10
2015-08-20 11:43 - 2015-08-20 22:55 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-20 11:43 - 2015-08-20 11:43 - 00003156 _____ C:\Windows\System32\Tasks\Download Touch
2015-08-20 11:43 - 2015-08-20 11:43 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Download Touch
2015-08-20 11:39 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV16.03
2015-08-20 11:39 - 2015-08-21 10:44 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-20 11:39 - 2015-08-20 11:39 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\globalUpdate
2015-08-20 11:37 - 2015-08-20 11:37 - 19284168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-20 11:34 - 2015-09-03 23:50 - 00012088 _____ C:\Windows\SysWOW64\acengineOff.ini
2015-08-20 11:34 - 2015-09-03 23:50 - 00012088 _____ C:\Windows\system32\acengineOff.ini
2015-08-20 11:34 - 2015-08-13 14:49 - 00045784 _____ (Abengine) C:\Windows\system32\Drivers\acwfp64.sys
2015-08-20 11:34 - 2015-08-11 16:50 - 00299296 _____ (Abengine) C:\Windows\SysWOW64\acengine.dll
2015-08-20 11:15 - 2015-08-20 01:24 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{987371d1-e860-4e27-ba6a-35575fd33b7c}Gw64.sys
2015-08-20 11:13 - 2015-08-20 11:13 - 00012839 _____ C:\Users\Markus Radosztics\Desktop\Apple_Mobile_Device_USB_Driver(1).msi
2015-08-20 11:12 - 2015-09-04 09:20 - 00000000 ____D C:\Program Files (x86)\FastSearch
2015-08-20 11:12 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-20 11:12 - 2015-08-20 11:34 - 00000002 _____ C:\END
2015-08-20 11:12 - 2015-08-20 11:12 - 00012839 _____ C:\Users\Markus Radosztics\Desktop\Apple_Mobile_Device_USB_Driver.msi
2015-08-20 11:12 - 2015-08-20 11:12 - 00003578 _____ C:\Windows\System32\Tasks\Shop-wit Updater
2015-08-20 11:12 - 2015-08-20 11:12 - 00003112 _____ C:\Windows\System32\Tasks\cfr3011
2015-08-20 11:12 - 2015-08-11 21:11 - 00349584 _____ (Abengine) C:\Windows\system32\acengine64.dll
2015-08-20 10:43 - 2015-08-20 10:43 - 00001456 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\Program Files\iPod
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-20 10:42 - 2015-08-20 10:42 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files\Bonjour
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-08-19 22:11 - 2015-08-20 00:33 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\MediaMonkey
2015-08-19 22:11 - 2015-08-19 22:11 - 00000695 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\MediaMonkey
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-08-19 22:10 - 2015-08-19 22:10 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-08-19 21:18 - 2015-08-13 14:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:18 - 2015-08-13 13:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 21:18 - 2015-08-13 12:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:18 - 2015-08-13 12:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 20:48 - 2015-08-19 20:51 - 00000512 __RSH C:\ProgramData\ntuser.pol
2015-08-19 20:46 - 2015-08-19 20:46 - 01135152 _____ C:\Windows\Minidump\081915-12953-01.dmp
2015-08-19 16:27 - 2015-08-19 02:39 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{092386fb-9faf-4d52-817c-d4095ab6e5cd}Gw64.sys
2015-08-19 16:24 - 2015-08-23 14:06 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\mystartsearch
2015-08-19 16:24 - 2015-08-19 21:03 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-19 16:24 - 2015-08-19 16:24 - 00000000 _____ C:\Windows\prleth.sys
2015-08-19 16:24 - 2015-08-19 16:24 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-19 16:22 - 2015-08-19 16:22 - 00000767 _____ C:\Users\Markus Radosztics\Desktop\MP3 Voice Recorder.lnk
2015-08-19 16:22 - 2015-08-19 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Voice Recorder
2015-08-19 16:22 - 2004-03-08 21:30 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2015-08-16 18:23 - 2015-08-16 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-16 00:59 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 00:59 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 00:59 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-16 00:59 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-16 00:59 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-16 00:59 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-16 00:59 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-16 00:59 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-16 00:59 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-16 00:59 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-16 00:59 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-16 00:59 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-16 00:59 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-16 00:59 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-16 00:58 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-16 00:58 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-16 00:58 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-16 00:58 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-16 00:58 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-16 00:58 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-16 00:58 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-16 00:55 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-16 00:55 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-16 00:55 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-16 00:55 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-16 00:55 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-16 00:55 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-16 00:55 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-16 00:55 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-16 00:55 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-16 00:55 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-16 00:55 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-16 00:55 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-16 00:55 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-16 00:55 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-05 12:10 - 2015-08-05 12:10 - 00000383 _____ C:\ftconfig.ini
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-04 20:48 - 2015-06-07 20:44 - 00000000 ____D C:\FRST
2015-09-04 20:37 - 2013-09-30 21:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 20:04 - 2013-11-22 22:24 - 00000366 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-09-04 20:00 - 2015-06-18 06:45 - 00001290 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001UA.job
2015-09-04 20:00 - 2013-11-19 21:28 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-04 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-09-04 19:54 - 2013-09-30 19:24 - 01770102 _____ C:\Windows\WindowsUpdate.log
2015-09-04 19:20 - 2014-12-27 12:45 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\36A80DEE-1AAD-4F7E-AA6A-4638F785B9B6.aplzod
2015-09-04 11:00 - 2015-06-18 06:45 - 00001238 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001Core.job
2015-09-04 09:55 - 2013-09-30 19:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-817472733-4082136947-4255886928-1001
2015-09-04 09:26 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2015-09-04 09:26 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2015-09-04 09:26 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-04 09:21 - 2015-01-14 23:45 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\LogMeIn Hamachi
2015-09-04 09:21 - 2014-12-27 12:46 - 00000000 ___RD C:\Users\Markus Radosztics\iCloudDrive
2015-09-04 09:21 - 2013-10-13 20:57 - 00000000 ___RD C:\Users\Markus Radosztics\Dropbox
2015-09-04 09:21 - 2013-10-13 20:55 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Dropbox
2015-09-04 09:19 - 2013-11-25 12:30 - 00000000 ____D C:\Windows\Minidump
2015-09-04 09:19 - 2013-11-19 21:28 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-04 09:19 - 2013-10-01 21:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-04 09:19 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 23:50 - 2013-09-30 19:17 - 00298794 _____ C:\Windows\PFRO.log
2015-09-03 20:41 - 2014-01-16 16:47 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-02 21:48 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Packages
2015-08-31 22:54 - 2014-06-25 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 22:49 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-31 08:55 - 2013-11-19 21:28 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 08:55 - 2013-11-19 21:28 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-31 08:16 - 2013-10-01 18:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-27 12:52 - 2013-10-01 18:41 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-27 12:52 - 2013-09-30 19:24 - 00001450 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 08:46 - 2013-10-02 17:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Skype
2015-08-23 14:35 - 2015-06-07 21:40 - 00001270 _____ C:\Users\Markus Radosztics\Desktop\Revo Uninstaller.lnk
2015-08-23 14:35 - 2015-06-07 21:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-23 12:44 - 2014-02-01 13:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-22 15:17 - 2014-08-06 12:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-22 12:04 - 2015-02-23 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-22 12:04 - 2013-10-02 17:05 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 10:00 - 2015-03-18 18:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-22 10:00 - 2014-06-17 22:52 - 00005182 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WAUT0001-Markus Radosztics WAUT0001
2015-08-21 08:52 - 2015-03-20 10:39 - 00507984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-20 22:50 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\VirtualStore
2015-08-20 22:30 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics
2015-08-20 22:10 - 2014-02-01 13:30 - 00000000 ____D C:\ProgramData\Oracle
2015-08-20 22:06 - 2012-07-26 07:26 - 00000269 _____ C:\Windows\win.ini
2015-08-20 21:22 - 2014-11-19 18:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-08-20 21:22 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Markus Radosztics\Documents\samsung
2015-08-20 21:22 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Samsung
2015-08-20 21:18 - 2013-12-19 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-20 21:18 - 2013-09-30 19:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-20 20:58 - 2013-09-30 20:29 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Downloaded Installations
2015-08-20 20:27 - 2015-06-03 20:07 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2015-08-20 14:09 - 2015-03-18 18:59 - 00002321 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-20 11:37 - 2013-09-30 21:01 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-20 10:43 - 2013-09-30 20:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-20 10:42 - 2013-09-30 20:20 - 00000000 ____D C:\ProgramData\Apple
2015-08-19 21:18 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-19 17:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-08-16 18:23 - 2015-07-14 21:02 - 00000650 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-08-16 18:22 - 2015-04-17 08:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-16 18:22 - 2015-04-17 08:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-16 18:22 - 2013-09-30 19:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-16 18:22 - 2013-09-30 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-16 10:55 - 2013-09-30 19:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-16 10:55 - 2013-09-30 19:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-16 10:54 - 2013-09-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-16 10:53 - 2013-09-30 22:57 - 00000000 ____D C:\Windows\system32\MRT
2015-08-16 10:51 - 2013-09-30 22:57 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 10:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 10:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-08 04:27 - 2012-07-26 10:14 - 00793544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 04:27 - 2012-07-26 10:14 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-27 12:52 - 2015-08-27 12:52 - 4241742 _____ (Bycatch) C:\Program Files\Common Files\ypiub0mz.exe
2015-08-20 23:02 - 2015-08-20 23:02 - 0002228 _____ () C:\Users\Markus Radosztics\AppData\Roaming\Cus4wE9mf.exe.lnk
2015-08-20 23:02 - 2015-08-20 23:02 - 0002250 _____ () C:\Users\Markus Radosztics\AppData\Roaming\mKEEssqw2b6jam0xKEJW.exe.lnk
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\String Ensemble
2013-09-30 20:30 - 2013-09-30 20:30 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Strings
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Super Strings
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Techno Kit
2014-02-05 18:38 - 2015-06-07 12:43 - 0000156 _____ () C:\Users\Markus Radosztics\AppData\Roaming\WB.CFG
2013-11-06 10:01 - 2014-08-12 18:27 - 0006144 _____ () C:\Users\Markus Radosztics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 18:56 - 2014-12-23 18:56 - 0007606 _____ () C:\Users\Markus Radosztics\AppData\Local\Resmon.ResmonCfg
2015-08-20 22:04 - 2015-08-20 22:04 - 0000187 _____ () C:\Users\Markus Radosztics\AppData\Local\Salttex.exe.config
2013-10-02 17:42 - 2013-10-02 17:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-07 09:16 - 2014-07-07 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\howto
2013-09-30 20:29 - 2013-09-30 20:29 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-09-30 20:30 - 2013-09-30 20:30 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-09-30 20:29 - 2013-09-30 20:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-09-30 20:29 - 2013-09-30 20:29 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\ProgramData\Sync Schema
2013-09-30 20:30 - 2013-09-30 20:30 - 0000268 ___RH () C:\ProgramData\Sync Services
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\ProgramData\Synth Basics
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\Track Settings
2013-09-30 20:30 - 2013-09-30 20:30 - 0000012 ___RH () C:\ProgramData\Transportation
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\Tremolo
Einige Dateien in TEMP:
====================
C:\Users\Markus Radosztics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm3n_fe.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-04 18:00
==================== Ende von FRST.txt ============================
|
|
05.09.2015, 14:00
| #34 |
| /// the machine /// TB-Ausbilder | Ständig öffnen sich neue Internet-Fenster Bevor wir weiter machen: Wie läuft der Rechner aktuell?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.09.2015, 19:14
| #35 |
| | Ständig öffnen sich neue Internet-Fenster Leider nicht wie gewünscht. Wenn ich mit Google Chrome ins Internet gehe, wie gerade eben auch, und auf irgendeinen Link klicke (z.B. hier im Forum auf "Antworten", öffnet sich ständig irgendein neuer Tab mit irgendwelcher Werbung. Auch wenn ich mit der Maus über ein Foto fahre, öffnet sich ein Werbefenster. Die chinesischen Pop-ups sind auch nach wie vor da, die kann ich zwar wegklicken, aber sie kommen immer wieder. Excel stürzt immer wieder ab, ist auch gerade vor 5 Minuten zuletzt passiert. Da steht dann: keine Rückmeldung. Gleiches mit dem Windows Explorer, der, sobald ich z.B. auf ein Laufwerk klicke, sich aufhängt (keine Rückmeldung). Mein USB-Anschluss ist auch beleidigt. Wenn ich z.B. meinen Kopfhörer angeschlossen habe, lässt sich der PC nicht starten, er kommt nicht bis zum Start-Bildschirm. Ich muss dann erst den Kopfhörer abstecken, dann geht die Startprozedur weiter. Deshalb konnte ich auch den USB-Stick nicht mit FRST-Scan anstecken, denn der Stick wurde unter Windows 8 im Windows Explorer nicht angezeigt. Interessanterweise hat er ihn im abgesicherten Modus bei der Eingabeaufforderung gefunden und ich konnte scannen. Aber zum Posten des Files hab ich ja neu gestartet und dann hat er den USB-Stick wieder nicht gefunden. Alles leider nicht sehr toll... lg Don Camillo |
|
06.09.2015, 07:21
| #36 |
| /// the machine /// TB-Ausbilder | Ständig öffnen sich neue Internet-Fenster Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses:
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
R2 acengine; C:\Program Files (x86)\FastSearch\acengine.exe [1839728 2015-08-11] (Abengine) [Datei ist nicht signiert]
C:\Program Files (x86)\FastSearch
Winsock: Catalog9 01 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 16 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
C:\Windows\SysWOW64\acengine.dll
cmd: netsh winsock reset
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSWebMon64.dat [2015-08-20] (Tencent)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1440141856&z=3fbd779b7c5a732cb4abd88gbz6zbeag3zcg1mawec&from=cmi&uid=SamsungXSSDX840XEVOX120GB_S1D5NEAD869028B
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: mystartsearch
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF Keyword.URL:
FF user.js: detected! => C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\user.js [2015-08-22]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> "url":"hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPq5njNUqi6JvXMApaBQy6dI7-zBLqJIwww8hbEZ_D2j-OfsnCYPRYpkjrKE0B6yddsyE0qCPGUtnzlvUJHWwB8uTvqEfg2JNQtn_CDHx1mxfkAnrWbsqitrPXz1eUg1EbqJin5hfsghxsvq7&q={searchTerms}"
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
2015-08-27 23:37 - 2015-08-27 23:37 - 00003248 _____ C:\Windows\System32\Tasks\uydate
2015-08-27 12:52 - 2015-08-27 12:52 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\ypiub0mz.exe
2015-08-27 12:52 - 2015-08-27 12:52 - 00000000 ____D C:\ProgramData\Saophases
2015-08-27 12:36 - 2015-08-27 12:36 - 00003156 _____ C:\Windows\System32\Tasks\r4v4x4kf
2015-08-27 12:36 - 2015-08-27 12:36 - 00000000 ____D C:\Program Files\Common Files\vkwznlph
2015-08-25 00:40 - 2015-08-25 00:40 - 00003156 _____ C:\Windows\System32\Tasks\kajl01mh
2015-08-25 00:40 - 2015-08-25 00:40 - 00000000 ____D C:\Program Files\Common Files\r5lybh4n
2015-08-20 23:02 - 2015-08-20 23:02 - 00002250 _____ C:\Users\Markus Radosztics\AppData\Roaming\mKEEssqw2b6jam0xKEJW.exe.lnk
2015-08-20 23:02 - 2015-08-20 23:02 - 00002228 _____ C:\Users\Markus Radosztics\AppData\Roaming\Cus4wE9mf.exe.lnk
2015-08-20 22:58 - 2015-09-04 09:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-08-20 22:58 - 2015-08-20 22:58 - 00003338 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-20 22:57 - 2015-08-21 08:25 - 00000298 _____ C:\Windows\Tasks\Tempo Runner yvegdufu.job
2015-08-20 22:57 - 2015-08-21 08:25 - 00000298 _____ C:\Windows\Tasks\Tempo Runner yveg6ufu.job
2015-08-20 22:57 - 2015-08-20 22:57 - 00002442 _____ C:\Windows\System32\Tasks\Tempo Runner yvegdufu
2015-08-20 22:57 - 2015-08-20 22:57 - 00002442 _____ C:\Windows\System32\Tasks\Tempo Runner yveg6ufu
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs. Läuft dieser chinesische Tencent-Quatsch mit Absicht?
__________________ --> Ständig öffnen sich neue Internet-Fenster |
|
06.09.2015, 11:20
| #37 |
| | Ständig öffnen sich neue Internet-Fenster Hallo Schrauber, hier die Fixlog.txt Datei: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:04-09-2015
durchgeführt von Markus Radosztics (2015-09-06 12:04:48) Run:5
Gestartet von C:\Users\Markus Radosztics\Downloads
Geladene Profile: Markus Radosztics (Verfügbare Profile: Markus Radosztics)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
R2 acengine; C:\Program Files (x86)\FastSearch\acengine.exe [1839728 2015-08-11] (Abengine) [Datei ist nicht signiert]
C:\Program Files (x86)\FastSearch
Winsock: Catalog9 01 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
Winsock: Catalog9 16 C:\Windows\SysWOW64\acengine.dll [299296 2015-08-20] (Abengine)
C:\Windows\SysWOW64\acengine.dll
cmd: netsh winsock reset
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzytA0F0CyDtDyEtA0AyCtN0D0Tzu0StCtAtByBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0CyB0CzztAyE0BtGyByBzyzztGzzyD0D0CtGtDtB0C0DtG0EyCyE0ByEyBtBtDyC0DyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0DyE0DtD0CyE0BtGtCyEtAyEtGyEtAyDtAtGzztBtCtDtGtBtAtCyByDyC0BtC0A0A0B0C2QtN0A0LzutB%26cr%3D1829697096%26a%3Dwncy_popjar_15_34%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-817472733-4082136947-4255886928-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXPItBSxhRn3JsyTA5CW8aIoDmvRY-WPlE5nBVxJyZHu4TRwJIP5nfpssR2POChGPPZAS6FLsK3ZBtq&q={searchTerms}
BHO: ????????? -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSWebMon64.dat [2015-08-20] (Tencent)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (????)
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1440141856&z=3fbd779b7c5a732cb4abd88gbz6zbeag3zcg1mawec&from=cmi&uid=SamsungXSSDX840XEVOX120GB_S1D5NEAD869028B
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: mystartsearch
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF Keyword.URL:
FF user.js: detected! => C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\user.js [2015-08-22]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> "url":"hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPq5njNUqi6JvXMApaBQy6dI7-zBLqJIwww8hbEZ_D2j-OfsnCYPRYpkjrKE0B6yddsyE0qCPGUtnzlvUJHWwB8uTvqEfg2JNQtn_CDHx1mxfkAnrWbsqitrPXz1eUg1EbqJin5hfsghxsvq7&q={searchTerms}"
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
2015-08-27 23:37 - 2015-08-27 23:37 - 00003248 _____ C:\Windows\System32\Tasks\uydate
2015-08-27 12:52 - 2015-08-27 12:52 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\ypiub0mz.exe
2015-08-27 12:52 - 2015-08-27 12:52 - 00000000 ____D C:\ProgramData\Saophases
2015-08-27 12:36 - 2015-08-27 12:36 - 00003156 _____ C:\Windows\System32\Tasks\r4v4x4kf
2015-08-27 12:36 - 2015-08-27 12:36 - 00000000 ____D C:\Program Files\Common Files\vkwznlph
2015-08-25 00:40 - 2015-08-25 00:40 - 00003156 _____ C:\Windows\System32\Tasks\kajl01mh
2015-08-25 00:40 - 2015-08-25 00:40 - 00000000 ____D C:\Program Files\Common Files\r5lybh4n
2015-08-20 23:02 - 2015-08-20 23:02 - 00002250 _____ C:\Users\Markus Radosztics\AppData\Roaming\mKEEssqw2b6jam0xKEJW.exe.lnk
2015-08-20 23:02 - 2015-08-20 23:02 - 00002228 _____ C:\Users\Markus Radosztics\AppData\Roaming\Cus4wE9mf.exe.lnk
2015-08-20 22:58 - 2015-09-04 09:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-08-20 22:58 - 2015-08-20 22:58 - 00003338 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-20 22:57 - 2015-08-21 08:25 - 00000298 _____ C:\Windows\Tasks\Tempo Runner yvegdufu.job
2015-08-20 22:57 - 2015-08-21 08:25 - 00000298 _____ C:\Windows\Tasks\Tempo Runner yveg6ufu.job
2015-08-20 22:57 - 2015-08-20 22:57 - 00002442 _____ C:\Windows\System32\Tasks\Tempo Runner yvegdufu
2015-08-20 22:57 - 2015-08-20 22:57 - 00002442 _____ C:\Windows\System32\Tasks\Tempo Runner yveg6ufu
Emptytemp:
*****************
Prozess erfolgreich geschlossen.
C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
acengine => Dienst erfolgreich entfernt
C:\Program Files (x86)\FastSearch => erfolgreich verschoben
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Schlüssel erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Schlüssel erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Schlüssel erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Schlüssel erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => Schlüssel erfolgreich entfernt
C:\Windows\SysWOW64\acengine.dll => erfolgreich verschoben
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
"HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Fehler beim Setzen des Wertes
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wert erfolgreich entfernt
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\ielnksrch => Schlüssel nicht gefunden.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-817472733-4082136947-4255886928-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{ielnksrch} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}" => Schlüssel erfolgreich entfernt
"HKCR\Wow6432Node\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wert erfolgreich wiederhergestellt
Firefox "newtab" erfolgreich entfernt
Firefox DefaultSearchEngine erfolgreich entfernt
Firefox SelectedSearchEngine erfolgreich entfernt
Firefox "homepage" erfolgreich entfernt
Firefox "Keyword.URL" erfolgreich entfernt
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\user.js => erfolgreich verschoben
Chrome HomePage erfolgreich entfernt
Chrome StartupUrls erfolgreich entfernt
Chrome DefaultSearchURL erfolgreich entfernt
Chrome DefaultSearchKeyword erfolgreich entfernt
Chrome DefaultSuggestURL erfolgreich entfernt
C:\Windows\System32\Tasks\uydate => erfolgreich verschoben
C:\Program Files\Common Files\ypiub0mz.exe => erfolgreich verschoben
C:\ProgramData\Saophases => erfolgreich verschoben
C:\Windows\System32\Tasks\r4v4x4kf => erfolgreich verschoben
C:\Program Files\Common Files\vkwznlph => erfolgreich verschoben
C:\Windows\System32\Tasks\kajl01mh => erfolgreich verschoben
C:\Program Files\Common Files\r5lybh4n => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\mKEEssqw2b6jam0xKEJW.exe.lnk => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\Cus4wE9mf.exe.lnk => erfolgreich verschoben
C:\Windows\SysWOW64\Drivers\TS888x64.sys => erfolgreich verschoben
C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => erfolgreich verschoben
C:\Windows\Tasks\Tempo Runner yvegdufu.job => erfolgreich verschoben
C:\Windows\Tasks\Tempo Runner yveg6ufu.job => erfolgreich verschoben
C:\Windows\System32\Tasks\Tempo Runner yvegdufu => erfolgreich verschoben
C:\Windows\System32\Tasks\Tempo Runner yveg6ufu => erfolgreich verschoben
EmptyTemp: => 633 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden..
==== Ende von Fixlog 12:05:32 ====
lg Don Camillo Der chinesische Quatsch läuft nicht mit Absicht. Der hat sich installiert, als ich das Java-Update installiert habe. Seitdem krieg ich das Ding nicht weg. Auch wenn ich das Programm beende, öffnet es sich immer wieder. Leider verstehe ich nicht, was da geschrieben wird. Wäre heilfroh, wenn dieses Ding verschwinden würde... lg Don Camillo Hier ist die FRST.txt Datei: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
durchgeführt von Markus Radosztics (Administrator) auf WAUT0001 (06-09-2015 12:11:44)
Gestartet von C:\Users\Markus Radosztics\Downloads
Geladene Profile: Markus Radosztics (Verfügbare Profile: Markus Radosztics)
Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(XTab system) C:\Program Files (x86)\MiniLite\ProtectService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Valve Corporation) D:\Games\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Valve Corporation) D:\Games\bin\steamwebhelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => "D:\Programme\iTunesHelper.exe"
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [A1Servicecenter] => C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Launcher.exe [11467864 2015-05-27] (A1)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTRAY.EXE [355296 2015-08-20] (Tencent)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-12] (Voobly)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Steam] => D:\Games\Steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Dropbox Update] => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [OneDrive] => C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [GoogleChromeAutoLaunch_FEA560871AAA9104DF8D8385F4A465BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240 2015-08-28] (Google Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMGCShellExt64.dll [2015-08-20] (Tencent)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-01-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-18]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\..\Interfaces\{0FFDF7C3-8718-450E-A4A2-9C59BD350F78}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{DD37C3EA-4E32-4412-AC18-EA239FC6029F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSWebMon64.dat [2015-08-20] (Tencent)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Great Find -> {1cc2bb80-20ab-43e5-b958-432d72b546ca} -> C:\Program Files (x86)\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: af0.Adblock.BHO -> {90EFF544-3981-4d46-85C9-C0361D0931D6} -> C:\Windows\SysWOW64\mscoree.dll [2012-06-02] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\npQMExtensionsMozilla.dll [2015-08-20] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Markus Radosztics\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll Keine Datei
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\findit.xml [2015-08-27]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\istartsurf.xml [2015-08-21]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\mystartsearch.xml [2015-08-23]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\search-provided-by-yahoo.xml [2015-08-20]
FF Extension: Default SearchProtected - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\defsearchp@gmail.com [2015-08-19]
FF Extension: deskCut - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\deskCutv2@gmail.com [2015-08-19]
FF Extension: A1 Servicecenter - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{594657B4-413A-41D0-8F85-A6D3F35C9BDF} [2015-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-06]
FF Extension: "Download Touch - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\@73ABDD53B667F486D5ACC6A263CED1CC73AB.xpi [2015-08-20]
FF Extension: Great Find - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{0a4ee680-ecac-4e89-b625-5139f7130e30}.xpi [2015-08-22]
FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-30]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\extensions\deskCutv2@gmail.com
FF HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\73ABDD53B667F486D5ACC6A263CED1CC73AB.js [2015-08-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> "search_url":"hxxp://feed.baboom.audio/?st=ds&query={searchTerms}"
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Baboom Search) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2015-09-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 Hamachi2Svc; D:\Games\LogMeIn Hamachi\hamachi-2.exe [2545512 2015-08-03] (LogMeIn Inc.)
R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [129688 2015-08-20] (XTab system)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [1931632 2015-05-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-23] ()
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe [297608 2015-08-20] (Tencent)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-21] (Beijing Rising Information Technology Co., Ltd.)
S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TAOFrame.exe [293856 2015-08-20] (Tencent)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 acwfp; C:\Windows\system32\Drivers\acwfp64.sys [45784 2015-08-13] (Abengine)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-27] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMUdisk64.sys [62264 2015-08-20] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQSysMonX64.sys [138040 2015-08-20] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2015-08-20] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2015-08-20] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-08-20] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TS888x64.sys [28984 2015-09-06] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSDefenseBT64.sys [28472 2015-08-20] (Tencent)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSSysKit64.sys [87352 2015-08-20] (电脑管家)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S1 rrfd_vw_1_10_0_22; system32\drivers\rrfd_vw_1_10_0_22.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-06 12:07 - 2015-09-06 12:07 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-09-04 09:19 - 2015-09-04 09:19 - 00861968 _____ C:\Windows\Minidump\090415-13125-01.dmp
2015-09-03 20:41 - 2015-09-03 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-03 20:41 - 2015-09-03 20:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-01 12:08 - 2015-09-01 12:08 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 08:21 - 2015-08-31 08:21 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-08-23 14:58 - 2015-08-27 12:52 - 00002265 _____ C:\Users\Markus Radosztics\Desktop\Google Chrome.lnk
2015-08-23 14:58 - 2015-08-23 14:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 14:56 - 2015-08-23 14:56 - 00931408 _____ (Google Inc.) C:\Users\Markus Radosztics\Downloads\ChromeSetup.exe
2015-08-23 14:33 - 2015-08-23 14:33 - 01260832 _____ C:\Users\Markus Radosztics\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-08-23 14:04 - 2015-09-04 20:48 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\FRST-OlderVersion
2015-08-23 14:01 - 2015-09-06 12:11 - 00031104 _____ C:\Users\Markus Radosztics\Downloads\FRST.txt
2015-08-23 14:01 - 2015-08-23 14:02 - 00081428 _____ C:\Users\Markus Radosztics\Downloads\Addition.txt
2015-08-23 14:00 - 2015-08-23 14:00 - 00018325 _____ C:\Users\Markus Radosztics\Desktop\Fixlist.txt
2015-08-23 12:05 - 2015-09-06 12:07 - 00000334 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2015-08-23 12:05 - 2015-09-06 12:05 - 00000320 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2015-08-23 12:05 - 2015-08-23 12:05 - 00003248 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2015-08-23 12:05 - 2015-08-23 12:05 - 00002630 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2015-08-23 12:05 - 2015-08-23 12:05 - 00001171 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Uniblue
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\Program Files (x86)\Uniblue
2015-08-22 17:34 - 2015-08-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-22 15:20 - 2015-08-22 15:20 - 00852684 _____ C:\Users\Markus Radosztics\Desktop\SecurityCheck.exe
2015-08-22 14:31 - 2015-08-27 11:28 - 00000000 ____D C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc
2015-08-22 14:31 - 2015-08-22 14:31 - 00002215 _____ C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00002195 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\Great Find
2015-08-22 14:31 - 2015-06-25 07:53 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-08-22 14:31 - 2015-06-25 07:53 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-08-22 14:31 - 2015-06-25 07:53 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2015-08-22 14:30 - 2015-08-23 12:04 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\OpenCandy
2015-08-22 14:30 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-08-22 13:05 - 2015-08-22 13:05 - 02870984 _____ (ESET) C:\Users\Markus Radosztics\Downloads\esetsmartinstaller_deu.exe
2015-08-22 12:04 - 2015-08-22 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-21 23:42 - 2015-08-27 12:52 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-21 23:42 - 2015-08-21 23:42 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-21 15:10 - 2015-08-21 15:10 - 00957064 _____ C:\Windows\Minidump\082115-9765-01.dmp
2015-08-21 10:36 - 2015-08-21 10:36 - 01162256 _____ C:\Windows\Minidump\082115-8296-01.dmp
2015-08-21 09:25 - 2015-08-21 09:25 - 00001051 _____ C:\Users\Markus Radosztics\Desktop\AnyProtect.lnk
2015-08-21 09:25 - 2015-08-21 09:25 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-21 09:24 - 2015-09-06 12:09 - 00000000 ____D C:\ProgramData\update
2015-08-21 09:24 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-08-21 09:24 - 2015-08-22 11:46 - 00000000 ____D C:\ProgramData\WWinManProW
2015-08-21 09:24 - 2015-08-21 09:24 - 00000000 ____D C:\Program Files (x86)\MiniLite
2015-08-21 09:14 - 2015-09-04 20:48 - 02188800 _____ (Farbar) C:\Users\Markus Radosztics\Downloads\FRST64.exe
2015-08-20 22:51 - 2015-08-21 08:53 - 00000000 ____D C:\ProgramData\Rising
2015-08-20 22:51 - 2015-08-21 08:53 - 00000000 ____D C:\Program Files (x86)\Rising
2015-08-20 22:51 - 2015-08-21 00:36 - 00000000 ___RD C:\RavBin
2015-08-20 22:51 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-08-20 22:50 - 2015-08-22 16:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-20 22:50 - 2015-08-20 22:50 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-08-20 22:50 - 2015-08-20 22:50 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-08-20 22:50 - 2015-08-20 22:50 - 00074040 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-08-20 22:50 - 2015-08-20 22:50 - 00000000 ____D C:\ProgramData\TXQMPC
2015-08-20 22:50 - 2015-08-20 22:50 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-08-20 22:49 - 2015-08-20 23:31 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Tencent
2015-08-20 22:49 - 2015-08-20 22:52 - 00000000 ____D C:\ProgramData\Tencent
2015-08-20 22:49 - 2015-08-20 22:49 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-08-20 22:44 - 2015-08-20 22:44 - 00001113 _____ C:\Users\Markus Radosztics\Desktop\Continue Live Installation.lnk
2015-08-20 22:44 - 2015-08-20 22:44 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\istartsurf
2015-08-20 22:37 - 2015-08-20 22:37 - 00000000 _____ C:\dummy.htm
2015-08-20 22:32 - 2015-08-20 22:33 - 00000000 ____D C:\ProgramData\LocalStorage
2015-08-20 22:30 - 2015-08-20 22:30 - 00000000 ____D C:\Users\Markus Radosztics\.android
2015-08-20 22:29 - 2015-08-20 22:29 - 00001318 _____ C:\Users\Markus Radosztics\Desktop\全网影视.lnk
2015-08-20 22:29 - 2015-08-20 22:29 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\ppslog
2015-08-20 22:19 - 2015-08-21 08:25 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-20 22:19 - 2015-08-20 22:55 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-20 22:19 - 2015-08-20 22:49 - 00002832 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-08-20 22:19 - 2015-08-20 22:49 - 00002830 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-08-20 22:19 - 2015-08-20 22:49 - 00002830 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-08-20 22:19 - 2015-08-20 22:49 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-20 22:17 - 2015-08-21 08:47 - 00000000 ____D C:\IQIYI Video
2015-08-20 22:17 - 2015-08-21 08:46 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-08-20 22:17 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Unity
2015-08-20 22:17 - 2015-08-20 22:30 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\IQIYI Video
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 __SHD C:\Users\Markus Radosztics\AppData\Roaming\AnyProtectEx
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 ____D C:\Users\Public\QiYi
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\SysassistByHotWheel
2015-08-20 22:16 - 2015-08-20 22:16 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\node-webkit
2015-08-20 22:15 - 2015-08-20 22:15 - 00000217 _____ C:\task.vbs
2015-08-20 22:10 - 2015-08-20 22:10 - 29727656 _____ (Oracle Corporation) C:\Users\Markus Radosztics\Desktop\jre-8u25-windows-i586.exe
2015-08-20 22:09 - 2015-08-20 23:09 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Gameo
2015-08-20 22:09 - 2015-08-20 22:26 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Opera Software
2015-08-20 22:09 - 2015-08-20 22:26 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Opera Software
2015-08-20 22:09 - 2015-08-20 22:09 - 00000185 _____ C:\Users\Markus Radosztics\Desktop\Play Games Online.url
2015-08-20 22:09 - 2015-08-20 22:09 - 00000185 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2015-08-20 22:09 - 2015-08-20 22:09 - 00000000 ___HD C:\Users\Markus Radosztics\AppData\Roaming\GoldenGate
2015-08-20 22:09 - 2015-08-20 22:09 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Gameo
2015-08-20 22:07 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\WarThunder
2015-08-20 22:07 - 2015-08-20 22:07 - 29727656 _____ (Oracle Corporation) C:\Users\Markus Radosztics\Downloads\setup [1].exe
2015-08-20 22:06 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\Cinem Plus 2.4cV20.08
2015-08-20 22:06 - 2015-08-23 14:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\00000000-1440108399-0000-0000-448A5BA07B78
2015-08-20 22:06 - 2015-08-20 09:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{8b8ff336-6f1d-48e8-bf3a-a8cbaafdd963}Gw64.sys
2015-08-20 22:06 - 2015-07-23 15:47 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-20 22:05 - 2015-08-23 14:05 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-08-20 22:05 - 2015-08-20 23:02 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\{1A0B2C57-3EA3-40EF-533B-65077753999F}
2015-08-20 22:05 - 2015-08-20 22:05 - 00004008 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-08-20 22:04 - 2015-08-20 22:26 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-20 21:58 - 2015-08-20 21:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Sun
2015-08-20 21:58 - 2015-08-20 21:58 - 00000000 ____D C:\Users\Markus Radosztics\.oracle_jre_usage
2015-08-20 20:37 - 2015-08-21 00:38 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\WindSolutions
2015-08-20 20:37 - 2015-08-20 20:44 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-20 12:29 - 2015-08-20 14:13 - 00000190 _____ C:\mylog.log
2015-08-20 12:29 - 2015-08-20 12:29 - 00000000 ____D C:\Program Files (x86)\MSI
2015-08-20 12:22 - 2015-08-20 12:22 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\intel_usb30
2015-08-20 12:21 - 2015-08-20 12:21 - 06227267 _____ C:\Users\Markus Radosztics\Downloads\intel_usb30.zip
2015-08-20 12:19 - 2015-08-20 12:19 - 02837521 _____ C:\Users\Markus Radosztics\Downloads\intel_chipse_9_w10.zip
2015-08-20 12:19 - 2015-08-20 12:19 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\intel_chipse_9_w10
2015-08-20 11:43 - 2015-08-20 22:55 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-20 11:43 - 2015-08-20 11:43 - 00003156 _____ C:\Windows\System32\Tasks\Download Touch
2015-08-20 11:43 - 2015-08-20 11:43 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Download Touch
2015-08-20 11:39 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV16.03
2015-08-20 11:39 - 2015-08-21 10:44 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-20 11:39 - 2015-08-20 11:39 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\globalUpdate
2015-08-20 11:37 - 2015-08-20 11:37 - 19284168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-20 11:34 - 2015-09-06 12:04 - 00012056 _____ C:\Windows\SysWOW64\acengineOff.ini
2015-08-20 11:34 - 2015-09-06 12:04 - 00012056 _____ C:\Windows\system32\acengineOff.ini
2015-08-20 11:34 - 2015-08-13 14:49 - 00045784 _____ (Abengine) C:\Windows\system32\Drivers\acwfp64.sys
2015-08-20 11:15 - 2015-08-20 01:24 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{987371d1-e860-4e27-ba6a-35575fd33b7c}Gw64.sys
2015-08-20 11:13 - 2015-08-20 11:13 - 00012839 _____ C:\Users\Markus Radosztics\Desktop\Apple_Mobile_Device_USB_Driver(1).msi
2015-08-20 11:12 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-20 11:12 - 2015-08-20 11:34 - 00000002 _____ C:\END
2015-08-20 11:12 - 2015-08-20 11:12 - 00012839 _____ C:\Users\Markus Radosztics\Desktop\Apple_Mobile_Device_USB_Driver.msi
2015-08-20 11:12 - 2015-08-20 11:12 - 00003578 _____ C:\Windows\System32\Tasks\Shop-wit Updater
2015-08-20 11:12 - 2015-08-20 11:12 - 00003112 _____ C:\Windows\System32\Tasks\cfr3011
2015-08-20 11:12 - 2015-08-11 21:11 - 00349584 _____ (Abengine) C:\Windows\system32\acengine64.dll
2015-08-20 10:43 - 2015-08-20 10:43 - 00001456 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\Program Files\iPod
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-20 10:42 - 2015-08-20 10:42 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files\Bonjour
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-08-19 22:11 - 2015-08-20 00:33 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\MediaMonkey
2015-08-19 22:11 - 2015-08-19 22:11 - 00000695 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\MediaMonkey
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-08-19 22:10 - 2015-08-19 22:10 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-08-19 21:18 - 2015-08-13 14:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:18 - 2015-08-13 13:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 21:18 - 2015-08-13 12:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:18 - 2015-08-13 12:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 20:48 - 2015-09-06 12:07 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-19 20:46 - 2015-08-19 20:46 - 01135152 _____ C:\Windows\Minidump\081915-12953-01.dmp
2015-08-19 16:27 - 2015-08-19 02:39 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{092386fb-9faf-4d52-817c-d4095ab6e5cd}Gw64.sys
2015-08-19 16:24 - 2015-08-23 14:06 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\mystartsearch
2015-08-19 16:24 - 2015-08-19 21:03 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-19 16:24 - 2015-08-19 16:24 - 00000000 _____ C:\Windows\prleth.sys
2015-08-19 16:24 - 2015-08-19 16:24 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-19 16:22 - 2015-08-19 16:22 - 00000767 _____ C:\Users\Markus Radosztics\Desktop\MP3 Voice Recorder.lnk
2015-08-19 16:22 - 2015-08-19 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Voice Recorder
2015-08-19 16:22 - 2004-03-08 21:30 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2015-08-16 18:23 - 2015-08-16 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-16 00:59 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 00:59 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 00:59 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-16 00:59 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-16 00:59 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-16 00:59 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-16 00:59 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-16 00:59 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-16 00:59 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-16 00:59 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-16 00:59 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-16 00:59 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-16 00:59 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-16 00:59 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-16 00:58 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-16 00:58 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-16 00:58 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-16 00:58 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-16 00:58 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-16 00:58 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-16 00:58 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-16 00:55 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-16 00:55 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-16 00:55 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-16 00:55 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-16 00:55 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-16 00:55 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-16 00:55 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-16 00:55 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-16 00:55 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-16 00:55 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-16 00:55 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-16 00:55 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-16 00:55 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-16 00:55 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-06 12:11 - 2015-06-07 20:44 - 00000000 ____D C:\FRST
2015-09-06 12:08 - 2015-01-14 23:45 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\LogMeIn Hamachi
2015-09-06 12:08 - 2013-10-13 20:57 - 00000000 ___RD C:\Users\Markus Radosztics\Dropbox
2015-09-06 12:08 - 2013-10-13 20:55 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Dropbox
2015-09-06 12:07 - 2014-12-27 12:46 - 00000000 ___RD C:\Users\Markus Radosztics\iCloudDrive
2015-09-06 12:07 - 2014-12-27 12:45 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\36A80DEE-1AAD-4F7E-AA6A-4638F785B9B6.aplzod
2015-09-06 12:06 - 2013-11-19 21:28 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-06 12:06 - 2013-10-01 21:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-06 12:06 - 2013-09-30 19:17 - 00299742 _____ C:\Windows\PFRO.log
2015-09-06 12:06 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 12:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-09-06 12:02 - 2013-09-30 19:24 - 01859429 _____ C:\Windows\WindowsUpdate.log
2015-09-06 12:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-09-06 12:00 - 2015-06-18 06:45 - 00001290 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001UA.job
2015-09-06 12:00 - 2013-11-19 21:28 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-06 11:57 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2015-09-06 11:57 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2015-09-06 11:57 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-06 11:55 - 2013-09-30 19:30 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-817472733-4082136947-4255886928-1001
2015-09-06 01:04 - 2013-11-22 22:24 - 00000366 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-09-06 00:37 - 2013-09-30 21:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-05 11:00 - 2015-06-18 06:45 - 00001238 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001Core.job
2015-09-04 09:19 - 2013-11-25 12:30 - 00000000 ____D C:\Windows\Minidump
2015-09-03 20:41 - 2014-01-16 16:47 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-02 21:48 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Packages
2015-08-31 22:54 - 2014-06-25 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 22:49 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-31 08:55 - 2013-11-19 21:28 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 08:55 - 2013-11-19 21:28 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-31 08:16 - 2013-10-01 18:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-27 12:52 - 2013-10-01 18:41 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-27 12:52 - 2013-09-30 19:24 - 00001450 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 08:46 - 2013-10-02 17:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Skype
2015-08-23 14:35 - 2015-06-07 21:40 - 00001270 _____ C:\Users\Markus Radosztics\Desktop\Revo Uninstaller.lnk
2015-08-23 14:35 - 2015-06-07 21:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-23 12:44 - 2014-02-01 13:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-22 15:17 - 2014-08-06 12:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-22 12:04 - 2015-02-23 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-22 12:04 - 2013-10-02 17:05 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 10:00 - 2015-03-18 18:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-22 10:00 - 2014-06-17 22:52 - 00005182 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WAUT0001-Markus Radosztics WAUT0001
2015-08-21 08:52 - 2015-03-20 10:39 - 00507984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-20 22:50 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\VirtualStore
2015-08-20 22:30 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics
2015-08-20 22:10 - 2014-02-01 13:30 - 00000000 ____D C:\ProgramData\Oracle
2015-08-20 22:06 - 2012-07-26 07:26 - 00000269 _____ C:\Windows\win.ini
2015-08-20 21:22 - 2014-11-19 18:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-08-20 21:22 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Markus Radosztics\Documents\samsung
2015-08-20 21:22 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Samsung
2015-08-20 21:18 - 2013-12-19 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-20 21:18 - 2013-09-30 19:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-20 20:58 - 2013-09-30 20:29 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Downloaded Installations
2015-08-20 20:27 - 2015-06-03 20:07 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2015-08-20 14:09 - 2015-03-18 18:59 - 00002321 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-20 11:37 - 2013-09-30 21:01 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-20 10:43 - 2013-09-30 20:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-20 10:42 - 2013-09-30 20:20 - 00000000 ____D C:\ProgramData\Apple
2015-08-19 21:18 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-16 18:23 - 2015-07-14 21:02 - 00000650 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-08-16 18:22 - 2015-04-17 08:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-16 18:22 - 2015-04-17 08:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-16 18:22 - 2013-09-30 19:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-16 18:22 - 2013-09-30 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-16 10:55 - 2013-09-30 19:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-16 10:55 - 2013-09-30 19:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-16 10:54 - 2013-09-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-16 10:53 - 2013-09-30 22:57 - 00000000 ____D C:\Windows\system32\MRT
2015-08-16 10:51 - 2013-09-30 22:57 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 10:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 10:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-08 04:27 - 2012-07-26 10:14 - 00793544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 04:27 - 2012-07-26 10:14 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\String Ensemble
2013-09-30 20:30 - 2013-09-30 20:30 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Strings
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Super Strings
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Techno Kit
2014-02-05 18:38 - 2015-06-07 12:43 - 0000156 _____ () C:\Users\Markus Radosztics\AppData\Roaming\WB.CFG
2013-11-06 10:01 - 2014-08-12 18:27 - 0006144 _____ () C:\Users\Markus Radosztics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 18:56 - 2014-12-23 18:56 - 0007606 _____ () C:\Users\Markus Radosztics\AppData\Local\Resmon.ResmonCfg
2015-08-20 22:04 - 2015-08-20 22:04 - 0000187 _____ () C:\Users\Markus Radosztics\AppData\Local\Salttex.exe.config
2013-10-02 17:42 - 2013-10-02 17:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-07 09:16 - 2014-07-07 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\howto
2013-09-30 20:29 - 2013-09-30 20:29 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-09-30 20:30 - 2013-09-30 20:30 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-09-30 20:29 - 2013-09-30 20:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-09-30 20:29 - 2013-09-30 20:29 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\ProgramData\Sync Schema
2013-09-30 20:30 - 2013-09-30 20:30 - 0000268 ___RH () C:\ProgramData\Sync Services
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\ProgramData\Synth Basics
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\Track Settings
2013-09-30 20:30 - 2013-09-30 20:30 - 0000012 ___RH () C:\ProgramData\Transportation
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\Tremolo
Einige Dateien in TEMP:
====================
C:\Users\Markus Radosztics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppap8k2.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-05 18:00
==================== Ende von FRST.txt ============================
|
|
06.09.2015, 11:21
| #38 |
| | Ständig öffnen sich neue Internet-Fenster Und hier noch die Addition.txt Datei: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:04-09-2015
durchgeführt von Markus Radosztics (2015-09-06 12:12:02)
Gestartet von C:\Users\Markus Radosztics\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-817472733-4082136947-4255886928-500 - Administrator - Disabled)
Birgit (S-1-5-21-817472733-4082136947-4255886928-1003 - Limited - Enabled)
Gast (S-1-5-21-817472733-4082136947-4255886928-501 - Limited - Disabled)
Markus Radosztics (S-1-5-21-817472733-4082136947-4255886928-1001 - Administrator - Enabled) => C:\Users\Markus Radosztics
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
A1 FTP (HKLM-x32\...\A1 FTP) (Version: 2.0.0.2 - A1 Telekom Austria AG)
A1 FTP (x32 Version: 2.0.0.2 - A1 Telekom Austria AG) Hidden
A1 Servicecenter (HKLM-x32\...\A1 Servicecenter) (Version: 9.15.1.1250 - A1 Telekom Austria AG)
AdblockIE (HKLM-x32\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ACHTUNG
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BIPA FotoShop (HKLM-x32\...\BIPA FotoShop) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Buzzdock (HKLM-x32\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version: - Alactro LLC) <==== ACHTUNG
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.013 - DataViz, Inc.)
Download Touch (HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.7.1 - Cooking Form corp)
Dropbox (HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Free DVD Video Burner version 3.2.14.415 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: 3.2.14.415 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
GameRanger (HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Great Find (HKLM-x32\...\Great Find) (Version: 2.0.5712.8396 - Great Find) <==== ACHTUNG
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MP3 Voice Recorder 1.1 (HKLM-x32\...\MP3 Voice Recorder_is1) (Version: - prvsoft.com)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ACHTUNG
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.10.0 - Uniblue Systems Limited)
PFPortChecker 1.0.40 (HKLM-x32\...\PFPortChecker) (Version: 1.0.40 - Portforward.com)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.21.0 - Lenovo Group Limited)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shop-wit (HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\shopwit) (Version: - shopwit) <==== ACHTUNG
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trainingspläne Version 1.0 (HKLM-x32\...\{F8A382D7-5453-4E2C-AD53-A598D868B3EE}_is1) (Version: 1.0 - SoccerLobby)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0C5B0539-7EDE-4297-947E-48890971B557}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-817472733-4082136947-4255886928-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2012-07-26 07:26 - 2015-09-03 20:41 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08280EC6-E236-477D-8FDC-386A72A2A602} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001Core => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {09440F26-5401-4511-BACA-C8831EC2AE6D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WAUT0001-Markus Radosztics WAUT0001 => C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {0AA14BEA-6265-4356-B37A-22A64844994F} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ACHTUNG
Task: {19358EAF-E459-4B2E-B626-B274FD9AC389} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {1B5527C1-32B4-4544-962E-CDBC35B902B5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {22CB87F1-4032-464F-8DCA-D3F8C8F9EE1F} - \kajl01mh -> Keine Datei <==== ACHTUNG
Task: {2AC95683-203F-4351-95D1-0B5549C7B91E} - System32\Tasks\cfr3011 => C:\PROGRA~2\FASTSE~1\cfr3011.exe
Task: {2E74F044-78F4-48E0-B6A0-91F591980FEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {379476DD-23F7-4AE9-A6B6-2E7FA392A420} - \avabvbyvyc -> Keine Datei <==== ACHTUNG
Task: {3F194B79-7539-4753-9469-3527204B5883} - \uydate -> Keine Datei <==== ACHTUNG
Task: {502EAA1A-D86F-4B57-A55E-776166884D5B} - System32\Tasks\Download Touch => Rundll32.exe "C:\Users\Markus Radosztics\AppData\Local\Download Touch\Bin\DownloadTouch.dll",#3
Task: {518C3282-A416-49B6-B969-1A4CE1651CCD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001UA => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {5818FE90-AFFD-4AFE-A7D4-A82A9C1B041F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-20] (Adobe Systems Incorporated)
Task: {61B31C95-845F-48F8-8F35-87FE7AB7A398} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-11-22] ()
Task: {69DD6C01-B242-4D39-A995-4FBBF69DEBFA} - \Tempo Runner yvegdufu -> Keine Datei <==== ACHTUNG
Task: {6C0D1B3A-5959-429B-B976-943E2E2BDA93} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {6F8840BE-EF31-437E-AB13-0EE27E62B6A0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {860E4BFE-A40E-44E6-95C2-317DC8DE500A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {878236DC-FBF2-452A-AD7B-DA52D6201AD4} - \r4v4x4kf -> Keine Datei <==== ACHTUNG
Task: {8C34A83F-AB6B-4DD6-A135-184B6A087422} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {971C4DF3-3BA6-45AA-98C3-5F61FF60BFC4} - System32\Tasks\Shop-wit Updater => Wscript.exe //B "C:\Program Files (x86)\shopwit\shopwit\1.4.0.7\..\updt.js" <==== ACHTUNG
Task: {9CAD8B68-4659-477A-A37C-8BEAF0B26426} - \Tempo Runner yveg6ufu -> Keine Datei <==== ACHTUNG
Task: {A212AA42-D059-4D46-B7BE-83AE583825C7} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> Keine Datei <==== ACHTUNG
Task: {BC733704-389B-456E-B1E3-075443E9FB46} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-08-14] (Uniblue Systems Limited)
Task: {C4A8F7C1-E598-4018-A931-9156A8D07AF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {C56BED88-594B-4CA8-AEF4-05952F67352C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {CD556DA3-49F3-4C58-BFA3-14D2354AE1CA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-16] (Microsoft Corporation)
Task: {CE5EBAA0-6FA5-4B7C-A9B2-66052EF9D1FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D57841C2-487D-4F0C-B2BA-C8F9FD6F5C83} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-08-14] (Uniblue Systems Limited)
Task: {E04F0DEA-DAE9-4613-89D1-569AB4AA22B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E3ECD71D-8666-4E50-B69D-C17BEE01A6DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EA1E04AD-175A-4337-B384-468B8A99A42E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {F7BF1A83-9EB9-4C83-B670-BAC351C326A6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {FA6EDE8A-C39F-41FC-A819-6BBA4C030A08} - \MixVideoPlayer Update -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001Core.job => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001UA.job => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\Windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-09-30 19:55 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-03 21:06 - 2015-08-28 03:56 - 01868104 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-03 21:06 - 2015-08-28 03:56 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-03-18 18:45 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-23 20:10 - 2015-05-23 20:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\zlib.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\sqlite.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\tinyxml.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\oDayProtect.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00125280 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16600.237\qmrtpcontroller.dll
2015-08-20 11:43 - 2015-08-20 11:43 - 00030720 _____ () C:\Users\Markus Radosztics\AppData\Local\Download Touch\Bin\DownloadTouch.dll
2015-08-20 11:43 - 2015-08-20 11:43 - 00011776 _____ () C:\Users\Markus Radosztics\AppData\Local\Download Touch\Bin\naoav.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\xImage.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\arkGraphic.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\xGraphic32.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\libpng.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\libjpegturbo.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\libexpatw.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\jgImage.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\jgIOStub.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\MemDefrag.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00170336 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16600.237\qmhipslogpolicy.dll
2015-08-20 22:50 - 2015-08-20 22:50 - 00018272 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQFileFlt.DLL
2015-08-20 22:50 - 2015-08-20 22:50 - 00235872 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMWlanMacDll.dll
2015-08-20 22:50 - 2015-07-21 17:59 - 00387424 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\DlForQd.dll
2014-09-25 13:31 - 2014-09-25 13:31 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2014-01-23 15:55 - 2014-01-23 15:55 - 01030312 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-23 08:54 - 2015-07-03 18:12 - 00778240 _____ () D:\Games\SDL2.dll
2015-07-23 08:54 - 2015-07-03 18:12 - 04962816 _____ () D:\Games\v8.dll
2015-08-21 08:28 - 2015-08-19 22:39 - 02413248 _____ () D:\Games\video.dll
2015-07-23 08:54 - 2015-07-03 18:12 - 01556992 _____ () D:\Games\icui18n.dll
2015-07-23 08:54 - 2015-07-03 18:12 - 01187840 _____ () D:\Games\icuuc.dll
2015-02-06 11:54 - 2014-12-01 23:31 - 02396672 ____N () D:\Games\libavcodec-56.dll
2015-02-06 11:54 - 2014-12-01 23:31 - 00479744 ____N () D:\Games\libavformat-56.dll
2015-02-06 11:54 - 2014-12-01 23:31 - 00332800 ____N () D:\Games\libavresample-2.dll
2015-02-06 11:54 - 2014-12-01 23:31 - 00442880 ____N () D:\Games\libavutil-54.dll
2015-02-06 11:54 - 2014-12-01 23:31 - 00485888 ____N () D:\Games\libswscale-3.dll
2015-08-21 08:28 - 2015-08-19 22:39 - 00704192 _____ () D:\Games\bin\chromehtml.DLL
2015-08-15 11:12 - 2015-07-27 03:13 - 00171008 _____ () D:\Games\bin\openvr_api.dll
2015-07-23 08:54 - 2015-07-03 18:12 - 39553928 _____ () D:\Games\bin\libcef.dll
2015-09-06 12:08 - 2015-09-06 12:08 - 00071168 _____ () c:\Users\Markus Radosztics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppap8k2.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 08:39 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-05-04 20:44 - 2015-05-04 20:44 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "A1Servicecenter"
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\StartupApproved\Run: => "Voobly"
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{12B3E761-7E9C-487C-A6C7-71A94B02A9A6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{0D2D1C41-8235-4996-8423-AAC196CCD3A5}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{987FF516-1D9B-4553-A1BB-A6E48D02E05E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{7A9C7811-E7BE-41EE-95DF-B0C541733236}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{FC58825A-6514-4624-8DCD-0E92D6A5A51D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CC8CDB57-99F2-44D9-B553-88A076EAB0E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A288BFF-DFBA-49C6-9C6C-042CF623F317}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5A35EB0E-2620-4B0D-BF14-0348A0B753C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{631735D1-D72A-4BF3-B345-13962B361B20}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{70AC4E28-6244-4DBA-9D26-66B9B8685C6B}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{AA10494F-E851-412F-9F77-F5C4E912E897}] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{B4C38608-5ABA-4EB1-A254-28AF1E13602E}] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{8196E49A-726B-4E22-B44A-D4A6BEA8AA0B}C:\users\markus radosztics\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\markus radosztics\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{C8AF183D-695A-455F-8E54-335EBF0D17AA}C:\users\markus radosztics\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\markus radosztics\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{B924E48A-941A-453B-A456-076DD7A8218D}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{7251B19A-6116-4C23-99DC-8000CBF4AD37}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{7BCBB288-9D10-4FB2-843C-3A5678A248C0}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{16D07102-1BAD-4891-B845-C039F17C47E2}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{B5BEA6BD-7DD5-4370-8089-A431E9B727CE}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7E087840-41B4-4F24-B6A4-FFC8BEBAEB89}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{1DF54F7F-6297-45D3-B113-80948A28E143}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{67B44643-DE75-41A1-9262-671B980EEB9D}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{F7606471-0FB1-4092-827F-1FB53190140D}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{BC834164-D4A3-47B7-97CC-D2C227FB7D43}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [{3F817821-4983-4364-9208-1D81F08E2CBE}] => (Allow) D:\Games\Steam.exe
FirewallRules: [{2BEEEE53-A5FE-4FDF-9FD5-D35215E1F9A3}] => (Allow) D:\Games\Steam.exe
FirewallRules: [{F2C6C1A4-93A7-45B9-B7BE-9290141C5BF8}] => (Allow) C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B64C189-F926-4B4E-98A1-F542C454DF81}] => (Allow) C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D1742FAF-9B9F-4535-8F74-17D280C40459}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C88C8307-5F55-4D61-8862-887D2105F71E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{08361B9C-1436-43CB-8ED7-7447926105C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0E1ADA58-1E53-4137-BE99-1308CD22FD7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{311887E4-8CD3-43CE-A516-B3636172ED4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EA9A4AA8-7465-4DC4-9766-F9C4BB7ADA05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F553A41-E2B2-43AB-BE0A-32D3C00D5D2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F543D06-198A-4CE1-8015-EB85EF9BEE57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{60607916-FF32-4CCF-8F30-14EFCD720AC7}D:\games\the witcher 2\bin\witcher2.exe] => (Allow) D:\games\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{633C3547-A42F-4E3E-953E-B7370EE3D597}D:\games\the witcher 2\bin\witcher2.exe] => (Allow) D:\games\the witcher 2\bin\witcher2.exe
FirewallRules: [{CAC76C0B-DBB3-45DB-8440-C891678DDE50}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{249EA525-E665-4421-9D68-2D095DDDAB85}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D19A8191-86A5-4394-AD86-CBE673C02324}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{81A1BDEB-5C5A-4163-9620-199C1B55DABC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{84124389-5F23-460B-A440-0B0C1890B2C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E9C02F06-B9E6-4612-B312-9AA2E15DB41D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{61993195-3FAF-49A2-96FB-79734E8CFDFF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{48E4F530-43F6-43F0-B854-5DD43FDF710D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A4B35422-C5DD-4495-8ADB-D1CAFF586E3F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{BCBF0BF4-46EE-477F-B7E6-A7AF46299B6A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{80D26611-50A7-48D4-894D-3036FC65A47F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B18147B6-59FF-45EC-AC63-E0238E149424}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FFBC0C40-06CB-4D5A-861A-F5EBEDD4A235}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{81379960-4816-40C3-BB95-629C50136E29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7188B560-63DB-4CF1-A9E0-787EF40AC57F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{46A6122F-F0A5-48B8-8800-4D4FE2872C1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{DF34092E-2C88-4CFD-817B-46AF1CC8779F}D:\games\anno1701.exe] => (Allow) D:\games\anno1701.exe
FirewallRules: [UDP Query User{F84FA8AF-E620-4056-99DB-B1C428CE4CA4}D:\games\anno1701.exe] => (Allow) D:\games\anno1701.exe
FirewallRules: [TCP Query User{686F978E-85C5-44E0-B9C8-AE75D9A53DC2}D:\games\scda-offline\system\splintercell4.exe] => (Allow) D:\games\scda-offline\system\splintercell4.exe
FirewallRules: [UDP Query User{ED50F34F-878E-4D91-A7DB-77D76C2C96D2}D:\games\scda-offline\system\splintercell4.exe] => (Allow) D:\games\scda-offline\system\splintercell4.exe
FirewallRules: [{33133F83-68DE-40BE-AEF1-A346CE63EAD4}] => (Allow) D:\Games\AssassinsCreed_Dx9.exe
FirewallRules: [{B3610912-69F4-4AAC-93C7-A0C6B8D6C7D7}] => (Allow) D:\Games\AssassinsCreed_Dx9.exe
FirewallRules: [{482BD8FC-11B2-420E-82D2-204AAE387526}] => (Allow) D:\Games\AssassinsCreed_Dx10.exe
FirewallRules: [{F176C00A-8546-48C3-BF1C-4F91D5282750}] => (Allow) D:\Games\AssassinsCreed_Dx10.exe
FirewallRules: [{8779B77A-DFDE-4515-8316-34327377D91C}] => (Allow) D:\Games\AssassinsCreed_Launcher.exe
FirewallRules: [{9F87AE0A-D5B3-4BBD-ADCE-0F9D1FDEA32D}] => (Allow) D:\Games\AssassinsCreed_Launcher.exe
FirewallRules: [TCP Query User{241BEA33-F8CD-42ED-BFFE-A7D024F27EC9}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{47776DAF-CB2C-46E9-8991-85629B7A3700}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{B5A0C5A7-3171-4A3E-BD5C-D85CECAAEA52}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{941EBA13-30EB-4A5E-9F69-77B354F7DCFC}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{4228E08D-F8D1-41BE-8582-6A9305E396A1}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{BF516944-921E-455B-97A1-297B66461948}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [{9D2B2EE2-9A95-49AE-97DC-B096BBEDDBF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0AA0215A-E361-4497-B674-D132141C2B8A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F86C7526-1C2C-451C-AE70-329EBDD35181}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C4F565F5-1F71-4D5E-8BF6-7E53782A4D04}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{98AC1056-6902-4888-AABD-47E3D88B374F}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [UDP Query User{406439DB-01F5-4A3D-92EE-F976D1C02679}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [TCP Query User{76EDB886-AFA1-45F5-B6C3-DABC75B2F832}C:\users\markus radosztics\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\markus radosztics\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B3A31E5A-F91D-4B3F-8ECB-149122830FAE}C:\users\markus radosztics\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\markus radosztics\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{471DD0F4-DC65-4D6F-9944-220D8AAE2262}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{F2EEED6D-1097-40A9-8B0F-2034AE954873}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Block) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{B11663E4-AA0D-4BE8-86B1-E07B2DCA81A5}] => (Allow) C:\Users\Markus Radosztics\AppData\Local\Temp\7zS2B4B\HPDiagnosticCoreUI.exe
FirewallRules: [{9370E132-F236-4946-8725-87645974FD3E}] => (Allow) C:\Users\Markus Radosztics\AppData\Local\Temp\7zS2B4B\HPDiagnosticCoreUI.exe
FirewallRules: [{34094EED-F640-4601-B570-997DA2FCD630}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E13BCE5A-E3F0-4D84-BE81-CA2514BC3A14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E98DA5B0-04D8-404E-9F9B-98FBD50FD112}] => (Allow) D:\Games\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8FB00592-0A35-4679-98F6-052FD8EA12C8}] => (Allow) D:\Games\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BDF8133B-B8E0-4115-9794-5A4226F38864}] => (Allow) D:\Games\bin\steamwebhelper.exe
FirewallRules: [{A81B79DD-9911-496B-82B9-8317A01E931E}] => (Allow) D:\Games\bin\steamwebhelper.exe
FirewallRules: [{59098536-8438-43D4-B99D-AE669B33324A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83B3AAA4-C887-4561-978A-177EFCCBFCDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D95A1B7-46BE-4D45-A9A3-B2F0674F83D9}] => (Allow) C:\Users\Markus Radosztics\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{878D66FB-642F-4002-B78C-3264D6DED797}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{3411AC9F-C963-45A6-A56A-05BEDB0254D8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{53E3F4FD-DA25-4C0A-8DFD-9D2C8CA5E0BC}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{82B4783A-8699-47D1-BBA1-07D499887559}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{6CDCCD7F-3CF7-4301-850E-0B8EF70A4345}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{37E7E30E-52A5-4CBD-9F23-48EF1B0928C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2EF957BD-D2FA-4B61-A4AD-D802CCCBD1B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{70F202A2-6861-46DC-AC68-B0CEEEA52A10}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3904D36F-AD19-400E-8D2B-A015A7AA6AAD}] => (Allow) D:\Games\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{C02C5DA9-4129-4ACB-B503-3CFA0A6D8BFB}] => (Allow) D:\Games\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{54948370-F857-4C29-AA8A-111C8711AFCD}] => (Allow) D:\Games\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{7313EE1C-3056-4590-A330-0AA9C2246B85}] => (Allow) D:\Games\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{DEB8EC5C-4039-43F2-854D-4C7236AD9770}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{337B17F3-F1FA-40D6-A5A0-3D0F7C52A67B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C75380E9-70C2-4E4F-BB03-34F3191BB24A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0D44F898-7D3B-448E-B8BF-50359D5D446B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{337AC53C-A509-490F-8588-7A52F23A62EC}] => (Allow) D:\Games\bin\farcry3.exe
FirewallRules: [{9F022CF2-123B-4803-BA37-BE5FD2512EAC}] => (Allow) D:\Games\bin\farcry3.exe
FirewallRules: [{AF5516BA-BAFF-4B49-B43D-11054FDB085B}] => (Allow) D:\Games\bin\farcry3_d3d11.exe
FirewallRules: [{ABC098A1-31A1-4BBC-9D58-72B06297CA2B}] => (Allow) D:\Games\bin\farcry3_d3d11.exe
FirewallRules: [{8BC0DD0D-4478-46E4-A629-E0F26340005A}] => (Allow) D:\Games\bin\FC3Updater.exe
FirewallRules: [{26F0BABC-3AD8-4FCE-9C5A-59495B4F9A9A}] => (Allow) D:\Games\bin\FC3Updater.exe
FirewallRules: [{459E580B-97E5-46D3-A83D-622BE01EAE3C}] => (Allow) D:\Games\bin\FC3Editor.exe
FirewallRules: [{33FCF5B1-CCDB-40F0-A064-9993F2146E5E}] => (Allow) D:\Games\bin\FC3Editor.exe
FirewallRules: [{E58573E7-278D-49C3-9377-55D2A756BB7C}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter.exe
FirewallRules: [{CC6B6AC3-6EC3-4985-9C28-DEB844794FA4}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter.exe
FirewallRules: [{E1585497-8F14-4028-9351-3F71332DBD8B}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Breitband\A1Breitband.exe
FirewallRules: [{897820FC-81EB-4296-AD9D-545E5C30FB6C}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Breitband\A1Breitband.exe
FirewallRules: [{C6FE6463-91FA-4545-BBBE-D08780263350}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Modemkonfigurator.exe
FirewallRules: [{4C04A79B-DF5F-48F8-BDE8-0CCEB0EF54CA}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Modemkonfigurator.exe
FirewallRules: [{C02090B6-F2BC-4240-8F51-57B0A148C73B}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1WLANAssistent.exe
FirewallRules: [{5712DE55-B263-4979-8998-8336248192FF}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1WLANAssistent.exe
FirewallRules: [{88803B51-2B5C-4DCF-A0A5-BCAFE5F03484}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{6DA6EC79-C986-4EB9-9C97-2649E777D4BD}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{208386AA-6AC6-4959-944A-AA02966D49FB}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{90E13911-2650-4F9D-AA8F-B369FE9F5668}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Bandbreiten-Optimierer\A1_Bandbreiten_Optimierer.exe
FirewallRules: [{0CC7B285-2DB0-4469-ACDD-76A0D5D242ED}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Launcher.exe
FirewallRules: [{2255FA6E-0604-45B7-9D7C-7EF982323510}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Launcher.exe
FirewallRules: [{D198254A-A587-4F02-B0A3-B701338561B2}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Repair.exe
FirewallRules: [{633F22E1-49A4-4C86-AD85-EA0D349F3C7B}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Repair.exe
FirewallRules: [{D6A5A135-01CA-4AF7-8B5A-C433E30CB3BF}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Update\M2Updater.exe
FirewallRules: [{23ED350D-714D-4D8E-9E86-D91203F8B97C}] => (Allow) C:\Program Files (x86)\A1 Servicecenter\A1 Update\M2Updater.exe
FirewallRules: [{A62D9383-46D4-4D40-84DA-79D91790488E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{2A01625E-DD1D-4CBE-B343-C780D635F06E}D:\programme\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) D:\programme\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{BC18BE9D-50A6-412D-9DFB-1E69365CAEB3}D:\programme\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) D:\programme\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{C4BCFB2C-99FF-4A1C-A8E1-7F6D0B99968D}] => (Block) D:\programme\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{4BFB5C97-7717-4F37-8400-D625E73D041D}] => (Block) D:\programme\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{26FC30DF-C223-4D9E-8762-D48DBBA55E88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F17963F4-F7E5-4E24-B63E-C74037F847CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{230CBD3C-9CE7-4E56-AD47-0FA93346D2B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9741CE97-4A4B-4958-98A0-6B76EF98CBFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E16E6FB-227E-4CEF-B40D-C368019BF49C}] => (Allow) D:\Programme\iTunes.exe
FirewallRules: [{00BAF558-C598-4ACC-8CB1-673B21B22682}] => (Allow) C:\ProgramData\CismaUva\yvegaufu.exe
FirewallRules: [{ACC5F159-5D47-456D-9C1E-B97440C83ACF}] => (Allow) C:\ProgramData\CismaUva\yvegaufu.exe
FirewallRules: [{0C9BF516-62E4-44A8-9280-94D88E2CA4AF}] => (Allow) C:\ProgramData\CismaUva\yvegaufu.exe
FirewallRules: [{A68E62CE-E196-455F-A1C3-841E75644EB6}] => (Allow) C:\ProgramData\CismaUva\yvegaufu.exe
FirewallRules: [{C54CF248-A46B-4D55-8FC7-80FF596CB0DF}] => (Allow) C:\ProgramData\CismaUva\yvegaufu.exe
FirewallRules: [{C10A2BD9-E568-4001-B226-14D79C961F66}] => (Allow) C:\Users\Markus Radosztics\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{FB482CCC-DD7A-4EF5-BC84-7F246AE611AB}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{1585EDFE-882C-4D90-BF72-51C701914DAD}] => (Allow) C:\Users\Markus Radosztics\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{DBB5A24F-ABD3-48A5-91B8-6537EF786CFC}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{733D1E73-4DF4-44B3-8A6C-548A81EA6073}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{837CBD94-ECED-478B-BE5A-FA3C5F0848BA}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{16BCA34B-D431-463C-9961-25F7C4A28289}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{149AFFC1-442F-4340-960F-6E2EA2D2985E}] => (Allow) C:\Users\Markus Radosztics\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{A3B68274-7E68-4B18-87CA-42263D0548E7}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{D21FE96F-B2FD-4BD5-AF5D-8230B7188D67}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{A0E39C1F-35A4-4676-9914-04D896ACF436}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{C38B8230-46CB-4C6F-BC6C-3158BD76597B}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{5075A044-7476-401D-AEAD-FF0C961C2C73}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCmgrInstallGuide.exe
FirewallRules: [{12C1D804-E466-4860-996A-409D6C6EF399}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTray.exe
FirewallRules: [{D8201932-2D14-48CD-8ED7-814D48DADB57}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCMgr.exe
FirewallRules: [{63F01131-7031-4AC6-9F58-5503DA875D1E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe
FirewallRules: [{83B49673-DACA-4081-80D7-C8320F375E49}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMDL.exe
FirewallRules: [{59F08ECC-D6A4-4D2E-8A71-259BCB8B77B4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\bugreport.exe
FirewallRules: [{5423457B-6977-4059-B2C0-908B4FA2ECE8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCFileOpen.exe
FirewallRules: [{E140DBD7-9AA1-4935-8C2B-BC3A4A2E583F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCLeakScan.exe
FirewallRules: [{A26C05B4-03F0-420A-90D9-89904F44B639}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPConfig.exe
FirewallRules: [{8CB13215-B7E9-4AE9-BA52-C83EF4C96852}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCSoftMgr.exe
FirewallRules: [{8B64120D-5DAA-40E3-B8BD-A177662DC242}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{A5397A6B-7671-4838-AC6F-0022DE7F34E4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCBTU.exe
FirewallRules: [{395C7856-0C09-45A5-8A55-F8F01E8A2563}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{49618F40-7F3C-4B36-B709-C2480D8E6B21}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{D375CCE9-2116-4B38-9534-0CC4D4B36022}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCClinic.exe
FirewallRules: [{CAA14072-CED8-47C2-B1F2-B37BE936C9AB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCLaunch.exe
FirewallRules: [{B92F42D6-99A6-47A5-BEC4-224ED612BD93}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{CBC119E8-2255-4EE2-8A57-C04994B2146C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCSoftGame.exe
FirewallRules: [{F2A519BC-7E24-406E-8CBE-5C148CA0B6FE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCSysOptimize.exe
FirewallRules: [{2D0719A7-7248-4B84-A511-5FAD93918F0A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCUpdateAVLib.exe
FirewallRules: [{C87FC956-94F9-4082-97F0-0E193A82344E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQRepair.exe
FirewallRules: [{E4305D4F-D3DA-4AEE-81A1-CEB88A0B3A27}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\Uninst.exe
FirewallRules: [{97D6C8F4-0C38-4C7D-A7DF-B2926B413A2F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCPatch.exe
FirewallRules: [{A658C87D-0F05-4686-899B-BCA83FEC0171}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TpkUpdate.exe
FirewallRules: [{1028DC81-F7B9-42A1-AA04-4FC2814B9229}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMRouterMgr.exe
FirewallRules: [{9E93657B-5BF0-4EEE-8C6D-ED7EA7381962}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMAccountProtection.exe
FirewallRules: [{092BBC61-02B5-453E-95A4-88FEF899ACEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMAdBlock.exe
FirewallRules: [{FFA2506E-596B-4241-BFA0-F655FC192FC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/06/2015 12:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.3.5716, Zeitstempel: 0x55ddb213
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.3.5716, Zeitstempel: 0x55dda062
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e250
ID des fehlerhaften Prozesses: 0x304c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (09/05/2015 08:55:58 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 0000000000000178,0x0053c008,0000000C82609A80,0,0000000C8260AED0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 08:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 15.0.4745.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3bc
Startzeit: 01d0e805905d6f79
Endzeit: 36
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
Berichts-ID: ddfb05ff-53f8-11e5-8060-448a5ba07b78
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/05/2015 08:06:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 15.0.4745.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fd0
Startzeit: 01d0e7da043ca6c1
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
Berichts-ID: c11eabbc-53f8-11e5-8060-448a5ba07b78
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/05/2015 07:54:37 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 0000000000000178,0x0053c008,0000007828069950,0,00000078286A1080,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 07:31:51 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 00000000000001D0,0x0053c008,000000782806DCA0,0,000000782806AED0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 07:11:44 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 00000000000001CC,0x0053c008,000000782806DCA0,0,00000078286A1080,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 06:41:33 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 00000000000001A4,0x0053c008,0000007828069950,0,000000782806AED0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 06:21:25 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 0000000000000160,0x0053c008,0000007828069A80,0,000000782806AED0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/04/2015 12:25:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 280875
Systemfehler:
=============
Error: (09/06/2015 12:07:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASUS Com Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/06/2015 12:07:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst ASUS Com Service erreicht.
Error: (09/06/2015 12:04:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/06/2015 12:04:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/06/2015 12:04:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "acengine" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (09/06/2015 12:04:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/06/2015 12:04:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/06/2015 12:04:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IHProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/06/2015 12:04:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/06/2015 12:04:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (09/06/2015 12:04:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250304c01d0e88a53c0b16cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllb4f29375-547e-11e5-8061-448a5ba07b78
Error: (09/05/2015 08:55:58 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 0000000000000178,0x0053c008,0000000C82609A80,0,0000000C8260AED0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 08:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE15.0.4745.10003bc01d0e805905d6f7936C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEddfb05ff-53f8-11e5-8060-448a5ba07b78
Error: (09/05/2015 08:06:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE15.0.4745.10001fd001d0e7da043ca6c10C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEc11eabbc-53f8-11e5-8060-448a5ba07b78
Error: (09/05/2015 07:54:37 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 0000000000000178,0x0053c008,0000007828069950,0,00000078286A1080,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 07:31:51 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 00000000000001D0,0x0053c008,000000782806DCA0,0,000000782806AED0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 07:11:44 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 00000000000001CC,0x0053c008,000000782806DCA0,0,00000078286A1080,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 06:41:33 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 00000000000001A4,0x0053c008,0000007828069950,0,000000782806AED0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/05/2015 06:21:25 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{3b8db6ad-29f4-11e3-be66-806e6f6e6963} - 0000000000000160,0x0053c008,0000007828069A80,0,000000782806AED0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (09/04/2015 12:25:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 280875
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8143.88 MB
Verfügbarer physikalischer RAM: 6115.34 MB
Summe virtueller Speicher: 16335.88 MB
Verfügbarer virtueller Speicher: 13852.79 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:111.45 GB) (Free:2.84 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:735.23 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2A03BD70)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A03BD6D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
07.09.2015, 07:27
| #39 |
| /// the machine /// TB-Ausbilder | Ständig öffnen sich neue Internet-Fenster Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Bitte die folgende Fixlist im Texteditor als Codierung: UNICODE speichern!!! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses:
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe [297608 2015-08-20] (Tencent)
S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TAOFrame.exe [293856 2015-08-20] (Tencent)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTRAY.EXE [355296 2015-08-20] (Tencent)
C:\Program Files (x86)\Tencent
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
C:\Program Files (x86)\Rising
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-12] (Voobly)
C:\Program Files (x86)\Voobly
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [GoogleChromeAutoLaunch_FEA560871AAA9104DF8D8385F4A465BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240 2015-08-28] (Google Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMGCShellExt64.dll [2015-08-20] (Tencent)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSWebMon64.dat [2015-08-20] (Tencent)
BHO-x32: Great Find -> {1cc2bb80-20ab-43e5-b958-432d72b546ca} -> C:\Program Files (x86)\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll Keine Datei
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\npQMExtensionsMozilla.dll [2015-08-20] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll Keine Datei
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\findit.xml [2015-08-27]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\istartsurf.xml [2015-08-21]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\mystartsearch.xml [2015-08-23]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\search-provided-by-yahoo.xml [2015-08-20]
FF Extension: Default SearchProtected - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\defsearchp@gmail.com [2015-08-19]
FF Extension: Great Find - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{0a4ee680-ecac-4e89-b625-5139f7130e30}.xpi [2015-08-22]
FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> "search_url":"hxxp://feed.baboom.audio/?st=ds&query={searchTerms}"
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR DefaultSuggestURL: Default ->
CHR Extension: (Baboom Search) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2015-09-06]
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMUdisk64.sys [62264 2015-08-20] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQSysMonX64.sys [138040 2015-08-20] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2015-08-20] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2015-08-20] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-08-20] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TS888x64.sys [28984 2015-09-06] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSDefenseBT64.sys [28472 2015-08-20] (Tencent)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSSysKit64.sys [87352 2015-08-20] (电脑管家)
C:\Windows\system32\Drivers\TAOAccelerator64.sys
C:\Windows\System32\Drivers\TAOKernel64.sys
C:\Windows\System32\Drivers\TFsFltX64.sys
2015-09-06 12:07 - 2015-09-06 12:07 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-09-04 09:19 - 2015-09-04 09:19 - 00861968 _____ C:\Windows\Minidump\090415-13125-01.dmp
2015-08-22 17:34 - 2015-08-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-22 14:31 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\Great Find
2015-08-22 14:30 - 2015-08-23 12:04 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\OpenCandy
Task: {0AA14BEA-6265-4356-B37A-22A64844994F} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ACHTUNG
Task: {1B5527C1-32B4-4544-962E-CDBC35B902B5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {22CB87F1-4032-464F-8DCA-D3F8C8F9EE1F} - \kajl01mh -> Keine Datei <==== ACHTUNG
Task: {379476DD-23F7-4AE9-A6B6-2E7FA392A420} - \avabvbyvyc -> Keine Datei <==== ACHTUNG
Task: {3F194B79-7539-4753-9469-3527204B5883} - \uydate -> Keine Datei <==== ACHTUNG
Task: {69DD6C01-B242-4D39-A995-4FBBF69DEBFA} - \Tempo Runner yvegdufu -> Keine Datei <==== ACHTUNG
Task: {878236DC-FBF2-452A-AD7B-DA52D6201AD4} - \r4v4x4kf -> Keine Datei <==== ACHTUNG
Task: {971C4DF3-3BA6-45AA-98C3-5F61FF60BFC4} - System32\Tasks\Shop-wit Updater => Wscript.exe //B "C:\Program Files (x86)\shopwit\shopwit\1.4.0.7\..\updt.js" <==== ACHTUNG
Task: {9CAD8B68-4659-477A-A37C-8BEAF0B26426} - \Tempo Runner yveg6ufu -> Keine Datei <==== ACHTUNG
Task: {A212AA42-D059-4D46-B7BE-83AE583825C7} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> Keine Datei <==== ACHTUNG
Task: {C56BED88-594B-4CA8-AEF4-05952F67352C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {EA1E04AD-175A-4337-B384-468B8A99A42E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {FA6EDE8A-C39F-41FC-A819-6BBA4C030A08} - \MixVideoPlayer Update -> Keine Datei <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.09.2015, 23:41
| #40 |
| | Ständig öffnen sich neue Internet-Fenster Hallo Schrauber, mit dem Revo Uninstaller hab ich alles durchgeführt. Es kam zwar immer die Fehlermeldung: "Uninstall ist fehlgeschlagen! Vermutlich ungültiger deinstall Befehl!" Aber ich hab dann weitergemacht und alles gelöscht, nur beim ersten Programm Any Protect hab ich nur die fetten Einträge markiert und gelöscht, denn da war ich noch von der Fehlermeldung verwirrt. Hier das Fixlog.txt File: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-09-2015
durchgeführt von Markus Radosztics (2015-09-08 00:35:39) Run:6
Gestartet von C:\Users\Markus Radosztics\Downloads
Geladene Profile: Markus Radosztics (Verfügbare Profile: Markus Radosztics)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe [297608 2015-08-20] (Tencent)
S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TAOFrame.exe [293856 2015-08-20] (Tencent)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTRAY.EXE [355296 2015-08-20] (Tencent)
C:\Program Files (x86)\Tencent
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
C:\Program Files (x86)\Rising
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-12] (Voobly)
C:\Program Files (x86)\Voobly
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [GoogleChromeAutoLaunch_FEA560871AAA9104DF8D8385F4A465BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240 2015-08-28] (Google Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\RunOnce: [Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMGCShellExt64.dll [2015-08-20] (Tencent)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSWebMon64.dat [2015-08-20] (Tencent)
BHO-x32: Great Find -> {1cc2bb80-20ab-43e5-b958-432d72b546ca} -> C:\Program Files (x86)\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll Keine Datei
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: findit
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Keine Datei]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\npQMExtensionsMozilla.dll [2015-08-20] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll Keine Datei
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\findit.xml [2015-08-27]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\istartsurf.xml [2015-08-21]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\mystartsearch.xml [2015-08-23]
FF SearchPlugin: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\search-provided-by-yahoo.xml [2015-08-20]
FF Extension: Default SearchProtected - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\defsearchp@gmail.com [2015-08-19]
FF Extension: Great Find - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{0a4ee680-ecac-4e89-b625-5139f7130e30}.xpi [2015-08-22]
FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> "search_url":"hxxp://feed.baboom.audio/?st=ds&query={searchTerms}"
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR DefaultSuggestURL: Default ->
CHR Extension: (Baboom Search) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2015-09-06]
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QMUdisk64.sys [62264 2015-08-20] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQSysMonX64.sys [138040 2015-08-20] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2015-08-20] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2015-08-20] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-08-20] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TS888x64.sys [28984 2015-09-06] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSDefenseBT64.sys [28472 2015-08-20] (Tencent)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSSysKit64.sys [87352 2015-08-20] (电脑管家)
C:\Windows\system32\Drivers\TAOAccelerator64.sys
C:\Windows\System32\Drivers\TAOKernel64.sys
C:\Windows\System32\Drivers\TFsFltX64.sys
2015-09-06 12:07 - 2015-09-06 12:07 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-09-04 09:19 - 2015-09-04 09:19 - 00861968 _____ C:\Windows\Minidump\090415-13125-01.dmp
2015-08-22 17:34 - 2015-08-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-22 14:31 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\Great Find
2015-08-22 14:30 - 2015-08-23 12:04 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\OpenCandy
Task: {0AA14BEA-6265-4356-B37A-22A64844994F} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ACHTUNG
Task: {1B5527C1-32B4-4544-962E-CDBC35B902B5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {22CB87F1-4032-464F-8DCA-D3F8C8F9EE1F} - \kajl01mh -> Keine Datei <==== ACHTUNG
Task: {379476DD-23F7-4AE9-A6B6-2E7FA392A420} - \avabvbyvyc -> Keine Datei <==== ACHTUNG
Task: {3F194B79-7539-4753-9469-3527204B5883} - \uydate -> Keine Datei <==== ACHTUNG
Task: {69DD6C01-B242-4D39-A995-4FBBF69DEBFA} - \Tempo Runner yvegdufu -> Keine Datei <==== ACHTUNG
Task: {878236DC-FBF2-452A-AD7B-DA52D6201AD4} - \r4v4x4kf -> Keine Datei <==== ACHTUNG
Task: {971C4DF3-3BA6-45AA-98C3-5F61FF60BFC4} - System32\Tasks\Shop-wit Updater => Wscript.exe //B "C:\Program Files (x86)\shopwit\shopwit\1.4.0.7\..\updt.js" <==== ACHTUNG
Task: {9CAD8B68-4659-477A-A37C-8BEAF0B26426} - \Tempo Runner yveg6ufu -> Keine Datei <==== ACHTUNG
Task: {A212AA42-D059-4D46-B7BE-83AE583825C7} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> Keine Datei <==== ACHTUNG
Task: {C56BED88-594B-4CA8-AEF4-05952F67352C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {EA1E04AD-175A-4337-B384-468B8A99A42E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {FA6EDE8A-C39F-41FC-A819-6BBA4C030A08} - \MixVideoPlayer Update -> Keine Datei <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Emptytemp:
*****************
Prozess erfolgreich geschlossen.
QQPCRTP => Dienst konnte nicht entfernt werden
TAOFrame => Dienst erfolgreich entfernt
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert konnte nicht entfernt werden.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => Wert konnte nicht entfernt werden.
C:\Program Files (x86)\Tencent => erfolgreich verschoben
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => Wert erfolgreich entfernt
C:\Program Files (x86)\Rising => erfolgreich verschoben
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Voobly => Wert erfolgreich entfernt
C:\Program Files (x86)\Voobly => erfolgreich verschoben
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FEA560871AAA9104DF8D8385F4A465BE => Wert erfolgreich entfernt
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 => Wert erfolgreich entfernt
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\17.3.5907.0716 => Wert erfolgreich entfernt
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cc2bb80-20ab-43e5-b958-432d72b546ca} => Schlüssel nicht gefunden.
HKCR\Wow6432Node\CLSID\{1cc2bb80-20ab-43e5-b958-432d72b546ca} => Schlüssel nicht gefunden.
Firefox "newtab" erfolgreich entfernt
Firefox DefaultSearchEngine erfolgreich entfernt
"HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll => erfolgreich verschoben
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\npQMExtensionsMozilla.dll => nicht gefunden.
"HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => Schlüssel erfolgreich entfernt
C:\IQIYI Video\LStyle\npWebPlayer.dll => nicht gefunden.
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\findit.xml => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\istartsurf.xml => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\mystartsearch.xml => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\searchplugins\search-provided-by-yahoo.xml => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\defsearchp@gmail.com => erfolgreich verschoben
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\defsearchp@gmail.com => Pfad erfolgreich entfernt
C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{0a4ee680-ecac-4e89-b625-5139f7130e30}.xpi => erfolgreich verschoben
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => erfolgreich verschoben
Chrome HomePage erfolgreich entfernt
Chrome StartupUrls erfolgreich entfernt
Chrome DefaultSearchURL erfolgreich entfernt
Chrome DefaultSearchKeyword erfolgreich entfernt
Chrome DefaultSuggestURL => nicht gefunden.
C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe => erfolgreich verschoben
QMUdisk => Dienst konnte nicht gestoppt werden.
QMUdisk => Dienst erfolgreich entfernt
QQSysMonX64 => Dienst konnte nicht gestoppt werden.
QQSysMonX64 => Dienst konnte nicht entfernt werden
TAOAccelerator => Dienst konnte nicht gestoppt werden.
TAOAccelerator => Dienst erfolgreich entfernt
TAOKernelDriver => Dienst konnte nicht gestoppt werden.
TAOKernelDriver => Dienst erfolgreich entfernt
TFsFlt => Dienst konnte nicht gestoppt werden.
TFsFlt => Dienst konnte nicht entfernt werden
TS888x64 => Dienst konnte nicht gestoppt werden.
TS888x64 => Dienst erfolgreich entfernt
TSDefenseBt => Dienst konnte nicht gestoppt werden.
TSDefenseBt => Dienst konnte nicht entfernt werden
TSSysKit => Dienst konnte nicht gestoppt werden.
TSSysKit => Dienst erfolgreich entfernt
C:\Windows\system32\Drivers\TAOAccelerator64.sys => erfolgreich verschoben
C:\Windows\System32\Drivers\TAOKernel64.sys => erfolgreich verschoben
Konnte nicht verschoben werden "C:\Windows\System32\Drivers\TFsFltX64.sys" => ist geplant bei Neustart verschoben zu werden.
C:\Windows\SysWOW64\Drivers\TS888x64.sys => erfolgreich verschoben
C:\Windows\Minidump\090415-13125-01.dmp => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 => erfolgreich verschoben
"C:\Program Files (x86)\Great Find" => Datei/Ordner nicht gefunden.
C:\Users\Markus Radosztics\AppData\Roaming\OpenCandy => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AA14BEA-6265-4356-B37A-22A64844994F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AA14BEA-6265-4356-B37A-22A64844994F}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\LaunchPreSignup => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B5527C1-32B4-4544-962E-CDBC35B902B5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B5527C1-32B4-4544-962E-CDBC35B902B5}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\APSnotifierPP3 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22CB87F1-4032-464F-8DCA-D3F8C8F9EE1F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22CB87F1-4032-464F-8DCA-D3F8C8F9EE1F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kajl01mh" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{379476DD-23F7-4AE9-A6B6-2E7FA392A420}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{379476DD-23F7-4AE9-A6B6-2E7FA392A420}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbyvyc" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F194B79-7539-4753-9469-3527204B5883}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F194B79-7539-4753-9469-3527204B5883}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uydate" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69DD6C01-B242-4D39-A995-4FBBF69DEBFA}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DD6C01-B242-4D39-A995-4FBBF69DEBFA}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner yvegdufu" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{878236DC-FBF2-452A-AD7B-DA52D6201AD4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{878236DC-FBF2-452A-AD7B-DA52D6201AD4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\r4v4x4kf" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{971C4DF3-3BA6-45AA-98C3-5F61FF60BFC4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{971C4DF3-3BA6-45AA-98C3-5F61FF60BFC4}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\Shop-wit Updater => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shop-wit Updater" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CAD8B68-4659-477A-A37C-8BEAF0B26426}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CAD8B68-4659-477A-A37C-8BEAF0B26426}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner yveg6ufu" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A212AA42-D059-4D46-B7BE-83AE583825C7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A212AA42-D059-4D46-B7BE-83AE583825C7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C56BED88-594B-4CA8-AEF4-05952F67352C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C56BED88-594B-4CA8-AEF4-05952F67352C}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\APSnotifierPP2 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA1E04AD-175A-4337-B384-468B8A99A42E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA1E04AD-175A-4337-B384-468B8A99A42E}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\APSnotifierPP1 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA6EDE8A-C39F-41FC-A819-6BBA4C030A08}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6EDE8A-C39F-41FC-A819-6BBA4C030A08}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MixVideoPlayer Update" => Schlüssel erfolgreich entfernt
C:\Windows\Tasks\APSnotifierPP1.job => erfolgreich verschoben
C:\Windows\Tasks\APSnotifierPP2.job => erfolgreich verschoben
C:\Windows\Tasks\APSnotifierPP3.job => erfolgreich verschoben
EmptyTemp: => 255.6 MB temporäre Dateien entfernt.
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2015-09-08 00:38:36)<=
C:\Windows\System32\Drivers\TFsFltX64.sys => ist erfolgreich verschoben
==== Ende von Fixlog 00:38:36 ====
|
|
08.09.2015, 18:25
| #41 |
| /// the machine /// TB-Ausbilder | Ständig öffnen sich neue Internet-Fenster Dann bitte nochmal ein neues Set FRST Scan logs aus dem normalen Modus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2015, 23:11
| #42 |
| | Ständig öffnen sich neue Internet-Fenster Hallo Schrauber, hier hast du ein neues FRST Scan log aus dem normalen Modus: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
durchgeführt von Markus Radosztics (Administrator) auf WAUT0001 (09-09-2015 00:10:08)
Gestartet von C:\Users\Markus Radosztics\Downloads
Geladene Profile: Markus Radosztics (Verfügbare Profile: Markus Radosztics)
Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Valve Corporation) D:\Games\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(Valve Corporation) D:\Games\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(XTab system) C:\Program Files (x86)\MiniLite\ProtectService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => "D:\Programme\iTunesHelper.exe"
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [A1Servicecenter] => C:\Program Files (x86)\A1 Servicecenter\A1 Servicecenter\A1Servicecenter_Launcher.exe [11467864 2015-05-27] (A1)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCTRAY.EXE" /regrun /qqrepair
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Steam] => D:\Games\Steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [Dropbox Update] => C:\Users\Markus Radosztics\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Run: [OneDrive] => C:\Users\Markus Radosztics\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-01-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-18]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-10-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Markus Radosztics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\..\Interfaces\{0FFDF7C3-8718-450E-A4A2-9C59BD350F78}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{DD37C3EA-4E32-4412-AC18-EA239FC6029F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg
HKU\S-1-5-21-817472733-4082136947-4255886928-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: af0.Adblock.BHO -> {90EFF544-3981-4d46-85C9-C0361D0931D6} -> C:\Windows\SysWOW64\mscoree.dll [2012-06-02] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Markus Radosztics\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-817472733-4082136947-4255886928-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: deskCut - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\deskCutv2@gmail.com [2015-08-19]
FF Extension: A1 Servicecenter - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{594657B4-413A-41D0-8F85-A6D3F35C9BDF} [2015-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-06]
FF Extension: "Download Touch - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\Extensions\@73ABDD53B667F486D5ACC6A263CED1CC73AB.xpi [2015-08-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-30]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Markus Radosztics\AppData\Roaming\Mozilla\Firefox\Profiles\febuujst.default\extensions\deskCutv2@gmail.com
FF HKU\S-1-5-21-817472733-4082136947-4255886928-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\73ABDD53B667F486D5ACC6A263CED1CC73AB.js [2015-08-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bz-FcOk_3gj-vPv3NlKo8MSBpvROYxPxZtiNBg5BVI482FpkZWURTZlEyu3DxrLfqf4rEYcVqXlnHexXU-ja3dV3ahbEdYF-OEBnIw3mKioExzPx9kIJDSZOm2sjjHBeUhtIVCGzpU25QfPuZFu2DtlzTaR2S
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSearchURL: Default -> hxxp://feed.baboom.audio/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Baboom Search) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2015-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Markus Radosztics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR Extension: () - C:\Users\Markus Radosztics\AppData\Local\Download Touch\Component [2015-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 Hamachi2Svc; D:\Games\LogMeIn Hamachi\hamachi-2.exe [2545512 2015-08-03] (LogMeIn Inc.)
R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [129688 2015-08-20] (XTab system)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [1931632 2015-05-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-23] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQPCRTP.exe" -r [X]
S2 RsMgrSvc; "C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 acwfp; C:\Windows\system32\Drivers\acwfp64.sys [45784 2015-08-13] (Abengine)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-27] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [64000 2012-07-26] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\QQSysMonX64.sys [X]
S1 rrfd_vw_1_10_0_22; system32\drivers\rrfd_vw_1_10_0_22.sys [X]
S3 TFsFlt; system32\Drivers\TFsFltX64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16600.237\TSDefenseBT64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-08 07:38 - 2015-09-08 07:38 - 01144488 _____ C:\Windows\Minidump\090815-14453-01.dmp
2015-09-08 00:18 - 2015-09-08 00:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Markus Radosztics\Downloads\revosetup95.exe
2015-09-03 20:41 - 2015-09-03 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-03 20:41 - 2015-09-03 20:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-01 12:08 - 2015-09-01 12:08 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 08:21 - 2015-08-31 08:21 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-08-23 14:58 - 2015-08-27 12:52 - 00002265 _____ C:\Users\Markus Radosztics\Desktop\Google Chrome.lnk
2015-08-23 14:58 - 2015-08-23 14:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 14:56 - 2015-08-23 14:56 - 00931408 _____ (Google Inc.) C:\Users\Markus Radosztics\Downloads\ChromeSetup.exe
2015-08-23 14:33 - 2015-08-23 14:33 - 01260832 _____ C:\Users\Markus Radosztics\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-08-23 14:04 - 2015-09-08 00:35 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\FRST-OlderVersion
2015-08-23 14:01 - 2015-09-09 00:10 - 00026468 _____ C:\Users\Markus Radosztics\Downloads\FRST.txt
2015-08-23 14:01 - 2015-09-06 12:12 - 00075522 _____ C:\Users\Markus Radosztics\Downloads\Addition.txt
2015-08-23 14:00 - 2015-08-23 14:00 - 00018325 _____ C:\Users\Markus Radosztics\Desktop\Fixlist.txt
2015-08-23 12:05 - 2015-09-09 00:05 - 00000320 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2015-08-23 12:05 - 2015-09-08 20:32 - 00000334 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2015-08-23 12:05 - 2015-08-23 12:05 - 00003248 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2015-08-23 12:05 - 2015-08-23 12:05 - 00002630 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2015-08-23 12:05 - 2015-08-23 12:05 - 00001171 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Uniblue
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-23 12:05 - 2015-08-23 12:05 - 00000000 ____D C:\Program Files (x86)\Uniblue
2015-08-22 15:20 - 2015-08-22 15:20 - 00852684 _____ C:\Users\Markus Radosztics\Desktop\SecurityCheck.exe
2015-08-22 14:31 - 2015-08-27 11:28 - 00000000 ____D C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc
2015-08-22 14:31 - 2015-08-22 14:31 - 00002215 _____ C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-08-22 14:31 - 2015-08-22 14:31 - 00002195 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2015-08-22 14:31 - 2015-06-25 07:53 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-08-22 14:31 - 2015-06-25 07:53 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-08-22 14:31 - 2015-06-25 07:53 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2015-08-22 14:30 - 2015-08-22 14:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-08-22 13:05 - 2015-08-22 13:05 - 02870984 _____ (ESET) C:\Users\Markus Radosztics\Downloads\esetsmartinstaller_deu.exe
2015-08-22 12:04 - 2015-08-22 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-21 23:42 - 2015-08-27 12:52 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-21 23:42 - 2015-08-21 23:42 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-21 15:10 - 2015-08-21 15:10 - 00957064 _____ C:\Windows\Minidump\082115-9765-01.dmp
2015-08-21 10:36 - 2015-08-21 10:36 - 01162256 _____ C:\Windows\Minidump\082115-8296-01.dmp
2015-08-21 09:25 - 2015-08-21 09:25 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-21 09:24 - 2015-09-08 00:35 - 00000000 ____D C:\ProgramData\update
2015-08-21 09:24 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-08-21 09:24 - 2015-08-22 11:46 - 00000000 ____D C:\ProgramData\WWinManProW
2015-08-21 09:24 - 2015-08-21 09:24 - 00000000 ____D C:\Program Files (x86)\MiniLite
2015-08-21 09:14 - 2015-09-08 00:35 - 02190336 _____ (Farbar) C:\Users\Markus Radosztics\Downloads\FRST64.exe
2015-08-20 22:51 - 2015-08-21 08:53 - 00000000 ____D C:\ProgramData\Rising
2015-08-20 22:51 - 2015-08-21 00:36 - 00000000 ___RD C:\RavBin
2015-08-20 22:51 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-08-20 22:50 - 2015-08-22 16:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-20 22:50 - 2015-08-20 22:50 - 00000000 ____D C:\ProgramData\TXQMPC
2015-08-20 22:50 - 2015-08-20 22:50 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-08-20 22:49 - 2015-08-20 23:31 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Tencent
2015-08-20 22:49 - 2015-08-20 22:52 - 00000000 ____D C:\ProgramData\Tencent
2015-08-20 22:44 - 2015-08-20 22:44 - 00001113 _____ C:\Users\Markus Radosztics\Desktop\Continue Live Installation.lnk
2015-08-20 22:44 - 2015-08-20 22:44 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\istartsurf
2015-08-20 22:37 - 2015-08-20 22:37 - 00000000 _____ C:\dummy.htm
2015-08-20 22:32 - 2015-08-20 22:33 - 00000000 ____D C:\ProgramData\LocalStorage
2015-08-20 22:30 - 2015-08-20 22:30 - 00000000 ____D C:\Users\Markus Radosztics\.android
2015-08-20 22:29 - 2015-08-20 22:29 - 00001318 _____ C:\Users\Markus Radosztics\Desktop\全网影视.lnk
2015-08-20 22:29 - 2015-08-20 22:29 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\ppslog
2015-08-20 22:17 - 2015-08-21 08:47 - 00000000 ____D C:\IQIYI Video
2015-08-20 22:17 - 2015-08-21 08:46 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-08-20 22:17 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Unity
2015-08-20 22:17 - 2015-08-20 22:30 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\IQIYI Video
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 __SHD C:\Users\Markus Radosztics\AppData\Roaming\AnyProtectEx
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 ____D C:\Users\Public\QiYi
2015-08-20 22:17 - 2015-08-20 22:17 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\SysassistByHotWheel
2015-08-20 22:16 - 2015-08-20 22:16 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\node-webkit
2015-08-20 22:15 - 2015-08-20 22:15 - 00000217 _____ C:\task.vbs
2015-08-20 22:10 - 2015-08-20 22:10 - 29727656 _____ (Oracle Corporation) C:\Users\Markus Radosztics\Desktop\jre-8u25-windows-i586.exe
2015-08-20 22:09 - 2015-08-20 23:09 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Gameo
2015-08-20 22:09 - 2015-08-20 22:26 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Opera Software
2015-08-20 22:09 - 2015-08-20 22:26 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Opera Software
2015-08-20 22:09 - 2015-08-20 22:09 - 00000185 _____ C:\Users\Markus Radosztics\Desktop\Play Games Online.url
2015-08-20 22:09 - 2015-08-20 22:09 - 00000185 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2015-08-20 22:09 - 2015-08-20 22:09 - 00000000 ___HD C:\Users\Markus Radosztics\AppData\Roaming\GoldenGate
2015-08-20 22:09 - 2015-08-20 22:09 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Gameo
2015-08-20 22:07 - 2015-08-21 00:37 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\WarThunder
2015-08-20 22:07 - 2015-08-20 22:07 - 29727656 _____ (Oracle Corporation) C:\Users\Markus Radosztics\Downloads\setup [1].exe
2015-08-20 22:06 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\Cinem Plus 2.4cV20.08
2015-08-20 22:06 - 2015-08-23 14:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\00000000-1440108399-0000-0000-448A5BA07B78
2015-08-20 22:06 - 2015-08-20 09:50 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{8b8ff336-6f1d-48e8-bf3a-a8cbaafdd963}Gw64.sys
2015-08-20 22:06 - 2015-07-23 15:47 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-20 22:05 - 2015-08-23 14:05 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-08-20 22:05 - 2015-08-20 23:02 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\{1A0B2C57-3EA3-40EF-533B-65077753999F}
2015-08-20 22:04 - 2015-08-20 22:26 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-20 21:58 - 2015-08-20 21:58 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Sun
2015-08-20 21:58 - 2015-08-20 21:58 - 00000000 ____D C:\Users\Markus Radosztics\.oracle_jre_usage
2015-08-20 20:37 - 2015-08-21 00:38 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\WindSolutions
2015-08-20 20:37 - 2015-08-20 20:44 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-20 12:29 - 2015-08-20 14:13 - 00000190 _____ C:\mylog.log
2015-08-20 12:29 - 2015-08-20 12:29 - 00000000 ____D C:\Program Files (x86)\MSI
2015-08-20 12:22 - 2015-08-20 12:22 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\intel_usb30
2015-08-20 12:21 - 2015-08-20 12:21 - 06227267 _____ C:\Users\Markus Radosztics\Downloads\intel_usb30.zip
2015-08-20 12:19 - 2015-08-20 12:19 - 02837521 _____ C:\Users\Markus Radosztics\Downloads\intel_chipse_9_w10.zip
2015-08-20 12:19 - 2015-08-20 12:19 - 00000000 ____D C:\Users\Markus Radosztics\Downloads\intel_chipse_9_w10
2015-08-20 11:43 - 2015-08-20 22:55 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-20 11:43 - 2015-08-20 11:43 - 00003156 _____ C:\Windows\System32\Tasks\Download Touch
2015-08-20 11:43 - 2015-08-20 11:43 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Download Touch
2015-08-20 11:39 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV16.03
2015-08-20 11:39 - 2015-08-21 10:44 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-20 11:39 - 2015-08-20 11:39 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\globalUpdate
2015-08-20 11:37 - 2015-08-20 11:37 - 19284168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-20 11:34 - 2015-09-06 12:04 - 00012056 _____ C:\Windows\SysWOW64\acengineOff.ini
2015-08-20 11:34 - 2015-09-06 12:04 - 00012056 _____ C:\Windows\system32\acengineOff.ini
2015-08-20 11:34 - 2015-08-13 14:49 - 00045784 _____ (Abengine) C:\Windows\system32\Drivers\acwfp64.sys
2015-08-20 11:15 - 2015-08-20 01:24 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{987371d1-e860-4e27-ba6a-35575fd33b7c}Gw64.sys
2015-08-20 11:13 - 2015-08-20 11:13 - 00012839 _____ C:\Users\Markus Radosztics\Desktop\Apple_Mobile_Device_USB_Driver(1).msi
2015-08-20 11:12 - 2015-08-24 23:37 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-20 11:12 - 2015-08-20 11:34 - 00000002 _____ C:\END
2015-08-20 11:12 - 2015-08-20 11:12 - 00012839 _____ C:\Users\Markus Radosztics\Desktop\Apple_Mobile_Device_USB_Driver.msi
2015-08-20 11:12 - 2015-08-20 11:12 - 00003112 _____ C:\Windows\System32\Tasks\cfr3011
2015-08-20 11:12 - 2015-08-11 21:11 - 00349584 _____ (Abengine) C:\Windows\system32\acengine64.dll
2015-08-20 10:43 - 2015-08-20 10:43 - 00001456 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\Program Files\iPod
2015-08-20 10:43 - 2015-08-20 10:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-20 10:42 - 2015-08-20 10:42 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files\Bonjour
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-20 10:42 - 2015-08-20 10:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-08-19 22:11 - 2015-08-20 00:33 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\MediaMonkey
2015-08-19 22:11 - 2015-08-19 22:11 - 00000695 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\MediaMonkey
2015-08-19 22:11 - 2015-08-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-08-19 22:10 - 2015-08-19 22:10 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-08-19 21:18 - 2015-08-13 14:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:18 - 2015-08-13 13:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 21:18 - 2015-08-13 12:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:18 - 2015-08-13 12:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 20:48 - 2015-09-06 12:07 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-19 20:46 - 2015-08-19 20:46 - 01135152 _____ C:\Windows\Minidump\081915-12953-01.dmp
2015-08-19 16:27 - 2015-08-19 02:39 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{092386fb-9faf-4d52-817c-d4095ab6e5cd}Gw64.sys
2015-08-19 16:24 - 2015-08-23 14:06 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\mystartsearch
2015-08-19 16:24 - 2015-08-19 21:03 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-19 16:24 - 2015-08-19 16:24 - 00000000 _____ C:\Windows\prleth.sys
2015-08-19 16:24 - 2015-08-19 16:24 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-19 16:22 - 2015-08-19 16:22 - 00000767 _____ C:\Users\Markus Radosztics\Desktop\MP3 Voice Recorder.lnk
2015-08-19 16:22 - 2015-08-19 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Voice Recorder
2015-08-19 16:22 - 2004-03-08 21:30 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2015-08-16 18:23 - 2015-08-16 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-16 00:59 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 00:59 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 00:59 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-16 00:59 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-16 00:59 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-16 00:59 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-16 00:59 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-16 00:59 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-16 00:59 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-16 00:59 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-16 00:59 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-16 00:59 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-16 00:59 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-16 00:59 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-16 00:58 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-16 00:58 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-16 00:58 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-16 00:58 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-16 00:58 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-16 00:58 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-16 00:58 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-16 00:58 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-16 00:58 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-16 00:58 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-16 00:58 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-16 00:58 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-16 00:58 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-16 00:55 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-16 00:55 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-16 00:55 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-16 00:55 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-16 00:55 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-16 00:55 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-16 00:55 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-16 00:55 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-16 00:55 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-16 00:55 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-16 00:55 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-16 00:55 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-16 00:55 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-16 00:55 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-16 00:55 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-09 00:10 - 2015-06-07 20:44 - 00000000 ____D C:\FRST
2015-09-09 00:04 - 2013-11-22 22:24 - 00000366 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-09-09 00:00 - 2015-06-18 06:45 - 00001290 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001UA.job
2015-09-09 00:00 - 2013-11-19 21:28 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-09-08 23:37 - 2013-09-30 21:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-08 20:45 - 2013-09-30 19:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-817472733-4082136947-4255886928-1001
2015-09-08 20:39 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2015-09-08 20:39 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2015-09-08 20:39 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-08 20:33 - 2015-01-14 23:45 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\LogMeIn Hamachi
2015-09-08 20:33 - 2013-10-13 20:57 - 00000000 ___RD C:\Users\Markus Radosztics\Dropbox
2015-09-08 20:33 - 2013-10-13 20:55 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Dropbox
2015-09-08 20:32 - 2014-12-27 12:46 - 00000000 ___RD C:\Users\Markus Radosztics\iCloudDrive
2015-09-08 20:32 - 2014-12-27 12:45 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\36A80DEE-1AAD-4F7E-AA6A-4638F785B9B6.aplzod
2015-09-08 20:32 - 2013-11-19 21:28 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 20:32 - 2013-10-01 21:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-08 20:32 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-08 07:38 - 2013-11-25 12:30 - 00000000 ____D C:\Windows\Minidump
2015-09-08 00:37 - 2013-09-30 19:17 - 00300740 _____ C:\Windows\PFRO.log
2015-09-08 00:19 - 2015-06-07 21:40 - 00000742 _____ C:\Users\Markus Radosztics\Desktop\Revo Uninstaller.lnk
2015-09-08 00:19 - 2015-06-07 21:40 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-07 11:00 - 2015-06-18 06:45 - 00001238 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-817472733-4082136947-4255886928-1001Core.job
2015-09-07 10:57 - 2013-09-30 19:24 - 02007147 _____ C:\Windows\WindowsUpdate.log
2015-09-06 18:09 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Packages
2015-09-06 12:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-09-03 20:41 - 2014-01-16 16:47 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-31 22:54 - 2014-06-25 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 22:49 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-31 08:55 - 2013-11-19 21:28 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 08:55 - 2013-11-19 21:28 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-31 08:16 - 2013-10-01 18:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-27 12:52 - 2013-10-01 18:41 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-27 12:52 - 2013-09-30 19:24 - 00001450 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 08:46 - 2013-10-02 17:05 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Skype
2015-08-23 12:44 - 2014-02-01 13:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-22 15:17 - 2014-08-06 12:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-22 12:04 - 2015-02-23 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-22 12:04 - 2013-10-02 17:05 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 10:00 - 2015-03-18 18:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-22 10:00 - 2014-06-17 22:52 - 00005182 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WAUT0001-Markus Radosztics WAUT0001
2015-08-21 08:52 - 2015-03-20 10:39 - 00507984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-20 22:50 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\VirtualStore
2015-08-20 22:30 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Markus Radosztics
2015-08-20 22:10 - 2014-02-01 13:30 - 00000000 ____D C:\ProgramData\Oracle
2015-08-20 22:06 - 2012-07-26 07:26 - 00000269 _____ C:\Windows\win.ini
2015-08-20 21:22 - 2014-11-19 18:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-08-20 21:22 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Markus Radosztics\Documents\samsung
2015-08-20 21:22 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Roaming\Samsung
2015-08-20 21:18 - 2013-12-19 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-20 21:18 - 2013-09-30 19:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-20 20:58 - 2013-09-30 20:29 - 00000000 ____D C:\Users\Markus Radosztics\AppData\Local\Downloaded Installations
2015-08-20 20:27 - 2015-06-03 20:07 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2015-08-20 14:09 - 2015-03-18 18:59 - 00002321 _____ C:\Users\Markus Radosztics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-20 11:37 - 2013-09-30 21:01 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-20 10:43 - 2013-09-30 20:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-20 10:42 - 2013-09-30 20:20 - 00000000 ____D C:\ProgramData\Apple
2015-08-19 21:18 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-16 18:23 - 2015-07-14 21:02 - 00000650 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-08-16 18:22 - 2015-04-17 08:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-16 18:22 - 2015-04-17 08:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-16 18:22 - 2013-09-30 19:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-16 18:22 - 2013-09-30 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-16 18:22 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-16 10:55 - 2013-09-30 19:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-16 10:55 - 2013-09-30 19:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-16 10:54 - 2013-09-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-16 10:53 - 2013-09-30 22:57 - 00000000 ____D C:\Windows\system32\MRT
2015-08-16 10:51 - 2013-09-30 22:57 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 10:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 10:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\String Ensemble
2013-09-30 20:30 - 2013-09-30 20:30 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Strings
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Super Strings
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\Users\Markus Radosztics\AppData\Roaming\Techno Kit
2014-02-05 18:38 - 2015-06-07 12:43 - 0000156 _____ () C:\Users\Markus Radosztics\AppData\Roaming\WB.CFG
2013-11-06 10:01 - 2014-08-12 18:27 - 0006144 _____ () C:\Users\Markus Radosztics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 18:56 - 2014-12-23 18:56 - 0007606 _____ () C:\Users\Markus Radosztics\AppData\Local\Resmon.ResmonCfg
2015-08-20 22:04 - 2015-08-20 22:04 - 0000187 _____ () C:\Users\Markus Radosztics\AppData\Local\Salttex.exe.config
2013-10-02 17:42 - 2013-10-02 17:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-07 09:16 - 2014-07-07 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\howto
2013-09-30 20:29 - 2013-09-30 20:29 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-09-30 20:30 - 2013-09-30 20:30 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-09-30 20:29 - 2013-09-30 20:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-09-30 20:29 - 2013-09-30 20:29 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\ProgramData\Sync Schema
2013-09-30 20:30 - 2013-09-30 20:30 - 0000268 ___RH () C:\ProgramData\Sync Services
2013-09-30 20:29 - 2013-09-30 20:29 - 0000268 ___RH () C:\ProgramData\Synth Basics
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\Track Settings
2013-09-30 20:30 - 2013-09-30 20:30 - 0000012 ___RH () C:\ProgramData\Transportation
2013-09-30 20:29 - 2013-09-30 20:29 - 0000012 ___RH () C:\ProgramData\Tremolo
Einige Dateien in TEMP:
====================
C:\Users\Markus Radosztics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjg_tzm.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-05 18:00
==================== Ende von FRST.txt ============================
|
|
09.09.2015, 20:37
| #43 |
| /// the machine /// TB-Ausbilder | Ständig öffnen sich neue Internet-Fenster Das sieht viel besser aus. Bestehen noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2015, 18:52
| #44 |
| | Ständig öffnen sich neue Internet-Fenster Hallo Schrauber, habe heute einige Zeit am PC gearbeitet und habe folgendes festgestellt: 1. Die aufgepoppten Fenster mit chinesischer Schrift sind verschwunden. Mir ist nur aufgefallen, dass auf dem Desktop noch ein Icon mit chinesischer Schrift liegt. Soll ich das einfach löschen oder schlägst du da was anderes vor? 2. Sowohl unter Google Chrome als auch unter Firefox passiert es nach wie vor immer wieder, dass sich ein neues Fenster öffnet, wenn ich irgendeinen Link anklicke. Das ist nervig, denn ich muss das immer wegklicken und den Link nochmals anklicken, dann passiert das bei dem Link nicht mehr. Bei Anklicken des nächsten Links passiert das selbe wieder... 3. Sobald ich etwas an die USB-Schnittstelle anhänge, heute z.B. einen USB-Stick, um von dort was runter zu laden, hängt sich der Windows Explorer auf, sobald ich diesen öffne (Keine Rückmeldung). Hast Du dazu eine Idee? Ansonsten ist mir nichts Negatives aufgefallen. Top Hilfe von Dir. Danke. lg Don Camillo |
|
11.09.2015, 16:09
| #45 | |||
| /// the machine /// TB-Ausbilder | Ständig öffnen sich neue Internet-FensterZitat:
Zitat:
Zitat:
Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
Linear-Darstellung
