| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Werbung im Browser durch VirenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.08.2015, 21:11
| #1 |
| |  Windows 8: Werbung im Browser durch Viren Hallo, mein Name ist Tobias, ich habe seit einigen Tagen ein Problem mit Viren oder ähnlichem. Wenn ich meinen Browser (Mozilla Firefox) öffne und eine Website besuche wird diese mit Werbung überhäuft. Beim klicken auf irgendetwas öffnen sich sehr viele Tabs, welche sofot wieder verschwinden, ich kann nur kurtz Werbung erkennen. Diese gegebenheiten machen das nutzen des Internets nicht gerade leicht. Ich unternahm schon einige versuche den PC selbst zu bereinigen mit den Folgenden Programmen: CCleaner, Malewarebytes Anti-Maleware, adw cleaner und Avast free (meinem Antivierensystem). Jedoch waren alle Versuche erfolglos! Was ich noch erwähnen sollte ist, dass ich seit einigen Monaten durch einen Bugg wegen zu schnellem benutzem von Makros (Tasten auf meiner Tastatur, welche eine Tastenkombination speichern und beim Tastendruck ausführen) ausgelöst wurde, jedenfals denke ich das es der asulöser war. Meine ganzen Kacheln vom Windows 8 Start-Bildschirm sind verschwunden, dass heisst dort steht nur noch "start". Ich komme nur durch die Suchfunktion, in welche ich ein Programmnamen wie z.B. "skype" eingebe auf den Desktop. Wegen jenem "Bugg" kann ich meinen PC nicht auf die Werkseinstellungen zurücksetzen, da alle Apps o.ä. und Programme welche auf dem Windows 8 Start-Bildschirm ausgeführt werden nicht mehr angezeigt werden bzw. nicht reagieren. Nun zu den verlangten logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:20 on 07/08/2015 (Tobias)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015 durchgeführt von Tobias (Administrator) auf TOBIASPC (07-08-2015 21:22:51) Gestartet von C:\Users\Tobias\Desktop Geladene Profile: Tobias (Verfügbare Profile: Tobias) Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe () C:\WINDOWS\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Malwarebytes Corporation) C:\AdwCleaner\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (© 2015 Microsoft Corporation) C:\Users\Tobias\AppData\Local\Microsoft\BingSvc\BingSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-09] (Electronic Arts) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [Spotify Web Helper] => C:\Users\Tobias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-06] (Spotify Ltd) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [Spotify] => C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-06] (Spotify Ltd) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [BingSvc] => C:\Users\Tobias\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {018EEE1D-E099-479A-927F-05E62C64F25C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {018EEE1D-E099-479A-927F-05E62C64F25C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3066219139-3419409888-2493601642-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) Toolbar: HKU\S-1-5-21-3066219139-3419409888-2493601642-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\..\Interfaces\{029E1785-C064-4F9B-B059-1DAC2DD6A59F}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{26B141E2-FC96-4DB1-A9ED-8CF2CDE803FA}: [DhcpNameServer] 192.168.2.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default FF SearchEngineOrder.3: Bing FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-07] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-03-20] (pdfforge GmbH) FF Extension: Bing Search Engine - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\bingsearch.full@microsoft.com [2015-03-15] FF Extension: Filter Results - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\{6774d900-ad1f-4dd0-8c32-99994e7e87b8}.xpi [2015-08-06] FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2015-08-07] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-06-24] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-23] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-04-13] Chrome: ======= CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S4 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.) S4 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink) S4 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation) S4 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S4 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation) R2 MBAMScheduler; C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-06] (Electronic Arts) S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-03-20] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-03-20] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-03-20] (pdfforge GmbH) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-12] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-23] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-23] (Symantec Corporation) S3 fwlanusb5; C:\Windows\system32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140627.001\IDSvia64.sys [525016 2014-06-23] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140630.001\ENG64.SYS [126040 2014-06-23] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140630.001\EX64.SYS [2099288 2014-06-23] (Symantec Corporation) R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) R3 SaiK1703; C:\Windows\system32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1703; C:\Windows\System32\drivers\SaiU1703.sys [47168 2012-09-20] (Saitek) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-06-24] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-07 21:22 - 2015-08-07 21:23 - 00025094 _____ C:\Users\Tobias\Desktop\FRST.txt 2015-08-07 21:22 - 2015-08-07 21:22 - 00000000 ____D C:\FRST 2015-08-07 21:21 - 2015-08-07 21:21 - 02170368 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe 2015-08-07 21:20 - 2015-08-07 21:20 - 00000474 _____ C:\Users\Tobias\Desktop\defogger_disable.log 2015-08-07 21:19 - 2015-08-07 21:19 - 00000474 _____ C:\Users\Tobias\Downloads\defogger_disable.log 2015-08-07 21:19 - 2015-08-07 21:19 - 00000000 _____ C:\Users\Tobias\defogger_reenable 2015-08-07 21:18 - 2015-08-07 21:18 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe 2015-08-07 20:59 - 2015-08-07 21:05 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-07 20:59 - 2015-08-07 20:59 - 00000853 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-08-07 20:59 - 2015-08-07 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-07 20:59 - 2015-08-07 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-07 20:59 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-08-07 20:59 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-07 20:59 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-08-07 20:56 - 2015-08-07 20:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-07 18:29 - 2015-07-23 02:46 - 00572232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-08-07 18:28 - 2015-08-07 18:28 - 00000000 ____D C:\WINDOWS\LastGood 2015-08-07 18:27 - 2015-08-07 18:28 - 00000103 _____ C:\WINDOWS\setupact.log 2015-08-07 18:27 - 2015-08-07 18:27 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-08-07 18:27 - 2015-07-25 01:28 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2015-08-07 18:27 - 2015-07-25 01:28 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 30487880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 22950544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 16151688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 15892200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 14503880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 13268712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 11836680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 11055248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2015-08-07 18:27 - 2015-07-23 06:06 - 02933576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 02600592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01101856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01061008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01053000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00940104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00503592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-08-07 17:44 - 2015-08-07 21:07 - 00134746 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-07 17:43 - 2015-08-07 21:05 - 00016552 _____ C:\WINDOWS\PFRO.log 2015-08-07 17:37 - 2015-08-07 20:59 - 00000000 ____D C:\AdwCleaner 2015-08-07 17:37 - 2015-08-07 17:37 - 02248704 _____ C:\Users\Tobias\Desktop\adwcleaner_4.208.exe 2015-08-07 17:03 - 2015-08-07 17:03 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-08-07 17:03 - 2015-07-03 06:28 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2015-08-07 17:03 - 2015-07-03 06:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2015-08-07 17:03 - 2015-07-03 06:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2015-08-07 17:00 - 2015-08-07 17:02 - 37807552 _____ (NVIDIA Corporation) C:\Users\Tobias\Downloads\GeForce_Experience_v2.5.12.11.exe 2015-08-07 00:07 - 2015-08-07 00:07 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-08-07 00:07 - 2015-08-07 00:07 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-08-07 00:04 - 2015-08-07 00:04 - 00242928 _____ C:\Users\Tobias\Downloads\Firefox Setup Stub 39.0.exe 2015-08-06 14:16 - 2015-08-06 14:16 - 00003844 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1438863396 2015-08-06 14:16 - 2015-08-06 14:16 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-08-06 14:16 - 2015-08-06 14:16 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Opera Software 2015-08-06 14:16 - 2015-08-06 14:16 - 00000000 ____D C:\Users\Tobias\AppData\Local\Opera Software 2015-08-06 14:11 - 2015-08-06 14:16 - 00000000 ____D C:\Program Files (x86)\Opera 2015-08-06 14:11 - 2015-08-06 14:11 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-08-06 14:11 - 2015-08-06 14:11 - 00000000 ____D C:\Users\Tobias\AppData\Local\{389D0EC1-1C35-6279-71AD-479155C5BB09} 2015-08-06 14:05 - 2015-08-06 14:05 - 00000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA% 2015-08-06 13:56 - 2015-08-06 13:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-08-06 13:54 - 2015-08-06 22:41 - 00000000 ____D C:\Users\Tobias\AppData\Local\JDownloader v2.0 2015-08-02 17:41 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-08-02 17:41 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-07-31 12:09 - 2015-08-07 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2015-07-31 12:09 - 2015-07-31 12:09 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-27 20:20 - 2015-07-27 20:20 - 00000000 ____D C:\Users\Tobias\AppData\Local\CEF 2015-07-21 17:39 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-07-21 17:39 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-07-21 17:39 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-07-21 17:39 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-07-20 21:05 - 2015-07-20 21:05 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-07-20 21:05 - 2015-07-20 21:05 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-07-15 16:20 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-07-15 16:20 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-07-15 16:20 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-07-15 16:20 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2015-07-15 16:20 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2015-07-15 16:20 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2015-07-15 16:20 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2015-07-15 16:20 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2015-07-15 16:19 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-07-15 16:19 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-07-15 16:19 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-07-15 16:19 - 2015-06-27 15:46 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-07-15 16:19 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-07-15 16:19 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\system32\locale.nls 2015-07-15 16:18 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2015-07-15 16:18 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2015-07-15 16:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2015-07-15 16:18 - 2015-06-15 17:20 - 15415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 02656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 02237440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-07-15 16:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-07-15 16:18 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-07-15 16:18 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-07-15 16:18 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-07-15 16:18 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-07-15 16:18 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-07-15 16:18 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-07-15 16:16 - 2015-06-29 18:18 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-07-15 16:16 - 2015-06-29 15:28 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-07-15 16:16 - 2015-06-26 15:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-07-15 16:16 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-07-15 16:16 - 2015-05-07 15:05 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-07-11 19:06 - 2015-07-11 19:06 - 00000000 ____D C:\Users\Tobias\AppData\Local\openvr 2015-07-11 12:48 - 2015-07-11 12:48 - 00000219 _____ C:\Users\Tobias\Desktop\Team Fortress 2.url ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-07 21:21 - 2014-06-23 18:52 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-07 21:19 - 2014-06-23 18:32 - 00000000 ____D C:\Users\Tobias 2015-08-07 21:12 - 2014-08-16 13:22 - 00000000 ____D C:\Users\Tobias\AppData\Local\Battle.net 2015-08-07 21:11 - 2015-05-08 20:42 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Spotify 2015-08-07 21:11 - 2012-07-26 09:28 - 00847336 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-07 21:08 - 2014-06-23 18:52 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-08-07 21:07 - 2014-07-13 00:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype 2015-08-07 21:06 - 2015-05-08 20:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Spotify 2015-08-07 21:05 - 2013-10-20 06:28 - 00000000 ____D C:\ProgramData\NVIDIA 2015-08-07 21:05 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-08-07 21:05 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-07 21:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-07 18:49 - 2015-03-25 22:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\NVIDIA Corporation 2015-08-07 18:29 - 2013-10-20 06:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-08-07 17:51 - 2014-07-19 02:47 - 00872960 ___SH C:\Users\Tobias\Desktop\Thumbs.db 2015-08-07 17:43 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-08-07 17:13 - 2015-03-25 22:37 - 00001388 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2015-08-07 17:13 - 2015-03-25 22:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\NVIDIA 2015-08-07 12:12 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2015-08-07 00:19 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-08-07 00:16 - 2015-06-17 16:44 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTobias.job 2015-08-07 00:16 - 2015-03-22 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-07 00:16 - 2014-06-23 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-07 00:12 - 2015-03-06 19:53 - 00000000 ____D C:\Users\Tobias\Desktop\referat 2015-08-06 23:11 - 2014-10-19 12:46 - 00000000 ____D C:\Games 2015-08-06 23:11 - 2013-04-03 17:07 - 00000000 ____D C:\inetpub 2015-08-06 22:43 - 2014-06-23 18:42 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TS3Client 2015-08-06 21:54 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-08-06 17:54 - 2015-06-17 16:44 - 00003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTobias 2015-08-06 14:11 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-08-06 14:11 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2015-08-06 12:54 - 2014-07-13 00:21 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-06 12:54 - 2014-07-13 00:21 - 00000000 ____D C:\ProgramData\Skype 2015-08-05 02:42 - 2014-09-04 12:20 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-04 15:30 - 2015-05-03 17:02 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2015-08-04 14:09 - 2014-10-31 02:16 - 00000000 ____D C:\ProgramData\Origin 2015-08-03 20:28 - 2014-08-16 13:22 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-08-02 17:42 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-02 17:39 - 2014-07-14 14:28 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-07-31 12:44 - 2014-08-16 23:11 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-07-31 12:04 - 2015-01-16 21:04 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-07-30 21:01 - 2015-06-05 00:53 - 00000000 ____D C:\Users\Tobias\.minecraft 2015-07-25 14:49 - 2014-06-23 18:40 - 00002828 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3066219139-3419409888-2493601642-1001 2015-07-25 14:40 - 2015-03-18 18:25 - 00322288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-07-25 01:28 - 2012-12-19 02:31 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-07-23 06:06 - 2013-10-28 13:12 - 03008880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2015-07-23 06:06 - 2013-10-20 06:28 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-07-23 06:06 - 2013-10-20 06:28 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 17615408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 15129192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 12876336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 03407144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb 2015-07-23 03:31 - 2013-10-20 06:28 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-07-23 03:31 - 2013-10-20 06:28 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-07-21 17:37 - 2014-06-23 18:48 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-21 17:35 - 2014-06-23 18:48 - 00000000 ____D C:\Users\Tobias\AppData\Local\Google 2015-07-20 21:05 - 2015-01-16 21:02 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00150160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-07-20 16:16 - 2013-10-20 06:28 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin 2015-07-17 22:10 - 2014-06-24 19:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-16 21:16 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2015-07-16 14:51 - 2015-02-12 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-07-16 14:51 - 2014-07-13 23:47 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-07-16 14:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2015-07-13 23:22 - 2014-11-15 18:13 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:22 - 2014-11-15 18:13 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-11 12:48 - 2014-09-04 12:41 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam Einige Dateien in TEMP: ==================== C:\Users\Tobias\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Tobias\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Tobias\AppData\Local\Temp\nvStInst.exe C:\Users\Tobias\AppData\Local\Temp\proxy_vole3572810645803419004.dll ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-01 12:03 ==================== Ende von log ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:06-08-2015
durchgeführt von Tobias (2015-08-07 21:23:19)
Gestartet von C:\Users\Tobias\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3066219139-3419409888-2493601642-500 - Administrator - Disabled)
Gast (S-1-5-21-3066219139-3419409888-2493601642-501 - Limited - Disabled)
Tobias (S-1-5-21-3066219139-3419409888-2493601642-1001 - Administrator - Enabled) => C:\Users\Tobias
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version: - SEIKO EPSON Corporation)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.8.22528 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.8.22528 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.8.22528 - pdfforge GmbH) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Spotify (HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
20-07-2015 21:04:41 avast! antivirus system restore point
31-07-2015 12:36:46 Geplanter Prüfpunkt
06-08-2015 22:52:18 Removed Java 8 Update 31 (64-bit)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05703B9F-0F39-43CD-9D3B-EF7A8605DA81} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {0F853BDC-8A95-4148-85CF-1909776D8FBF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {117E54AF-3975-40E5-A056-A2B65E3BF305} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {2FD412CE-9F7E-464E-9251-EB6FB85DCE6B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-07] (Adobe Systems Incorporated)
Task: {47CD1D06-2E0C-4EFF-AB8D-E2EF39D4C06C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4D5EB689-3E82-4EB5-96F4-ACD3EC1832C3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3066219139-3419409888-2493601642-1001
Task: {5418D824-2B7F-4DD9-B893-3976AAA31045} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {5F88CAAE-69BF-4821-816D-2A61396312B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {63A4B314-02F9-4AFA-A4C0-C5EB70CB3047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9533F51C-7F7E-461C-A466-CE8AB5D9FB60} - System32\Tasks\HPCeeScheduleForTobias => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9A2EBA66-6154-49E6-BBA7-5F4A114416AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9B05D9A9-3C7E-46BA-969A-14721CE7EC50} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {A04FBE60-4E2C-44A3-A876-D7FDA51BDFEE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A10D9ED3-5D63-4BA0-9A99-7438928D46A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C30013A9-D3AB-4CBF-BB10-9BC53EE48FF4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {D401DF51-C383-4A58-952E-BDDA59B09CF5} - System32\Tasks\Opera scheduled Autoupdate 1438863396 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)
Task: {D63B0EE6-3A57-4013-8E13-46CA9EEEDCB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {D71FA156-1611-4623-87FF-C65F45228CC7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {FD604745-55DF-4C34-8F81-FC551BDF0F80} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTobias.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-12-12 09:15 - 2014-12-12 09:15 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-02 23:54 - 2014-07-02 23:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 23:59 - 2014-07-02 23:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 23:54 - 2014-07-02 23:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 23:59 - 2014-07-02 23:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-03-25 22:37 - 2015-07-24 06:22 - 00708240 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-03-25 22:37 - 2015-07-24 06:22 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-07-20 21:05 - 2015-07-20 21:05 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 21:05 - 2015-07-20 21:05 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-07 14:23 - 2015-08-07 14:23 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080700\algo.dll
2015-08-07 21:21 - 2015-08-07 21:21 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080702\algo.dll
2015-08-07 17:03 - 2015-07-24 06:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-10-20 06:39 - 2013-03-12 16:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-05-08 20:43 - 2015-08-06 23:33 - 45066808 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\libcef.dll
2015-07-20 21:05 - 2015-07-20 21:05 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-08 20:43 - 2015-08-06 23:33 - 01649208 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\libglesv2.dll
2015-05-08 20:43 - 2015-08-06 23:33 - 00080952 _____ () C:\Users\Tobias\AppData\Roaming\Spotify\libegl.dll
2015-02-01 13:17 - 2015-02-01 13:17 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-12-11 17:02 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2015-02-28 18:42 - 2015-06-05 16:06 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-02-28 18:42 - 2015-06-05 16:06 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-28 18:42 - 2015-06-05 16:06 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLHNServiceForPowerDVD12 => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{844B1AD5-6AFF-4671-9C8A-947CC141C901}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{5C11F785-94A9-450D-8FC9-16EAB144F3B1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{24A8E4AD-4BFF-4D77-8A52-09DCD582ADC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9CD3B917-CED6-4934-A788-58AB6AD99171}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{367E6233-B606-4DBB-A13D-23FD91F0B264}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEA2658C-2F94-439F-B748-C52DB8198F6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{35538604-1D1F-4284-8E5D-94155BFEBFED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{ECD88F07-029D-4CBF-8A67-23CD95836071}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E2A73005-B286-4983-8100-42108748DD65}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F7E00A28-D07C-4F22-80D8-A326023A11CD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{34F02831-623E-4E87-AAC9-58A066177F02}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{9055F939-7B42-4866-9B60-D9C3933CA506}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EAFDBB6F-935E-4999-844B-57DC2DA55BD5}] => (Allow) LPort=2869
FirewallRules: [{887F70B4-C60A-4239-B7F6-33B2D11B1E2A}] => (Allow) LPort=1900
FirewallRules: [{92237F15-3B6B-4028-A942-AFC25637257C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EF4D025C-59CA-4D44-BECE-86E1212DCED4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7A8B5C1F-E531-4F16-A921-919C2B7DD5F5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{8BE837F1-21D3-49F8-B196-FAC0E726F60C}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{DCA824B6-7010-4EBB-B044-6BDC5BFD8900}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{ABB668C9-C855-4D60-8744-391DD2221465}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CACA6948-391C-4E17-A614-2757E9591149}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A07C92A2-3CAD-4110-9EBD-845DE9F57D49}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D3B72227-8F6C-40C3-B96F-17AD554C152C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AB6771AF-FABC-4BC6-A78C-302942ECA2BB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8DCFFCAD-3DCC-4D3B-B553-8949F4E53D72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ED19442F-4D36-49CE-B7FD-1F465ABC6F82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{23704A6E-D09B-4000-8FB1-E1E643700D61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{AF3D331E-924B-400A-A35C-367F302960C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78A72FF2-DE61-4A5A-B99E-2F5465753F8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{75BA277B-3659-42F5-96F0-03A0A71E7B0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0ABB4BAD-C8F0-412D-8FA2-4E1E1C88FF9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{91CD983A-B16E-4A75-B8C3-CB06E86C5432}] => (Allow) C:\WINDOWS\SysWOW64\PnkBstrA.exe
FirewallRules: [{55FBF8E1-FF8C-489A-AD44-C65C60D59F76}] => (Allow) C:\WINDOWS\SysWOW64\PnkBstrA.exe
FirewallRules: [{225F3594-9638-48B0-ACB8-F7DA4EACCE53}] => (Allow) C:\WINDOWS\SysWOW64\PnkBstrB.exe
FirewallRules: [{C73C9433-3578-48D1-ACC3-F2AE7CC391BE}] => (Allow) C:\WINDOWS\SysWOW64\PnkBstrB.exe
FirewallRules: [{C9279CEA-B043-4803-AB6A-8B573ACA7709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B2A9F1EF-1776-46FC-AF19-7C2DA7067587}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{EA032AC6-8EA7-45F3-A021-4EBBB540B8C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{42C3E6D5-E156-4A04-A2A3-187E3F590DFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [TCP Query User{1A50C94E-623C-4F1D-A463-8BE09F6DDC3B}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{204C2560-5AB4-4140-AC97-93E1DB3C9920}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [{251E0D2F-4C38-4049-8FF7-BE02821DD1D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7CC4FB1A-2610-4E86-BF9C-DD651E3BB591}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{5B5287C4-7709-40F4-ABAD-F0D48B4D49F7}C:\users\tobias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tobias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{22922F6F-AC5C-465E-BFF1-3CBCD393363F}C:\users\tobias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tobias\appdata\roaming\spotify\spotify.exe
FirewallRules: [{861FE24E-C313-4811-9699-8BEE3D0E09BC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{0095B7E1-2C4E-416B-82B2-F84B668BC040}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FE51492B-1B9C-4AB7-AF57-E41EE09C1CEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{F7A308E7-1E81-4896-BE6A-0A2D1D60958E}C:\users\tobias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tobias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CBA74DD0-394F-419F-ACDC-EE167C641046}C:\users\tobias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tobias\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AEC421E3-9BF4-41EF-B59C-7D1C410615F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1785343-5C09-4407-A528-0FEC2DECDCBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05B7307A-5F5A-413E-9AEC-5E83662DC5B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A009B36D-58E5-4246-B846-6BE775ACD7A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B7C2E5E2-DC4A-40C8-8939-DF807C1F733B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E5217032-C082-4273-AC85-1B5F5ED2C3D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C151F1F1-9601-4184-B9BF-C647ABF3EB0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/07/2015 09:23:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:23:20Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:22:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:22:50Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:22:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:22:20Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:22:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (08/07/2015 09:22:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Error: (08/07/2015 09:21:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:21:50Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:21:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:21:20Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:20:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:20:50Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:20:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-07-14T19:20:20Z. Fehlercode: 0x80041316.
Error: (08/07/2015 09:19:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
DETAIL - Das System kann die angegebene Datei nicht finden.
Systemfehler:
=============
Error: (08/07/2015 09:05:25 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: Fehler im Anwendungshost-Hilfsdienst beim Zugriff auf das Verlaufsstammverzeichnis "C:\inetpub\history". Das Verzeichnis ist nicht vorhanden, oder die Berechtigungen für das Verzeichnis lassen den Zugriff des Verzeichnisdiensts auf das Verzeichnis nicht zu. Das Konfigurationsverlaufsfeature wird deaktiviert und erneut aktiviert, nachdem das Problem behoben wurde. Stellen Sie zum Beheben des Problems sicher, dass das Verzeichnis vorhanden ist und dass die Gruppe "Administratoren" über Lese- und Schreibzugriff auf das Verzeichnis verfügt. Das Datenfeld enthält die Fehlernummer.
Error: (08/07/2015 09:05:03 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/07/2015 05:44:04 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: Fehler im Anwendungshost-Hilfsdienst beim Zugriff auf das Verlaufsstammverzeichnis "C:\inetpub\history". Das Verzeichnis ist nicht vorhanden, oder die Berechtigungen für das Verzeichnis lassen den Zugriff des Verzeichnisdiensts auf das Verzeichnis nicht zu. Das Konfigurationsverlaufsfeature wird deaktiviert und erneut aktiviert, nachdem das Problem behoben wurde. Stellen Sie zum Beheben des Problems sicher, dass das Verzeichnis vorhanden ist und dass die Gruppe "Administratoren" über Lese- und Schreibzugriff auf das Verzeichnis verfügt. Das Datenfeld enthält die Fehlernummer.
Error: (08/07/2015 05:43:35 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (08/07/2015 05:43:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (08/07/2015 05:42:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (08/07/2015 05:42:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (08/07/2015 05:42:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/07/2015 05:42:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147749126
Error: (08/07/2015 05:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (08/07/2015 09:23:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:23:20Z
Error: (08/07/2015 09:22:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:22:50Z
Error: (08/07/2015 09:22:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:22:20Z
Error: (08/07/2015 09:22:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (08/07/2015 09:22:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
Error: (08/07/2015 09:21:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:21:50Z
Error: (08/07/2015 09:21:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:21:20Z
Error: (08/07/2015 09:20:50 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:20:50Z
Error: (08/07/2015 09:20:20 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162115-07-14T19:20:20Z
Error: (08/07/2015 09:19:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.
CodeIntegrity:
===================================
Date: 2014-12-10 20:37:28.304
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Tobias\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-12-10 20:37:28.229
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16337.14 MB
Available physical RAM: 12982.98 MB
Total Virtual: 16737.14 MB
Available Virtual: 12820.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:916.16 GB) (Free:699.58 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:13.43 GB) (Free:1.65 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 83B19D38)
Partition: GPT Partition Type.
==================== Ende von log ============================
Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/08/07 21:02:31 +0200</date>
<logfile>mbam-log-2015-08-07 (21-02-28).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.08.07.05</malware-database>
<rootkit-database>v2015.08.06.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>Tobias</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>hyper</type>
<result>completed</result>
<objects>288179</objects>
<time>105</time>
<processes>0</processes>
<modules>0</modules>
<keys>3</keys>
<values>0</values>
<datas>0</datas>
<folders>21</folders>
<files>31</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>disabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{da3128b1-de9e-4e11-81dc-e12090c8f3b9}</path><vendor>PUP.Optional.Dregol.C</vendor><action>success</action><hash>e120d72fa0eb0e286adc20870400c739</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{da3128b1-de9e-4e11-81dc-e12090c8f3b9}</path><vendor>PUP.Optional.Dregol.C</vendor><action>success</action><hash>7c85ea1ce7a45bdbfa4c2e79c73dce32</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{da3128b1-de9e-4e11-81dc-e12090c8f3b9}</path><vendor>PUP.Optional.Dregol.C</vendor><action>success</action><hash>8a77a95dc2c9b77f0c3ad1d6739123dd</hash></key>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\10</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\10bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\2</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\2bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\5</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\5bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\resources</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7bak\resources</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\8</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\8bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></folder>
<folder><path>C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3</path><vendor>PUP.Optional.Updater.A</vendor><action>success</action><hash>08f9699d26652511c7754e4e7c88d729</hash></folder>
<folder><path>C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater</path><vendor>PUP.Optional.Updater.A</vendor><action>success</action><hash>08f9699d26652511c7754e4e7c88d729</hash></folder>
<folder><path>C:\Users\Tobias\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp\1.0.5694.22424_0</path><vendor>PUP.Optional.FilterResults.A</vendor><action>success</action><hash>fc05a75fbccfcd69e029394a4eb733cd</hash></folder>
<folder><path>C:\Users\Tobias\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp</path><vendor>PUP.Optional.FilterResults.A</vendor><action>success</action><hash>fc05a75fbccfcd69e029394a4eb733cd</hash></folder>
<file><path>C:\Users\Tobias\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico</path><vendor>PUP.Optional.Dregol.C</vendor><action>success</action><hash>8c75c83e9fec4ee8f2ac39e0956ea858</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.bak</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\temp</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\10\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\10bak\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\2\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\2bak\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3bak\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\5\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\5bak\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\resources\34.0.5.dll</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\resources\38.0.5.dll</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\resources\39.0.0.dll</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7bak\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7bak\resources\34.0.5.dll</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7bak\resources\38.0.5.dll</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7bak\resources\39.0.0.dll</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\8\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\8bak\Plugin.exe</path><vendor>PUP.Optional.PluginContainer.A</vendor><action>success</action><hash>dc25da2c612a81b58c7eddbfe32137c9</hash></file>
<file><path>C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe</path><vendor>PUP.Optional.Updater.A</vendor><action>success</action><hash>08f9699d26652511c7754e4e7c88d729</hash></file>
<file><path>C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.bak</path><vendor>PUP.Optional.Updater.A</vendor><action>success</action><hash>08f9699d26652511c7754e4e7c88d729</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\prefs.js</path><vendor>PUP.Optional.BDYahoo.A</vendor><action>replaced</action><baddata>user_pref("keyword.URL", "hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-is__alt__ddc_dss_bd_com&p={searchTerms}");</baddata><gooddata></gooddata><hash>2dd4cf37e3a856e076da4740788d7987</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\prefs.js</path><vendor>PUP.Optional.DefaultProtectedSearch.A</vendor><action>replaced</action><baddata>defsearchp@gmail.com</baddata><gooddata></gooddata><hash>e8199670840769cdbabe98f112f3a35d</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\prefs.js</path><vendor>PUP.Optional.DeskCut.A</vendor><action>replaced</action><baddata>deskCutv2@gmail.com</baddata><gooddata></gooddata><hash>c53c9f675437f244c8b1abde1ee7c33d</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp\1.0.5694.22424_0\manifest.json</path><vendor>PUP.Optional.FilterResults.A</vendor><action>success</action><hash>fc05a75fbccfcd69e029394a4eb733cd</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp\1.0.5694.22424_0\background.js</path><vendor>PUP.Optional.FilterResults.A</vendor><action>success</action><hash>fc05a75fbccfcd69e029394a4eb733cd</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp\1.0.5694.22424_0\content.js</path><vendor>PUP.Optional.FilterResults.A</vendor><action>success</action><hash>fc05a75fbccfcd69e029394a4eb733cd</hash></file>
<file><path>C:\Users\Tobias\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp\1.0.5694.22424_0\icon.png</path><vendor>PUP.Optional.FilterResults.A</vendor><action>success</action><hash>fc05a75fbccfcd69e029394a4eb733cd</hash></file>
</items>
</mbam-log>
|
|
07.08.2015, 21:14
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Werbung im Browser durch Viren Hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
07.08.2015, 21:24
| #3 |
| | Danke für die schnelle Antwort Wie bereits im Thread erwähnt habe ich dieses Programm bereits benutz.
__________________Hier sind die Logs: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 07/08/2015 um 17:37:41
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : Tobias - TOBIASPC
# Gestarted von : C:\Users\Tobias\Downloads\adwcleaner_4.208.exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : Update Mgr FilterResults
Dienst Gefunden : Service Mgr FilterResults
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Tobias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
Datei Gefunden : C:\Users\Tobias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
Datei Gefunden : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\user.js
Ordner Gefunden : C:\istartsurf
Ordner Gefunden : C:\Program Files (x86)\Filter Results
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\defsearchp@gmail.com
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\deskCutv2@gmail.com
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\pdfforge
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{018EEE1D-E099-479A-927F-05E62C64F25C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden : HKCU\Software\Run_Dregol
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{018EEE1D-E099-479A-927F-05E62C64F25C}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden : [x64] HKCU\Software\Run_Dregol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Schlüssel Gefunden : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gefunden : HKLM\SOFTWARE\FilterResults
Schlüssel Gefunden : HKLM\SOFTWARE\IHProtect
Schlüssel Gefunden : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Filter Results
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Run_Dregol
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\SupTab
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17377
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}
-\\ Mozilla Firefox v39.0 (x86 de)
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.alias", "istartsurf");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.name", "istartsurf");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}[...]
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.selectedEngine", "istartsurf");
[hkyxad99.default] - Zeile Gefunden : user_pref("extensions.quick_start.enable_search1", false);
[hkyxad99.default] - Zeile Gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v
-\\ Opera v31.0.1889.99
*************************
AdwCleaner[R0].txt - [8142 Bytes] - [07/08/2015 17:37:41]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8201 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 07/08/2015 um 17:41:50
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : Tobias - TOBIASPC
# Gestarted von : C:\Users\Tobias\Downloads\adwcleaner_4.208.exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : Update Mgr FilterResults
Dienst Gefunden : Service Mgr FilterResults
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Tobias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
Datei Gefunden : C:\Users\Tobias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
Datei Gefunden : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\user.js
Ordner Gefunden : C:\istartsurf
Ordner Gefunden : C:\Program Files (x86)\Filter Results
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\defsearchp@gmail.com
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\deskCutv2@gmail.com
Ordner Gefunden : C:\Users\Tobias\AppData\Roaming\pdfforge
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{018EEE1D-E099-479A-927F-05E62C64F25C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden : HKCU\Software\Run_Dregol
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{018EEE1D-E099-479A-927F-05E62C64F25C}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden : [x64] HKCU\Software\Run_Dregol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Schlüssel Gefunden : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gefunden : HKLM\SOFTWARE\FilterResults
Schlüssel Gefunden : HKLM\SOFTWARE\IHProtect
Schlüssel Gefunden : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Filter Results
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Run_Dregol
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\SupTab
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17377
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}
-\\ Mozilla Firefox v39.0 (x86 de)
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.alias", "istartsurf");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.name", "istartsurf");
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}[...]
[hkyxad99.default] - Zeile Gefunden : user_pref("browser.search.selectedEngine", "istartsurf");
[hkyxad99.default] - Zeile Gefunden : user_pref("extensions.quick_start.enable_search1", false);
[hkyxad99.default] - Zeile Gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v
-\\ Opera v31.0.1889.99
*************************
AdwCleaner[R0].txt - [8360 Bytes] - [07/08/2015 17:37:41]
AdwCleaner[R1].txt - [8201 Bytes] - [07/08/2015 17:41:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8260 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 07/08/2015 um 20:18:13
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : Tobias - TOBIASPC
# Gestarted von : C:\Users\Tobias\Desktop\adwcleaner_4.208.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17377
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v
-\\ Opera v31.0.1889.99
*************************
AdwCleaner[R0].txt - [8360 Bytes] - [07/08/2015 17:37:41]
AdwCleaner[R1].txt - [8419 Bytes] - [07/08/2015 17:41:50]
AdwCleaner[R2].txt - [801 Bytes] - [07/08/2015 20:18:13]
AdwCleaner[S0].txt - [6766 Bytes] - [07/08/2015 17:42:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [918 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 07/08/2015 um 17:42:25
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : Tobias - TOBIASPC
# Gestarted von : C:\Users\Tobias\Downloads\adwcleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Update Mgr FilterResults
[#] Dienst Gelöscht : Service Mgr FilterResults
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\istartsurf
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\Filter Results
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\deskCutv2@gmail.com
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\defsearchp@gmail.com
Datei Gelöscht : C:\Users\Tobias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
Datei Gelöscht : C:\Users\Tobias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
Datei Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{018EEE1D-E099-479A-927F-05E62C64F25C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Run_Dregol
Schlüssel Gelöscht : HKCU\Software\PRODUCTSETUP
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gelöscht : HKLM\SOFTWARE\FilterResults
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Run_Dregol
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Filter Results
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17377
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v39.0 (x86 de)
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1438862718&z=f4faf47ec7e4b4188178eedg9zdc6bfb5q2o9qez7t&from=cor&uid=ST1000DM003-1CH162_S1DEMLTY&q={searchTerms}[...]
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[hkyxad99.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v
-\\ Opera v31.0.1889.99
*************************
AdwCleaner[R0].txt - [8360 Bytes] - [07/08/2015 17:37:41]
AdwCleaner[R1].txt - [8419 Bytes] - [07/08/2015 17:41:50]
AdwCleaner[S0].txt - [6587 Bytes] - [07/08/2015 17:42:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6646 Bytes] ##########
|
|
08.08.2015, 09:50
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: Werbung im Browser durch VirenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.08.2015, 13:12
| #5 |
| | Windows 8: Werbung im Browser durch Viren Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=96af5ad286191e468c15e3aa93810481
# end=init
# utc_time=2015-08-08 10:43:20
# local_time=2015-08-08 12:43:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 25184
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=96af5ad286191e468c15e3aa93810481
# end=updated
# utc_time=2015-08-08 10:52:55
# local_time=2015-08-08 12:52:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=96af5ad286191e468c15e3aa93810481
# engine=25184
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-08 11:52:42
# local_time=2015-08-08 01:52:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 92 1206710 35492690 0 0
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3595 16777213 100 91 72542 201631347 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12865561 59014697 0 0
# scanned=296916
# found=5
# cleaned=0
# scan_time=3586
sh=877751E33BF1FB1AD94E5526CEE1963473683087 ft=1 fh=308cada31f768fef vn="Variante von Win32/BrowseFox.BR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Filter Results\Uninstaller.exe.vir"
sh=89F11EC69D1A4F58A55819025BFD7F986FFF9D25 ft=1 fh=d916eea20f4ef943 vn="Variante von Win32/BrowseFox.BA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll.vir"
sh=5DD5D69988BB08C7776E57EDCA2C4546EC9C7AAF ft=0 fh=0000000000000000 vn="JS/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Filter Results\Extensions\{6774d900-ad1f-4dd0-8c32-99994e7e87b8}.xpi.vir"
sh=16E54F243A10629AA0AF4E39FD2FFDC525BA6C94 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.vir"
sh=5DD5D69988BB08C7776E57EDCA2C4546EC9C7AAF ft=0 fh=0000000000000000 vn="JS/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\extensions\{6774d900-ad1f-4dd0-8c32-99994e7e87b8}.xpi"
Code:
ATTFilter Results of screen317's Security Check version 1.006 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Call of Duty: Ghosts - Multiplayer Java 8 Update 40 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.209 Mozilla Firefox (39.0) Mozilla Thunderbird 31.7.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 durchgeführt von Tobias (Administrator) auf TOBIASPC (08-08-2015 14:08:13) Gestartet von C:\Users\Tobias\Desktop Geladene Profile: Tobias (Verfügbare Profile: Tobias) Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe () C:\WINDOWS\SysWOW64\PnkBstrA.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (Malwarebytes Corporation) C:\AdwCleaner\ Malwarebytes Anti-Malware \mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe (© 2015 Microsoft Corporation) C:\Users\Tobias\AppData\Local\Microsoft\BingSvc\BingSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-09] (Electronic Arts) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [Spotify Web Helper] => C:\Users\Tobias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-06] (Spotify Ltd) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [Spotify] => C:\Users\Tobias\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-06] (Spotify Ltd) HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\...\Run: [BingSvc] => C:\Users\Tobias\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3066219139-3419409888-2493601642-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {018EEE1D-E099-479A-927F-05E62C64F25C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {018EEE1D-E099-479A-927F-05E62C64F25C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3066219139-3419409888-2493601642-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) Toolbar: HKU\S-1-5-21-3066219139-3419409888-2493601642-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{029E1785-C064-4F9B-B059-1DAC2DD6A59F}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{26B141E2-FC96-4DB1-A9ED-8CF2CDE803FA}: [DhcpNameServer] 192.168.2.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default FF SearchEngineOrder.3: Bing FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-07] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-03-20] (pdfforge GmbH) FF Extension: Bing Search Engine - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\bingsearch.full@microsoft.com [2015-03-15] FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2015-08-07] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-06-24] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-23] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-04-13] Chrome: ======= CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S4 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.) S4 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink) S4 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation) S4 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S4 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation) R2 MBAMScheduler; C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\AdwCleaner\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-06] (Electronic Arts) S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-03-20] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-03-20] (pdfforge GmbH) R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-03-20] (pdfforge GmbH) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-12] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-23] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-23] (Symantec Corporation) S3 fwlanusb5; C:\Windows\system32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140627.001\IDSvia64.sys [525016 2014-06-23] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) U4 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-08] (Malwarebytes Corporation) U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140630.001\ENG64.SYS [126040 2014-06-23] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140630.001\EX64.SYS [2099288 2014-06-23] (Symantec Corporation) R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) R3 SaiK1703; C:\Windows\system32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1703; C:\Windows\System32\drivers\SaiU1703.sys [47168 2012-09-20] (Saitek) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-11-15] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-06-24] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X] U3 uxloipod; \??\C:\Users\Tobias\AppData\Local\Temp\uxloipod.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-08 14:08 - 2015-08-08 14:08 - 00000000 ____D C:\Users\Tobias\Desktop\FRST-OlderVersion 2015-08-08 14:07 - 2015-08-08 14:07 - 00001115 _____ C:\Users\Tobias\Desktop\checkup.txt 2015-08-08 14:04 - 2015-08-08 14:04 - 00852684 _____ C:\Users\Tobias\Desktop\SecurityCheck.exe 2015-08-08 12:41 - 2015-08-08 12:41 - 02870984 _____ (ESET) C:\Users\Tobias\Downloads\esetsmartinstaller_deu.exe 2015-08-07 21:30 - 2015-08-07 21:30 - 00789910 _____ C:\Users\Tobias\Desktop\Gmer.txt 2015-08-07 21:24 - 2015-08-07 21:24 - 00380416 _____ C:\Users\Tobias\Desktop\Gmer-19357.exe 2015-08-07 21:23 - 2015-08-07 21:23 - 00040710 _____ C:\Users\Tobias\Desktop\Addition.txt 2015-08-07 21:22 - 2015-08-08 14:08 - 00025235 _____ C:\Users\Tobias\Desktop\FRST.txt 2015-08-07 21:22 - 2015-08-08 14:08 - 00000000 ____D C:\FRST 2015-08-07 21:21 - 2015-08-08 14:08 - 02169856 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe 2015-08-07 21:20 - 2015-08-07 21:20 - 00000474 _____ C:\Users\Tobias\Desktop\defogger_disable.log 2015-08-07 21:19 - 2015-08-07 21:19 - 00000474 _____ C:\Users\Tobias\Downloads\defogger_disable.log 2015-08-07 21:19 - 2015-08-07 21:19 - 00000000 _____ C:\Users\Tobias\defogger_reenable 2015-08-07 21:18 - 2015-08-07 21:18 - 00050477 _____ C:\Users\Tobias\Desktop\Defogger.exe 2015-08-07 21:04 - 2015-08-07 21:04 - 00027528 _____ C:\Users\Tobias\Desktop\mbam-log-2015-08-07 (21-02-28).xml 2015-08-07 20:59 - 2015-08-08 13:07 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-07 20:59 - 2015-08-07 20:59 - 00000853 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-08-07 20:59 - 2015-08-07 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-07 20:59 - 2015-08-07 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-07 20:59 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-08-07 20:59 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-07 20:59 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-08-07 20:56 - 2015-08-07 20:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-07 18:29 - 2015-07-23 02:46 - 00572232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-08-07 18:28 - 2015-08-07 18:28 - 00000000 ____D C:\WINDOWS\LastGood 2015-08-07 18:27 - 2015-08-07 18:28 - 00000103 _____ C:\WINDOWS\setupact.log 2015-08-07 18:27 - 2015-08-07 18:27 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-08-07 18:27 - 2015-07-25 01:28 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2015-08-07 18:27 - 2015-07-25 01:28 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 30487880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 22950544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 16151688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 15892200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 14503880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 13268712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 11836680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 11055248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2015-08-07 18:27 - 2015-07-23 06:06 - 02933576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 02600592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01101856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01061008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 01053000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00940104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00503592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2015-08-07 18:27 - 2015-07-23 06:06 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-08-07 17:44 - 2015-08-08 12:57 - 00276091 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-07 17:43 - 2015-08-07 21:05 - 00016552 _____ C:\WINDOWS\PFRO.log 2015-08-07 17:37 - 2015-08-07 20:59 - 00000000 ____D C:\AdwCleaner 2015-08-07 17:37 - 2015-08-07 17:37 - 02248704 _____ C:\Users\Tobias\Desktop\adwcleaner_4.208.exe 2015-08-07 17:03 - 2015-08-07 17:03 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-08-07 17:03 - 2015-07-03 06:28 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2015-08-07 17:03 - 2015-07-03 06:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2015-08-07 17:03 - 2015-07-03 06:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2015-08-07 17:00 - 2015-08-07 17:02 - 37807552 _____ (NVIDIA Corporation) C:\Users\Tobias\Downloads\GeForce_Experience_v2.5.12.11.exe 2015-08-07 00:07 - 2015-08-07 00:07 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-08-07 00:07 - 2015-08-07 00:07 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-08-07 00:04 - 2015-08-07 00:04 - 00242928 _____ C:\Users\Tobias\Downloads\Firefox Setup Stub 39.0.exe 2015-08-06 14:16 - 2015-08-06 14:16 - 00003844 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1438863396 2015-08-06 14:16 - 2015-08-06 14:16 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-08-06 14:16 - 2015-08-06 14:16 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Opera Software 2015-08-06 14:16 - 2015-08-06 14:16 - 00000000 ____D C:\Users\Tobias\AppData\Local\Opera Software 2015-08-06 14:11 - 2015-08-06 14:16 - 00000000 ____D C:\Program Files (x86)\Opera 2015-08-06 14:11 - 2015-08-06 14:11 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-08-06 14:11 - 2015-08-06 14:11 - 00000000 ____D C:\Users\Tobias\AppData\Local\{389D0EC1-1C35-6279-71AD-479155C5BB09} 2015-08-06 14:05 - 2015-08-06 14:05 - 00000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA% 2015-08-06 13:56 - 2015-08-06 13:56 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-08-06 13:54 - 2015-08-06 22:41 - 00000000 ____D C:\Users\Tobias\AppData\Local\JDownloader v2.0 2015-08-02 17:41 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-08-02 17:41 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-07-31 12:09 - 2015-08-07 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2015-07-31 12:09 - 2015-07-31 12:09 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-27 20:20 - 2015-07-27 20:20 - 00000000 ____D C:\Users\Tobias\AppData\Local\CEF 2015-07-21 17:39 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-07-21 17:39 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-07-21 17:39 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-07-21 17:39 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-07-20 21:05 - 2015-07-20 21:05 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-07-20 21:05 - 2015-07-20 21:05 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-07-15 16:20 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-07-15 16:20 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-07-15 16:20 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-07-15 16:20 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-07-15 16:20 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2015-07-15 16:20 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2015-07-15 16:20 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2015-07-15 16:20 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2015-07-15 16:20 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2015-07-15 16:19 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-07-15 16:19 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-07-15 16:19 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-07-15 16:19 - 2015-06-27 15:46 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-07-15 16:19 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-07-15 16:19 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\system32\locale.nls 2015-07-15 16:18 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2015-07-15 16:18 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-07-15 16:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2015-07-15 16:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2015-07-15 16:18 - 2015-06-15 17:20 - 15415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 02656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 02237440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-07-15 16:18 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-07-15 16:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-07-15 16:18 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-07-15 16:18 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-07-15 16:18 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-07-15 16:18 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-07-15 16:18 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-07-15 16:18 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-07-15 16:16 - 2015-06-29 18:18 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-07-15 16:16 - 2015-06-29 15:28 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-07-15 16:16 - 2015-06-29 15:27 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-07-15 16:16 - 2015-06-26 15:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-07-15 16:16 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-07-15 16:16 - 2015-05-07 15:05 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-07-11 19:06 - 2015-07-11 19:06 - 00000000 ____D C:\Users\Tobias\AppData\Local\openvr 2015-07-11 12:48 - 2015-07-11 12:48 - 00000219 _____ C:\Users\Tobias\Desktop\Team Fortress 2.url ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-08 14:00 - 2014-07-13 00:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype 2015-08-08 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-08 13:21 - 2014-06-23 18:52 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-08 12:58 - 2015-05-08 20:42 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Spotify 2015-08-08 12:49 - 2012-07-26 09:28 - 00847336 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-08 12:38 - 2015-05-08 20:43 - 00000000 ____D C:\Users\Tobias\AppData\Local\Spotify 2015-08-08 03:46 - 2014-08-16 13:22 - 00000000 ____D C:\Users\Tobias\AppData\Local\Battle.net 2015-08-07 21:19 - 2014-06-23 18:32 - 00000000 ____D C:\Users\Tobias 2015-08-07 21:08 - 2014-06-23 18:52 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-08-07 21:05 - 2013-10-20 06:28 - 00000000 ____D C:\ProgramData\NVIDIA 2015-08-07 21:05 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-08-07 21:05 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-07 18:49 - 2015-03-25 22:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\NVIDIA Corporation 2015-08-07 18:29 - 2013-10-20 06:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-08-07 17:51 - 2014-07-19 02:47 - 00872960 ___SH C:\Users\Tobias\Desktop\Thumbs.db 2015-08-07 17:43 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-08-07 17:13 - 2015-03-25 22:37 - 00001388 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2015-08-07 17:13 - 2015-03-25 22:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\NVIDIA 2015-08-07 12:12 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2015-08-07 00:19 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-08-07 00:16 - 2015-06-17 16:44 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTobias.job 2015-08-07 00:16 - 2015-03-22 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-07 00:16 - 2014-06-23 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-07 00:12 - 2015-03-06 19:53 - 00000000 ____D C:\Users\Tobias\Desktop\referat 2015-08-06 23:11 - 2014-10-19 12:46 - 00000000 ____D C:\Games 2015-08-06 23:11 - 2013-04-03 17:07 - 00000000 ____D C:\inetpub 2015-08-06 22:43 - 2014-06-23 18:42 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\TS3Client 2015-08-06 21:54 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-08-06 17:54 - 2015-06-17 16:44 - 00003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTobias 2015-08-06 14:11 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-08-06 14:11 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2015-08-06 12:54 - 2014-07-13 00:21 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-06 12:54 - 2014-07-13 00:21 - 00000000 ____D C:\ProgramData\Skype 2015-08-05 02:42 - 2014-09-04 12:20 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-04 15:30 - 2015-05-03 17:02 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2015-08-04 14:09 - 2014-10-31 02:16 - 00000000 ____D C:\ProgramData\Origin 2015-08-03 20:28 - 2014-08-16 13:22 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-08-02 17:42 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-02 17:39 - 2014-07-14 14:28 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-07-31 12:44 - 2014-08-16 23:11 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-07-31 12:04 - 2015-01-16 21:04 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-07-30 21:01 - 2015-06-05 00:53 - 00000000 ____D C:\Users\Tobias\.minecraft 2015-07-25 14:49 - 2014-06-23 18:40 - 00002828 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3066219139-3419409888-2493601642-1001 2015-07-25 14:40 - 2015-03-18 18:25 - 00322288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-07-25 01:28 - 2012-12-19 02:31 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-07-24 06:21 - 2015-03-25 22:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-07-23 06:06 - 2013-10-28 13:12 - 03008880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2015-07-23 06:06 - 2013-10-20 06:28 - 00112968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-07-23 06:06 - 2013-10-20 06:28 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 17615408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 15129192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 12876336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 03407144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2015-07-23 06:06 - 2013-05-25 04:00 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb 2015-07-23 03:31 - 2013-10-20 06:28 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-07-23 03:31 - 2013-10-20 06:28 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-07-23 03:31 - 2013-10-20 06:28 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-07-21 17:37 - 2014-06-23 18:48 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-21 17:35 - 2014-06-23 18:48 - 00000000 ____D C:\Users\Tobias\AppData\Local\Google 2015-07-20 21:05 - 2015-01-16 21:02 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00150160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-07-20 21:05 - 2015-01-16 21:02 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-07-20 16:16 - 2013-10-20 06:28 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin 2015-07-17 22:10 - 2014-06-24 19:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-16 21:16 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2015-07-16 14:51 - 2015-02-12 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-07-16 14:51 - 2014-07-13 23:47 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-07-16 14:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2015-07-13 23:22 - 2014-11-15 18:13 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:22 - 2014-11-15 18:13 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-11 12:48 - 2014-09-04 12:41 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam Einige Dateien in TEMP: ==================== C:\Users\Tobias\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Tobias\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Tobias\AppData\Local\Temp\nvStInst.exe C:\Users\Tobias\AppData\Local\Temp\proxy_vole3572810645803419004.dll ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-01 12:03 ==================== Ende von log ============================ |
|
09.08.2015, 07:11
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8: Werbung im Browser durch Viren Java und Thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\hkyxad99.default\extensions\{6774d900-ad1f-4dd0-8c32-99994e7e87b8}.xpi
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ --> Windows 8: Werbung im Browser durch Viren |
|
12.08.2015, 00:18
| #7 |
| | Danke läuft alles super . Doch leider habe ich während ich die verlangte log Antworten wollte mein Browser geschlossen, da ich dachte ich hätte sie bereits geschickt  . Jetzt ist sie wegen den schritten die ich befolgt habe nicht mehr da. Hoffe das ist nicht so schlimm. Vielen vielen dank nochmal. Spenden kann ich leider nicht (ich bin noch Schüler) auch wenn ich es gerne tun würde. MfG Tobias |
|
12.08.2015, 11:37
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8: Werbung im Browser durch Viren Passt schon Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8: Werbung im Browser durch Viren |
| antivirus, browser, dnsapi.dll, firefox, flash player, google, homepage, iexplore.exe, installation, keine kacheln, launch, logfile, mozilla, problem, proxy, pup.optional.bdyahoo.a, registry, required, scan, security, software, stick, svchost.exe, symantec, system, tastatur, usb, viren, werbung, werkseinstellungen, windows, windows 8 |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
