| |
| |||||||
Log-Analyse und Auswertung: Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.08.2015, 23:42
| #1 |
 |  Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Mein System ist wohl seit einigen Tagen mit einem Trojaner infiziert. Aufmerksam wurde ich zuerst durch eine Meldung der Microsoft Standard-Firewall. Die entsprechende Bedrohung wurde automatisch in die Quarantäne gesetzt. Nach dem Befall hat sich in Abstand von wenigen Tagen Google-Chrome 3 mal auf meinem Rechner installiert. Darauf habe ich jedes mal den Revo-Uninstaller angewendet und das Programm entfernt, in der Hoffnung es vom System runter zu haben. Dies ist scheinbar nicht der Fall, da ich seit gestern mit nicht funktionierendem Windows-Update zu kämpfen habe. Des Weiteren haben diverse Scanner so einiges mehr zur Tage gefördert als das Standard Scann-Verfahren von Windows. Ich hoffe, dass ich hier in diesem Forum die nötige Hilfe erhalten kann, damit ich mein System wieder "sauber" bekomme. Im Voraus vielen Dank für jede Hilfestellung! Anbei füge ich alle Logs an, die Ihr benötigt + alle anderen die ich gesammelt habe. defogger Logfile: Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:05 on 10/08/2015 (Lukas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
durchgeführt von Lukas (Administrator) auf LUKAS-PC (10-08-2015 00:08:03)
Gestartet von C:\Users\Lukas\Desktop
Geladene Profile: Lukas (Verfügbare Profile: Lukas)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Windows\System32\dmwu.exe
() C:\Windows\Runservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
() C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\SysWOW64\mjcm\dnkt.exe
() C:\Windows\System32\tprb\dnkt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Macrovision Europe Ltd.) C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\Program Files (x86)\iSaver\iSaverCtrl.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-03-17] (Nullsoft, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk [2011-07-15]
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2014-06-05]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
CHR HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 - (Kein Name) - {5570f0a0-580c-4c69-808f-8b2aaa2aa93c} - Keine Datei
URLSearchHook: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 - (Kein Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Keine Datei
URLSearchHook: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 - (Kein Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Keine Datei
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {C84562DC-1C5F-407A-9249-FA145D0EF8A3} URL = hxxp://www.google.de/search?q={searchTerms}
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://vpnssl1.cs.fh-nuernberg.de/NELX.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{36ED2503-3472-49B3-98F0-DD22FE2554CD}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{374433E6-840B-4DE2-8222-90A0D58C5370}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{61B76604-D8E8-4932-A814-365652761723}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{7E43D05F-1449-46D5-9A2D-B9D5D446AAFA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A6C7773B-0CAD-409B-BE74-D9ECF596AB76}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{BB33C0B5-43E6-4F0B-9097-FCB5D671036E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E8624FA6-16DD-4418-9AD2-DAD9CB3A259A}: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default
FF Homepage: https://www.malwarebytes.org/restorebrowser//
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-24] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2010-02-19] (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-29]
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [oibhdbdejgpfhoddlpccabifnmmopchn] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ojkljipanbocbngapmmpflnkgmnohjhm] - <kein Path/update_url>
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Lukas\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-05-23]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 03e661da; c:\ProgramData\WinFilter\WinFilterSvc.dll [177488 2013-12-28] () [Datei ist nicht signiert]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2010-03-12] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Datei ist nicht signiert]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2015-03-16] () [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-17] (Electronic Arts)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [Datei ist nicht signiert]
R2 resegioninhelp; C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe [7596652 2015-08-03] () [Datei ist nicht signiert] <==== ACHTUNG
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [56448 2012-02-10] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-02] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U0 njofuf; C:\Windows\System32\drivers\ofnrtkqh.sys [79064 2015-08-09] (Malwarebytes Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [854632 2010-12-31] (Realtek Semiconductor Corporation )
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-10 00:08 - 2015-08-10 00:08 - 00023706 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-08-10 00:07 - 2015-08-10 00:08 - 00000000 ____D C:\FRST
2015-08-10 00:05 - 2015-08-10 00:05 - 00000542 _____ C:\Users\Lukas\Desktop\defogger_disable.log
2015-08-10 00:05 - 2015-08-10 00:05 - 00000168 _____ C:\Users\Lukas\defogger_reenable
2015-08-09 23:55 - 2015-08-09 23:55 - 00095986 _____ C:\Users\Lukas\Desktop\mbam.txt
2015-08-09 23:47 - 2015-08-09 23:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ofnrtkqh.sys
2015-08-09 23:17 - 2015-08-09 23:17 - 02171392 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-08-09 23:17 - 2015-08-09 23:17 - 00380416 _____ C:\Users\Lukas\Desktop\Gmer-19357.exe
2015-08-09 23:14 - 2015-08-09 23:14 - 00050477 _____ C:\Users\Lukas\Desktop\Defogger.exe
2015-08-09 21:18 - 2015-08-09 21:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 21:18 - 2015-08-09 21:18 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-09 21:18 - 2015-08-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-09 21:18 - 2015-08-09 21:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-09 21:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 21:18 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-09 21:18 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-09 20:57 - 2015-08-09 20:57 - 00090478 _____ C:\Users\Lukas\Desktop\Extras.Txt
2015-08-09 20:54 - 2015-08-09 20:54 - 00105324 _____ C:\Users\Lukas\Desktop\OTL.Txt
2015-08-09 20:42 - 2015-08-09 20:42 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-09 19:52 - 2015-08-09 19:55 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\WiseUpdate
2015-08-09 19:45 - 2015-08-09 19:55 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\Wise Registry Cleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00001227 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\Program Files (x86)\Wise
2015-08-09 17:22 - 2015-08-09 17:22 - 00000000 ____D C:\Windows\CheckSur
2015-08-09 17:12 - 2015-08-09 23:47 - 00000000 ____D C:\Program Files\FIendBestDeAl
2015-08-09 17:12 - 2015-08-09 23:47 - 00000000 ____D C:\Program Files\Autofill IRCTC Tatkal FormPlugin Extension
2015-08-09 17:12 - 2015-08-09 17:12 - 00000079 _____ C:\Program Files\prefs.js
2015-08-06 21:39 - 2015-08-09 16:28 - 00000000 ____D C:\Program Files (x86)\DigISaver
2015-08-06 21:39 - 2015-08-09 16:28 - 00000000 ____D C:\Program Files (x86)\DDIgiSaover
2015-08-06 21:38 - 2015-08-09 16:28 - 00000000 ____D C:\Program Files (x86)\DIgiSoaverr
2015-08-03 20:10 - 2015-08-03 20:10 - 00000000 ____D C:\Program Files (x86)\resegioninhelp
2015-07-28 18:14 - 2015-07-28 18:14 - 00000222 _____ C:\Users\Lukas\Desktop\Football Manager 2015.url
2015-07-23 20:05 - 2015-07-23 20:05 - 00001019 _____ C:\Users\Public\Desktop\ClearProg.lnk
2015-07-23 20:05 - 2015-07-23 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
2015-07-23 20:05 - 2015-07-23 20:05 - 00000000 ____D C:\Program Files (x86)\ClearProg
2015-07-23 12:38 - 2015-07-23 12:38 - 00000000 ____D C:\Users\Lukas\Downloads\Vorlagen Bewerbung
2015-07-22 12:17 - 2015-07-22 12:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\CEF
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-10 00:05 - 2011-03-16 01:35 - 00000000 ____D C:\Users\Lukas
2015-08-10 00:03 - 2015-02-20 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-09 23:58 - 2011-03-16 01:18 - 01680176 _____ C:\Windows\WindowsUpdate.log
2015-08-09 23:47 - 2015-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\4chan Plus
2015-08-09 23:47 - 2015-05-20 20:15 - 00000000 ____D C:\Program Files\SiteLauncher
2015-08-09 23:47 - 2015-05-20 20:15 - 00000000 ____D C:\Program Files\SavuerExtEnseion
2015-08-09 23:47 - 2015-04-11 16:37 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 23:47 - 2015-04-11 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-09 23:47 - 2014-12-16 18:51 - 00000000 ____D C:\ProgramData\SaverExtension
2015-08-09 23:47 - 2014-12-16 18:50 - 00000000 ____D C:\ProgramData\SaveNewaAppz
2015-08-09 23:47 - 2014-08-17 12:18 - 00000000 ____D C:\ProgramData\The AdBlocker
2015-08-09 23:47 - 2014-08-04 06:59 - 00000000 ____D C:\ProgramData\SaveMasos
2015-08-09 23:47 - 2014-08-03 20:55 - 00000000 ____D C:\ProgramData\NuEtooCouuponn
2015-08-09 23:47 - 2014-07-02 23:30 - 00000000 ____D C:\ProgramData\DeualExpress
2015-08-09 23:47 - 2014-06-13 15:41 - 00000000 ____D C:\ProgramData\FFunDeeAls
2015-08-09 23:47 - 2014-05-23 14:23 - 00000000 ____D C:\ProgramData\AlllCCheaopPrrice
2015-08-09 23:47 - 2014-02-28 01:02 - 00000000 ____D C:\ProgramData\CouPExtensioon
2015-08-09 23:47 - 2014-02-23 16:20 - 00001111 _____ C:\Users\Public\Desktop\Opera.lnk
2015-08-09 23:47 - 2014-01-31 17:57 - 00000000 ____D C:\ProgramData\UTubaeNiouADs
2015-08-09 23:47 - 2013-12-30 00:22 - 00000000 ____D C:\ProgramData\CCoupExtennsIon
2015-08-09 23:47 - 2013-12-19 21:21 - 00000000 ____D C:\Users\Lukas\AppData\Local\genienext
2015-08-09 23:47 - 2013-03-26 21:31 - 00000000 ____D C:\ProgramData\BirowwsyE2savee
2015-08-09 23:47 - 2013-01-15 10:05 - 00000000 ____D C:\ProgramData\Browse2save
2015-08-09 23:47 - 2012-09-18 21:59 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2015-08-09 23:47 - 2012-07-01 21:57 - 00000000 ____D C:\ProgramData\InstallMate
2015-08-09 23:47 - 2011-07-31 21:05 - 00000000 ____D C:\Program Files (x86)\iSaver
2015-08-09 23:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SchCache
2015-08-09 21:29 - 2013-04-10 18:37 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2015-08-09 21:18 - 2012-11-19 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 19:35 - 2011-07-21 21:41 - 00000000 ____D C:\ProgramData\TEMP
2015-08-09 19:25 - 2011-03-29 17:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-09 19:23 - 2009-07-14 06:45 - 00028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 19:23 - 2009-07-14 06:45 - 00028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 19:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 19:12 - 2009-07-14 06:51 - 00089655 _____ C:\Windows\setupact.log
2015-08-09 18:54 - 2011-03-16 01:50 - 00696092 _____ C:\Windows\PFRO.log
2015-08-09 18:52 - 2011-04-07 01:14 - 00000000 ____D C:\Users\Lukas\AppData\Local\CrashDumps
2015-08-09 17:12 - 2015-02-27 09:11 - 00000000 ____D C:\ProgramData\8108833817704537162UL
2015-08-09 16:56 - 2014-08-25 18:20 - 00000000 ____D C:\Users\Lukas\AppData\Local\SWDS
2015-08-09 16:52 - 2015-04-05 16:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-09 16:52 - 2014-02-23 16:20 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-09 16:52 - 2011-03-30 19:01 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\ScreeNet iSaver
2015-08-09 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-08-09 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-09 16:51 - 2011-10-30 21:58 - 00000000 ____D C:\Users\Lukas\AppData\Local\Sports Interactive
2015-08-09 16:27 - 2011-05-29 18:42 - 00000000 ____D C:\Users\Lukas\AppData\Local\Google
2015-08-07 20:46 - 2015-05-16 13:26 - 00000000 ____D C:\Users\Lukas\Documents\Bewerbungen 2015
2015-08-06 14:32 - 2014-06-12 20:13 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1393165213
2015-08-06 13:49 - 2011-06-12 20:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-03 12:13 - 2015-07-10 13:56 - 00000020 _____ C:\Users\Lukas\AppData\Roaming\appdataFr2.bin
2015-07-23 11:47 - 2014-12-11 21:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 00:03 - 2015-02-20 19:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 00:03 - 2015-02-20 19:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 00:03 - 2015-02-20 19:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 19:57 - 2015-01-04 22:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-09 17:12 - 2015-08-09 17:12 - 0000079 _____ () C:\Program Files\prefs.js
2015-07-10 13:56 - 2015-08-03 12:13 - 0000020 _____ () C:\Users\Lukas\AppData\Roaming\appdataFr2.bin
2015-07-06 20:32 - 2015-07-06 20:32 - 0002181 _____ () C:\Users\Lukas\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-05-14 22:28 - 2014-05-14 22:29 - 0000825 _____ () C:\Users\Lukas\AppData\Roaming\LiveSupport.exe_log.txt
2014-05-14 22:28 - 2014-05-14 22:30 - 0000092 _____ () C:\Users\Lukas\AppData\Roaming\regsvr32.exe_log.txt
2014-11-09 14:15 - 2015-06-28 00:15 - 0000265 _____ () C:\Users\Lukas\AppData\Roaming\WB.CFG
2014-11-11 20:34 - 2014-12-17 18:23 - 0000001 _____ () C:\Users\Lukas\AppData\Local\DSI.DAT
2013-10-13 01:35 - 2013-10-13 01:36 - 1065984 _____ () C:\Users\Lukas\AppData\Local\file__0.localstorage
2011-05-31 20:18 - 2011-05-31 20:18 - 0000093 _____ () C:\Users\Lukas\AppData\Local\fusioncache.dat
2011-09-23 17:34 - 2011-09-23 17:34 - 0001472 _____ () C:\Users\Lukas\AppData\Local\RecConfig.xml
2011-06-02 11:26 - 2013-10-19 07:39 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2011-11-17 00:18 - 2014-06-12 20:03 - 0017408 _____ () C:\Users\Lukas\AppData\Local\WebpageIcons.db
Einige Dateien in TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\CIB4E00.tmp.exe
C:\Users\Lukas\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Lukas\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Lukas\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Lukas\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Lukas\AppData\Local\Temp\InstallerLibrary.dll
C:\Users\Lukas\AppData\Local\Temp\ms.exe
C:\Users\Lukas\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Lukas\AppData\Local\Temp\qms.exe
C:\Users\Lukas\AppData\Local\Temp\raptrpatch.exe
C:\Users\Lukas\AppData\Local\Temp\raptr_stub.exe
C:\Users\Lukas\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Lukas\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Lukas\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Lukas\AppData\Local\Temp\tmp2858.exe
C:\Users\Lukas\AppData\Local\Temp\ValidationScriptLibrary.dll
C:\Users\Lukas\AppData\Local\Temp\WindowsUpdateAgent30-x64.exe
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-02 16:27
==================== Ende von log ============================
Die Anwendung GMER habe ich leider nicht ausführen können. zusätzlich füge ich noch die FRST Addition + drei weitere Logfiles, die ich zuvor erstellt habe. FRST Addition FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-08-2015
durchgeführt von Lukas (2015-08-10 00:09:04)
Gestartet von C:\Users\Lukas\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3103388830-3129877404-954900241-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3103388830-3129877404-954900241-1005 - Limited - Enabled)
Gast (S-1-5-21-3103388830-3129877404-954900241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3103388830-3129877404-954900241-1002 - Limited - Enabled)
Lukas (S-1-5-21-3103388830-3129877404-954900241-1001 - Administrator - Enabled) => C:\Users\Lukas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}) (Version: 3.2.0.0386 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{4835750F-F8A7-4D3C-A6A9-123E31C12AF8}) (Version: 4.1.0.0575 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASRock InstantBoot v1.24 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
Biohazard 6 Benchmark Tool (HKLM-x32\...\Steam App 231390) (Version: - Capcom)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CIB pdf brewer (HKLM\...\{6C97B34C-51D6-49FB-9FEC-C4669CA866EF}) (Version: 2.6.0044 - CIB software GmbH)
ClearProg 1.6.0 Final (HKLM-x32\...\ClearProg) (Version: 1.6.0 Final - Sven Hoffman)
Configuration DivX (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.11 - DivX, LLC)
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.2.0185 - DT Soft Ltd) <==== ACHTUNG
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Draft Analyzer (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\790152df1a5783f8) (Version: 1.2.0.2 - StelmackSoft)
Driver Fusion (HKLM-x32\...\Steam App 233570) (Version: - )
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FMRTE 15.2.1.10 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.2.1.10 - FMRTE)
fmXML version 0.3 (HKLM-x32\...\fmXML_is1) (Version: - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version: - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
GamePlanAnalyzer (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\bc1f77244dd140f8) (Version: 1.0.0.7 - GamePlanAnalyzer)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX Scene Builder 1.1 (HKLM-x32\...\{AB468309-88EB-4250-BFEA-45479091102B}) (Version: 1.1 - Oracle)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nitro Reader 3 (HKLM\...\{4E1C1F33-BD77-4D84-8FEC-6DE9977BFBF2}) (Version: 3.5.2.10 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.0 (HKLM-x32\...\{CCA09491-F5C1-4D20-91A6-7F7E39769E94}) (Version: 3.0.9379 - OpenOffice.org)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smart Data Recovery v4.3 (HKLM-x32\...\Smart Data Recovery_is1) (Version: 4.3 - Smart PC Solutions)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{5A2E0110-0296-46C3-97E1-C6A0D36E898A}) (Version: 2.1.1.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Total Recorder 8.3 Standard Edition (HKLM-x32\...\TotalRecorder) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinFilter (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da}) (Version: - GreatSoft) <==== ACHTUNG
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
Wise Registry Cleaner 8.66 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.66 - WiseCleaner.com, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
07-08-2015 16:00:20 Windows Update
08-08-2015 16:00:17 Windows Update
09-08-2015 12:43:33 Windows-Sicherung
09-08-2015 12:51:21 Windows-Sicherung
09-08-2015 14:18:47 Windows Update
09-08-2015 15:36:38 Wiederherstellungsvorgang
09-08-2015 16:03:29 Windows-Sicherung
09-08-2015 16:14:23 Wiederherstellungsvorgang
09-08-2015 17:06:22 Windows-Sicherung
09-08-2015 17:22:09 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2014-05-15 17:03 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1AFA25B6-6145-4B33-9D55-0B283C7C7E21} - System32\Tasks\Opera scheduled Autoupdate 1393165213 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)
Task: {23771831-59AD-41EC-8AFC-B73B320555C8} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2015-08-07] (WiseCleaner.com)
Task: {2E7E0EDB-9E5D-4831-856B-A3E326C98736} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {307AA22C-D651-4ABE-8FA5-6C0703B00959} - System32\Tasks\{48E73758-AFEA-49D8-B3D2-DEEA09A9ADE5} => pcalua.exe -a "C:\Program Files (x86)\NCH Swift Sound\VRS\uninst.exe"
Task: {9DA00726-C9F7-4681-8642-E32D8FEF0D77} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D00BAFBD-5CA5-40AF-91FE-037DD8EC01E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {DCC6580A-3085-4B88-9288-6E9EF06454B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E14B03CF-8D73-4CC8-96D0-CF1D703ACFCC} - System32\Tasks\{8D26E614-C7B9-4FAE-8246-E32203F29745} => pcalua.exe -a "C:\Users\Lukas\Downloads\Sunbird_Setup_1.0_Beta_1 (1).exe" -d C:\Users\Lukas\Downloads
Task: {ED926A15-0909-49EF-B263-87A911E9DCDC} - System32\Tasks\{1EFA2FBD-92CC-4B31-A6D4-18C7BFB5A1C2} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Pesgalaxy.com Patch 2013\PESGalaxySwitch.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-05-29 15:51 - 2011-05-29 15:51 - 00058880 _____ () C:\Windows\system32\dui7032.dll
2013-12-28 16:01 - 2013-12-28 16:01 - 04189696 _____ () C:\ProgramData\WinFilter\WinFilter_x64.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-01-10 14:49 - 2011-01-10 14:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-09-18 21:59 - 2015-01-05 18:48 - 03039536 ____N () C:\Windows\system32\dmwu.exe
2015-03-16 04:03 - 2015-03-16 04:03 - 00002560 _____ () C:\Windows\runservice.exe
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-16 02:37 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-08-03 20:10 - 2015-08-03 20:10 - 07596652 _____ () C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe
2015-01-05 18:48 - 2015-01-05 18:48 - 00781616 _____ () C:\Windows\SysWOW64\mjcm\dnkt.exe
2015-01-05 18:48 - 2015-01-05 18:48 - 00921392 _____ () C:\Windows\System32\tprb\dnkt.exe
2015-01-05 18:48 - 2015-01-05 18:48 - 02154288 _____ () C:\Windows\System32\tprb\5154\nsib.dll
2011-03-21 20:56 - 2011-03-21 20:56 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-07-31 21:05 - 2009-06-08 12:11 - 01160192 _____ () C:\Program Files (x86)\iSaver\iSaverCtrl.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-28 16:01 - 2013-12-28 16:01 - 04303360 _____ () c:\ProgramData\WinFilter\WinFilter.dll
2013-12-28 16:01 - 2013-12-28 16:01 - 00177488 _____ () c:\ProgramData\WinFilter\WinFilterSvc.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-16 04:03 - 2015-03-16 04:03 - 00045056 _____ () C:\Windows\mmfs.dll
2013-03-12 18:10 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 18:32 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 18:32 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 18:32 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 20:52 - 2015-07-24 01:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-14 06:44 - 2015-07-24 01:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 12:16 - 2015-07-07 22:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-08-09 19:13 - 2015-08-09 19:13 - 00697884 _____ () C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0044\~df394b.tmp
2015-08-09 19:14 - 2015-08-09 19:14 - 00592896 _____ () C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0044\~de6248.tmp
2009-01-26 21:58 - 2009-01-26 21:58 - 00969728 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-03-16 01:49 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2011-03-16 01:49 - 2009-04-20 12:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-01-05 18:48 - 2015-01-05 18:48 - 01710384 _____ () C:\Windows\SysWOW64\mjcm\5154\nsib.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-07-31 21:05 - 2009-06-08 12:11 - 00450048 _____ () C:\Program Files (x86)\iSaver\iPlugin.dll
2011-07-31 21:05 - 2009-06-08 12:11 - 01151488 _____ () C:\Program Files (x86)\iSaver\iEngine.dll
2011-03-29 17:34 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 58599032 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\opera.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 01781368 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\libglesv2.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 00081528 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\libegl.dll
2015-07-15 00:03 - 2015-07-15 00:03 - 16307888 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:A8AF8B49
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Classes\.exe: exefile => <===== ACHTUNG
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Classes\exefile: <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B946E0BA-D5BF-4D65-B2FF-BFE60A016948}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A87FE51F-CEED-40A6-8C1C-906181B42100}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D7A0D845-DCEC-4940-8DE4-6543D8B6B3AA}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1F14052A-15E9-410F-9BAA-EF1FB8E2280B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{0E043A6E-E302-450F-A233-EAE4BCEFAAB5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E80D421F-9E81-4D5F-BE13-4A9A4555F8A2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{2C366063-B893-4ED0-A232-80509F5AE30A}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7EDF11F7-7ABD-497E-A521-4A82C496C122}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{159A3875-6FAD-4448-96E0-5D02E7997425}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20CB0FAB-D58E-4A48-A0D9-00300D2B3E36}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B03AB44-0170-4157-A262-936071E4C924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8269810E-AFCA-4FE4-BBAE-B87A02C3867F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{18A211F4-0FAD-420C-8DAE-2A9E0366C3DA}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{602E03CD-9BE3-4A4B-88CA-F2AD3AF30094}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{B78A0275-0860-4712-85F4-DFA37A7FB7C4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6DC28745-B760-41F4-9B86-A885724A6020}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{13BCADAF-066A-47B6-9EFF-F60062149E9F}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EF79003E-439F-4E09-ADCF-3A18A6770885}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{D5AFBD1C-CD90-479E-AE97-BD0120C3DC04}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{B6164A22-FDEF-44E2-8192-463C60D21129}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{72B0AFE3-7775-4842-A01E-02D4E727CFD5}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{8229A504-B6B3-4C45-B592-9BC7E1963A91}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{3144577E-127F-49EF-9B69-D7BCE7F85DEF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{0BE05BE2-AD15-4684-AB03-B5E552AEA539}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7AEAFB64-05D2-41F8-BE5B-D6DEE5BDC554}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{6F247F3A-0E2F-4940-84A6-F888C53B6E35}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{AB07CAA1-130B-4429-8E80-86EEF2A75A97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{E79AEED7-8519-4F62-BB01-679EC0EB2074}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [TCP Query User{A991ACC9-B7B0-4CB6-899C-09CE3870A26E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{D02BC1BE-975F-4A5A-BDA3-9827CD7A607E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{FAFA5EE1-FF30-4AFD-8E82-BF5A16A5484B}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{B3356AE5-A086-4024-BF51-B055F9667E8F}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [{41ACF74E-625C-489D-9AA2-C666BB2E9F7E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{93ADF1B8-995F-4871-9532-CAECD72F2DAE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{C8154014-2D3D-4215-A1BC-E67F0F663B2F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1A2E9A96-FFF0-4D19-9B9B-36ED850E4AD2}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{8DE00F84-3A13-4F43-8529-E42EC4B86C1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe
FirewallRules: [{499ED506-0AA1-4A69-9AD2-21E857D80435}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe
FirewallRules: [TCP Query User{272A0C38-A1BC-4C3A-859C-18072AE987FE}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{7F7B9F58-243C-4F60-845E-E6260309749D}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{72698E50-CB25-421C-AFD6-FFD8ECA6A17D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F94DB783-9C7D-48F3-B3C4-D6D5C0B2047D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Biohazard 6 Benchmark Tool\BH6.exe
FirewallRules: [{17B6B42C-EB29-4A78-BB56-1448D0F534A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Biohazard 6 Benchmark Tool\BH6.exe
FirewallRules: [{1DD92EDF-934B-451F-AFA6-5858E03544C2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF62527A-1F5D-4194-B300-B112D7343405}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6CA65887-EEB0-476C-93A3-14AE1633CC4A}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{1731CFC2-C31C-4870-BBF2-FE96FA324E96}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{D86FCC0D-8B38-42E4-8153-12FE3567E63B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D14DC31-BC60-4474-B2EE-8F974A6A0877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB7757CF-A03D-4497-B979-71B6E909420C}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{37C9E266-14D0-44DF-9EE3-43F84D9F8D4C}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{CC160C3F-F24E-4340-8615-F7E9774716F9}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{A08D94F6-83B8-4E26-9D3E-D1DA50C8BD78}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Mafia II\pc\mafia2.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/09/2015 11:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x193c
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (08/09/2015 11:06:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/09/2015 08:42:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/09/2015 08:42:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/09/2015 07:44:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SmartDataRecovery.exe, Version 4.3.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1654
Startzeit: 01d0d2c9cecc6252
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Smart PC Solutions\Smart Data Recovery\SmartDataRecovery.exe
Berichts-ID:
Error: (08/09/2015 07:24:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0xdb0
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (08/09/2015 07:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0xaa8
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (08/09/2015 06:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0xfe0
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (08/09/2015 06:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 15.3.2.0, Zeitstempel: 0x551d37bc
Name des fehlerhaften Moduls: fm.exe, Version: 15.3.2.0, Zeitstempel: 0x551d37bc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00b66406
ID des fehlerhaften Prozesses: 0x1a18
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3
Error: (08/09/2015 06:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wusa.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a70
Startzeit: 01d0d2b70725787c
Endzeit: 1
Anwendungspfad: C:\Windows\SysWOW64\wusa.exe
Berichts-ID:
Systemfehler:
=============
Error: (08/09/2015 11:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/09/2015 08:44:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/09/2015 08:44:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/09/2015 08:44:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/09/2015 08:44:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/09/2015 08:44:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/09/2015 08:44:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/09/2015 08:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/09/2015 08:42:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/09/2015 08:42:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office:
=========================
Error: (08/09/2015 11:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de193c01d0d2e9b506563aC:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dllf41e6cf5-3edc-11e5-8b1b-0025228d8296
Error: (08/09/2015 11:06:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/09/2015 08:42:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe
Error: (08/09/2015 08:42:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe
Error: (08/09/2015 07:44:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SmartDataRecovery.exe4.3.0.0165401d0d2c9cecc625216C:\Program Files (x86)\Smart PC Solutions\Smart Data Recovery\SmartDataRecovery.exe
Error: (08/09/2015 07:24:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027dedb001d0d2c82df414e0C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll6c234ed3-3ebb-11e5-8b1b-0025228d8296
Error: (08/09/2015 07:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027deaa801d0d2c6967d6756C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dlle3fe6209-3eb9-11e5-8b1b-0025228d8296
Error: (08/09/2015 06:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027defe001d0d2c482ff9c27C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dllc17b3ebf-3eb7-11e5-b22f-0025228d8296
Error: (08/09/2015 06:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.3.2.0551d37bcfm.exe15.3.2.0551d37bcc000000500b664061a1801d0d2be7a960d41D:\Steam Ordner 2\steamapps\common\Football Manager 2015\fm.exeD:\Steam Ordner 2\steamapps\common\Football Manager 2015\fm.exef123a5cf-3eb6-11e5-8237-0025228d8296
Error: (08/09/2015 06:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wusa.exe6.1.7601.175141a7001d0d2b70725787c1C:\Windows\SysWOW64\wusa.exe
CodeIntegrity:
===================================
Date: 2011-08-27 16:51:56.939
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:56.909
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:55.175
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:55.146
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:54.117
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:54.086
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:53.054
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:53.024
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:34.829
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:34.800
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8191.24 MB
Verfügbarer physikalischer RAM: 3531.76 MB
Summe virtueller Speicher: 16380.69 MB
Verfügbarer virtueller Speicher: 10901.18 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:130.7 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:279.39 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 91D9BB8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 590E3263)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== Ende von log ============================
|
|
09.08.2015, 23:52
| #2 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 MBAM Logfile:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 09.08.2015 Suchlaufzeit: 21:21 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.09.05 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lukas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 422921 Abgelaufene Zeit: 2 Std., 17 Min., 21 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 Adware.InstallBrain, C:\Windows\System32\dmwu.exe, 2124, Löschen bei Neustart, [b118897d1873c86e0e6c410cf70da060] PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iSaverCtrl.exe, 5032, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 303 PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.9, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.9, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.9, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}\INPROCSERVER32, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [f1d89a6c2c5f2b0b4269dfb8d230916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [f1d89a6c2c5f2b0b4269dfb8d230916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [f1d89a6c2c5f2b0b4269dfb8d230916f], PUP.Optional.EasyLife.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}, In Quarantäne, [408913f3602bf24410515c6f956d3ac6], PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}, In Quarantäne, [408913f3602bf24410515c6f956d3ac6], PUP.Optional.Babylon.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [4980e1255635c27432aadcb7c2406f91], PUP.Optional.CouponAlerts.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F791D8AE-47E8-40A5-A913-EB2D2AF29602}, In Quarantäne, [84459b6b5734280ea55e10886d95ff01], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [5e6bea1cf69521155187ac1f35cdbe42], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [8f3a7a8c5c2f0135ddfc5b703bc7bf41], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.SilentInstall.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}, In Quarantäne, [e1e8778f404b6dc95b20846453ad7f81], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, In Quarantäne, [5b6e0ff73d4e5cda7a4cec431be69f61], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C6E49138-C2CF-5337-D358-0734FD33EFB4}, In Quarantäne, [6a5fc73f3b50a3936122d04148b9de22], PUP.Optional.MultiPlug.Uns, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, In Quarantäne, [78519a6cc6c558de1882780789795ea2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}, In Quarantäne, [deeb0006048750e6453598998a77936d], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{98449C67-C7AF-BB53-112D-26C916814611}, In Quarantäne, [339629dd6823fa3cac29d6a4a061f907], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}, In Quarantäne, [04c5a95df695fa3c795c9fdb61a036ca], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_.9, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_.9, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_.9, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}, In Quarantäne, [b71229ddcac184b2f9dce694b54cc937], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{51417852-174C-88D4-34A0-D0FE7858BE47}, In Quarantäne, [04c59076b2d954e2874ea5d5bf42f907], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}, In Quarantäne, [31982ed8c0cb84b24d887406dc2525db], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{20DECC9C-3FEC-48DA-AACC-7DF2EA6ADD0B}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{243DBF42-7E71-49FB-A624-3BF0E135DDBB}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7F9C5EFA-CF30-4C2B-87DB-F22416234288}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3860E7E-5749-4186-AF1D-F5E49ACE3C31}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{20DECC9C-3FEC-48DA-AACC-7DF2EA6ADD0B}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{243DBF42-7E71-49FB-A624-3BF0E135DDBB}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7F9C5EFA-CF30-4C2B-87DB-F22416234288}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D3860E7E-5749-4186-AF1D-F5E49ACE3C31}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{20DECC9C-3FEC-48DA-AACC-7DF2EA6ADD0B}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{243DBF42-7E71-49FB-A624-3BF0E135DDBB}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7F9C5EFA-CF30-4C2B-87DB-F22416234288}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D3860E7E-5749-4186-AF1D-F5E49ACE3C31}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3FC69210-B7B9-4F4B-B279-C5B0832BAE2C}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8A3BE153-291B-47CE-9CD0-244314616F0E}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C457B822-F9CF-423C-A76C-21AA0E5BEAF7}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3FC69210-B7B9-4F4B-B279-C5B0832BAE2C}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8A3BE153-291B-47CE-9CD0-244314616F0E}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C457B822-F9CF-423C-A76C-21AA0E5BEAF7}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3FC69210-B7B9-4F4B-B279-C5B0832BAE2C}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8A3BE153-291B-47CE-9CD0-244314616F0E}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C457B822-F9CF-423C-A76C-21AA0E5BEAF7}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SweetIM, In Quarantäne, [76539175cfbccc6a6870ad7f2fd459a7], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT1060933, In Quarantäne, [a623a85e5536eb4b49508b190301946c], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2117678, In Quarantäne, [6a5f26e05c2f77bff9a0752f38cce818], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2795644, In Quarantäne, [7059bf475b30ef475a3f663e7d87a759], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [b5140ef8f794b2846256c38f43c0c53b], PUP.Optional.BenchUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bench-sys, Löschen bei Neustart, [428714f20b807eb81111b065cc374fb1], PUP.Optional.BenchUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bench-Updater removing, Löschen bei Neustart, [f5d47a8cd7b4979f53cf868f40c3aa56], PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WSE_Astromenda, Löschen bei Neustart, [8940a363503bb680a379a86d35ce9f61], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [14b546c02c5f95a1682a8123d2327c84], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT, In Quarantäne, [07c2d5319af1c76fcb4d86f415efdc24], PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\WOW6432NODE\AdvertisingSupport, In Quarantäne, [983136d0fc8f51e5466f39f8907332ce], PUP.Optional.CouponAlerts.A, HKLM\SOFTWARE\WOW6432NODE\Coupon Alerts, In Quarantäne, [4584b25439529f977c51212daf5439c7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [efda8c7a72190c2a7c473f21ea1923dd], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\InstallCore, In Quarantäne, [5574e71fdcaffc3a13939ea4a360728e], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, In Quarantäne, [bb0eef174c3fb680b52386a6a75cd828], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT1060933, In Quarantäne, [369319ed434854e2b1e8bce840c47090], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2117678, In Quarantäne, [d5f427df52390036a5f42b7949bba55b], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2795644, In Quarantäne, [96331cea662552e4aaef9a0a30d4946c], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [49803bcb315a082e4474331f32d1bf41], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, In Quarantäne, [884158ae0388f93dcfbbca6ca3607789], PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, In Quarantäne, [8049ed190784ef47b78f6db0ea19ad53], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [af1aea1c56359f971f73267eac583ac6], Adware.InstallBrain, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService, In Quarantäne, [b118897d1873c86e0e6c410cf70da060], PUP.Optional.SweetIM.A, HKU\S-1-5-18\SOFTWARE\SweetIM, In Quarantäne, [94351cea55367eb88b4ced3f748f22de], PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, In Quarantäne, [e0e9778fc7c481b537e099e13fc50bf5], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\1ClickDownload, In Quarantäne, [1bae2dd9365500365e20afc5bd47fc04], PUP.Optional.InstallCore.C, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\InstallCore, In Quarantäne, [a326b452e6a506307df32086d52f649c], PUP.Optional.Squeaky.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\Squeaky, In Quarantäne, [e8e1cb3bb2d9bb7b510ec85bb54e27d9], PUP.Optional.SweetIM.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\SweetIM, In Quarantäne, [46839e68f19a53e34196c96350b34fb1], PUP.Optional.Astromenda.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\wse_astromenda, In Quarantäne, [a2276a9ccebd4bebc658c17cf310ae52], PUP.Optional.SProtector.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\APPDATALOW\SProtector, In Quarantäne, [fdcc21e55437290d960c9ed78e7626da], PUP.Optional.Conduit.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, In Quarantäne, [4485778ffc8f47ef1203ed44af5436ca], PUP.Optional.CrossRider.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [c900c1457219d95dd409186e17ed22de], PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [d6f329dd365573c3a01c425ca361f907], PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}, In Quarantäne, [5a6f57af9eedd0665a62f6a8fb0959a7], PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\WNLT, In Quarantäne, [8e3b0bfba8e392a40116d6a4f311e41c], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WNLT, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C987897E-F70A-458C-896B-54A454819F9D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5EBF305B-8036-4379-B6AE-FC355BFF9464}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{32D37CAB-4DFA-4847-A886-A5C6F26EF990}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA0FB24B-235A-43C2-A574-D642ECED3E3F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DDEEAF36-1967-4A6A-90CA-327094E8F2D4}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{32D37CAB-4DFA-4847-A886-A5C6F26EF990}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA0FB24B-235A-43C2-A574-D642ECED3E3F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DDEEAF36-1967-4A6A-90CA-327094E8F2D4}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{32D37CAB-4DFA-4847-A886-A5C6F26EF990}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA0FB24B-235A-43C2-A574-D642ECED3E3F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DDEEAF36-1967-4A6A-90CA-327094E8F2D4}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5EBF305B-8036-4379-B6AE-FC355BFF9464}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5EBF305B-8036-4379-B6AE-FC355BFF9464}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iEngine.URLPreviewPage, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iEngine.URLPreviewPage, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iEngine.URLPreviewPage, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C987897E-F70A-458C-896B-54A454819F9D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EB414BCC-E1BD-4809-AA0D-E1FEDFE8B59B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iEngine.URLPreview, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iEngine.URLPreview, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iEngine.URLPreview, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EB414BCC-E1BD-4809-AA0D-E1FEDFE8B59B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01045116-B0BD-4D34-BDE7-95E24DEFA068}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{06F37872-B70D-43A3-A1E4-917DB57CF4ED}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{143FE1AD-BDF6-49DE-A062-13A1B73F00DE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{168FF480-A1B1-4176-A14C-39E1D6C7DAF8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1C89F77B-7536-4464-A96B-5F000105C482}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2163BA6A-5A61-437F-BD72-9C8574039DCC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{28F48A2B-EF20-42B3-8023-6F312B41DD1A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37E9C8E4-8EE0-4177-8E0B-02018165D512}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A6B4BA2-55E7-4683-9FE6-E6935E9A5C9F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4521010E-F9C0-4A92-B0F1-0F58E723B44E}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{476EECE5-8340-4A90-8532-7FC0AD1A9B85}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47CA8A75-CA46-403F-88E3-DB639AA570CA}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{54580C9C-4969-47ED-B07C-47DF914BA5EE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6267A223-8C50-40EA-BA4E-FA22A550EE94}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{75603FF3-33B1-45F3-8027-A80CEEFF40CE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8480F36A-DFC9-4BC0-B153-2952D09468E9}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{92D2F519-1994-4AE2-B530-268B73E3B146}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A0B767D6-D43B-4A61-9ECA-31B99EDC3322}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8EB2AF7-51C0-449B-9D66-281584E01BAC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AFF0C879-4060-4E2E-9771-866DE428D549}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32D9D3C-0796-470D-AE05-3255ECB97CE8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B66366A2-6BA1-4098-A8A4-5201429F16F0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B8B20BAD-272E-406B-84C2-7648CF2AAFA7}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DB838F51-689A-4EC7-A3AB-C9F6E9E52E49}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DCD74798-11D9-4F78-A5C6-64A537B066AE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3047AF3-53F0-4EDA-8D09-F1A47EE8911B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EB00D4F9-A922-4125-BEE9-8DD3DCD48F5D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F3121B44-111E-459A-8635-F9684DAFBA69}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA4B231A-5073-41EC-A9B1-94C1EED84716}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{06F37872-B70D-43A3-A1E4-917DB57CF4ED}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{143FE1AD-BDF6-49DE-A062-13A1B73F00DE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{168FF480-A1B1-4176-A14C-39E1D6C7DAF8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1C89F77B-7536-4464-A96B-5F000105C482}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2163BA6A-5A61-437F-BD72-9C8574039DCC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28F48A2B-EF20-42B3-8023-6F312B41DD1A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37E9C8E4-8EE0-4177-8E0B-02018165D512}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A6B4BA2-55E7-4683-9FE6-E6935E9A5C9F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4521010E-F9C0-4A92-B0F1-0F58E723B44E}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{476EECE5-8340-4A90-8532-7FC0AD1A9B85}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47CA8A75-CA46-403F-88E3-DB639AA570CA}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54580C9C-4969-47ED-B07C-47DF914BA5EE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6267A223-8C50-40EA-BA4E-FA22A550EE94}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75603FF3-33B1-45F3-8027-A80CEEFF40CE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8480F36A-DFC9-4BC0-B153-2952D09468E9}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{92D2F519-1994-4AE2-B530-268B73E3B146}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A0B767D6-D43B-4A61-9ECA-31B99EDC3322}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8EB2AF7-51C0-449B-9D66-281584E01BAC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AFF0C879-4060-4E2E-9771-866DE428D549}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32D9D3C-0796-470D-AE05-3255ECB97CE8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B66366A2-6BA1-4098-A8A4-5201429F16F0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B8B20BAD-272E-406B-84C2-7648CF2AAFA7}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DB838F51-689A-4EC7-A3AB-C9F6E9E52E49}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DCD74798-11D9-4F78-A5C6-64A537B066AE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3047AF3-53F0-4EDA-8D09-F1A47EE8911B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB00D4F9-A922-4125-BEE9-8DD3DCD48F5D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F3121B44-111E-459A-8635-F9684DAFBA69}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA4B231A-5073-41EC-A9B1-94C1EED84716}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{06F37872-B70D-43A3-A1E4-917DB57CF4ED}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{143FE1AD-BDF6-49DE-A062-13A1B73F00DE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{168FF480-A1B1-4176-A14C-39E1D6C7DAF8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1C89F77B-7536-4464-A96B-5F000105C482}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2163BA6A-5A61-437F-BD72-9C8574039DCC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{28F48A2B-EF20-42B3-8023-6F312B41DD1A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37E9C8E4-8EE0-4177-8E0B-02018165D512}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A6B4BA2-55E7-4683-9FE6-E6935E9A5C9F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4521010E-F9C0-4A92-B0F1-0F58E723B44E}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{476EECE5-8340-4A90-8532-7FC0AD1A9B85}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47CA8A75-CA46-403F-88E3-DB639AA570CA}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54580C9C-4969-47ED-B07C-47DF914BA5EE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6267A223-8C50-40EA-BA4E-FA22A550EE94}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{75603FF3-33B1-45F3-8027-A80CEEFF40CE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8480F36A-DFC9-4BC0-B153-2952D09468E9}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{92D2F519-1994-4AE2-B530-268B73E3B146}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A0B767D6-D43B-4A61-9ECA-31B99EDC3322}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A8EB2AF7-51C0-449B-9D66-281584E01BAC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AFF0C879-4060-4E2E-9771-866DE428D549}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B32D9D3C-0796-470D-AE05-3255ECB97CE8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B66366A2-6BA1-4098-A8A4-5201429F16F0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B8B20BAD-272E-406B-84C2-7648CF2AAFA7}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DB838F51-689A-4EC7-A3AB-C9F6E9E52E49}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DCD74798-11D9-4F78-A5C6-64A537B066AE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E3047AF3-53F0-4EDA-8D09-F1A47EE8911B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EB00D4F9-A922-4125-BEE9-8DD3DCD48F5D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F3121B44-111E-459A-8635-F9684DAFBA69}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA4B231A-5073-41EC-A9B1-94C1EED84716}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.NullActionPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.NullActionPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.NullActionPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{01045116-B0BD-4D34-BDE7-95E24DEFA068}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01A2654F-DEBD-40CA-A5FD-E20CBD49DA6C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMRequest, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMRequest, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMRequest, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{01A2654F-DEBD-40CA-A5FD-E20CBD49DA6C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{06BC106E-E6F0-41C1-8326-C5F96698D65D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMObjectList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMObjectList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMObjectList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{06BC106E-E6F0-41C1-8326-C5F96698D65D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0EB9C4ED-F163-4E47-BCDF-82D56C2F4DB8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMIdList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMIdList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMIdList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0EB9C4ED-F163-4E47-BCDF-82D56C2F4DB8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0FD8FD1A-7900-4379-9110-051258BAF158}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.NullPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.NullPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.NullPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0FD8FD1A-7900-4379-9110-051258BAF158}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{29904BFB-4245-4E48-9F06-0A46F1204877}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMStdApplication, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMStdApplication, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMStdApplication, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{29904BFB-4245-4E48-9F06-0A46F1204877}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5EAD7FE5-2C27-49F0-83FA-8E24A0649BB1}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMSimpleContainer, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMSimpleContainer, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMSimpleContainer, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5EAD7FE5-2C27-49F0-83FA-8E24A0649BB1}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AD478D0B-6387-4120-9A2B-F0386399AAC5}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMUriRef, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMUriRef, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMUriRef, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AD478D0B-6387-4120-9A2B-F0386399AAC5}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D535B075-217D-481C-A025-33F81016CD84}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMAction, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMAction, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMAction, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D535B075-217D-481C-A025-33F81016CD84}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E51B8113-3F1C-4C07-9DBC-EAE5CEFD975C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMPluginManager, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMPluginManager, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMPluginManager, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E51B8113-3F1C-4C07-9DBC-EAE5CEFD975C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F06AF7BA-8D16-499D-AAB2-404406B46AD0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMPluginManager2, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMPluginManager2, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMPluginManager2, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F06AF7BA-8D16-499D-AAB2-404406B46AD0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], Registrierungswerte: 23 PUP.Optional.NextLive.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [c80184821e6de3539b166ca9b34e946c] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [14b546c02c5f95a1682a8123d2327c84] PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT|PDV, [BLACKLIST=1], In Quarantäne, [07c2d5319af1c76fcb4d86f415efdc24] PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, In Quarantäne, [dced10f6eba065d1c6b404164cb728d8] PUP.Optional.EasyLifeApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}|URL, hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ie2&r=2013/03/26&hid=4244877122&lg=EN&cc=DE, In Quarantäne, [c1083cca9af12d09a72a2beef11216ea] PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678, In Quarantäne, [8049ed190784ef47b78f6db0ea19ad53] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [af1aea1c56359f971f73267eac583ac6] PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [e0e9778fc7c481b537e099e13fc50bf5] PUP.Optional.EasyLifeApp.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}|URL, hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ie2&r=2013/03/26&hid=4244877122&lg=EN&cc=DE, In Quarantäne, [e5e4887e5f2ca294eae699807c8747b9] PUP.Optional.Babylon.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), In Quarantäne, [8e3b34d289025adc1b00a3f83dc757a9] PUP.Optional.Babylon.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290412_2_bst&babsrc=SP_ss&mntrId=d432252d0000000000000025228d8296, In Quarantäne, [0cbdfc0a2e5dd85ec93890892ad96799] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconURL, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [d6f329dd365573c3a01c425ca361f907] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconURLFallback, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [26a30afc7714c373c6f6adf12bd9867a] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26, In Quarantäne, [dfea58ae0a813ff72d8f3a64719359a7] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURLFallback, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26, In Quarantäne, [aa1fc6402e5da78fe7d5653920e4ee12] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26, In Quarantäne, [e1e8e5214c3ff14511abddc141c3cc34] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|FaviconURL, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [5a6f57af9eedd0665a62f6a8fb0959a7] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|FaviconURLFallback, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [77529b6b701b9b9b5c605a44d23246ba] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|TopResultURL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [e0e92ed8b2d967cf2f8dced048bcc33d] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|TopResultURLFallback, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [f3d6d4323b5062d4b00c59457e86b050] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|URL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [f3d6b551e7a490a62399cdd1a262c53b] PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [8e3b0bfba8e392a40116d6a4f311e41c] PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|iSaverCtrl, C:\Program Files (x86)\iSaver\iSaverCtrl.exe --startup, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729] Registrierungsdaten: 4 Trojan.SProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\winfil~1\winfil~1.dll, Gut: (), Schlecht: (c:\progra~3\winfil~1\winfil~1.dll),Ersetzt,[b613ac5addaea39373b738e071900df3] PUP.Optional.WinFilter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\winfil~1\winfil~1.dll, Gut: (), Schlecht: (c:\progra~3\winfil~1\winfil~1.dll),Ersetzt,[577285813f4c0b2b94602705f80b8779] PUP.Optional.WinFilter.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~3\WINFIL~1\WINFIL~2.DLL, Gut: (), Schlecht: (C:\PROGRA~3\WINFIL~1\WINFIL~2.DLL),Ersetzt,[577285813f4c0b2b94602705f80b8779] PUP.Optional.GboxApp.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|First Home Page, hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=httpSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]AGut: (www.google.com)FGut: (www.google.com)Fsearch.gboxapp.comGut: (www.google.com)F&OSP=httpSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]AGut: (www.google.com)FGut: (www.google.com)Fwww.bing.comGut: (www.google.com)FsearchSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]FqSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]D%7BsearchTerms%7D%26formSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]DMSSEDF%26pcSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]DMSSE, %4, %5 Ordner: 79 PUP.Optional.ExtraCoupon.A, C:\Program Files\ExstruaCCoupeonn, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.SaveLots.A, C:\Program Files\SaaveLotts, In Quarantäne, [8841b25408833006d0144fca8f74e41c], PUP.Optional.SaveLots.A, C:\Program Files\SaavieoLots, In Quarantäne, [c20760a6ed9e270f5c8840d9986b7f81], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.SoftwareUpdater.A, C:\Users\Lukas\AppData\Local\SwvUpdater, In Quarantäne, [05c473930784989efc73f84bc83bfe02], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer\Playlists, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer\Snap, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], PUP.Optional.SaveNewAppz.A, C:\Program Files\SAveNewaAppz, In Quarantäne, [b415ca3ce7a4f34326ca8a120bf9b749], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.FindBestDeal.A, C:\Program Files\FiandBesitDieal, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiiNdBeStDeaul, In Quarantäne, [f8d140c6dfac16207883b0ede81ca35d], PUP.Optional.GreatSave4U.A, C:\Program Files\GreeaatSeaovve4U, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.DollarKeeper.A, C:\Program Files\dollaerkeEper, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\icons_3.6.1.0, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.BrowseToSave.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save, In Quarantäne, [e4e519edcfbc59dd00a5aa3609f98c74], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\46FE4100311C4583B76646E8F8BF67AE, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\B10235C11F34481598622CC88F1D2F43, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\OpenCandy_46FE4100311C4583B76646E8F8BF67AE, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.FilesFrog.A, C:\Users\Lukas\AppData\Local\FilesFrog Update Checker, In Quarantäne, [64651aec3457a294a05af4ec10f2659b], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\cache, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [4782a1658dfe4aec72857e64738fe51b], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [4782a1658dfe4aec72857e64738fe51b], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\Icons, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, In Quarantäne, [359428de5d2e1323192b40b8f60c8f71], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\C06B0F556C27638B, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.MiniAdblocker.A, C:\ProgramData\Mini - Adblocker, In Quarantäne, [ccfdc541fa91f046b10bec1012f0bf41], PUP.Optional.YellowAdblocker.A, C:\ProgramData\Yellow AdBlocker, In Quarantäne, [04c535d15536bd797d0f1be23dc5a060], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp, In Quarantäne, [55749571474414225d89699dd72c758b], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\Setup, In Quarantäne, [55749571474414225d89699dd72c758b], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\SN.Booster, In Quarantäne, [55749571474414225d89699dd72c758b], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\SN.Booster\4674074418, In Quarantäne, [55749571474414225d89699dd72c758b], Dateien: 209 Trojan.SProtector, C:\ProgramData\WinFilter\WinFilter.dll, Löschen bei Neustart, [b613ac5addaea39373b738e071900df3], Trojan.SProtector, C:\ProgramData\WinFilter\WinFilterSvc.dll, Löschen bei Neustart, [c207a264e2a9f046ff1b050f61a034cc], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [c80184821e6de3539b166ca9b34e946c], PUP.Optional.MultiPlug.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.x64.dll, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.dll, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, C:\ProgramData\AlllCCheaopPrrice\drIu7vFR.exe, In Quarantäne, [6c5dce38612a8caa6f1458b9ca377f81], PUP.Optional.MultiPlug.A, C:\ProgramData\BirowwsyE2savee\5151ff8e96dd5.dll, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.SilentInstall.A, C:\ProgramData\BirowwsyE2savee\uninstall.exe, In Quarantäne, [e1e8778f404b6dc95b20846453ad7f81], PUP.Optional.SilentInstall.A, C:\ProgramData\Browse2save\uninstall.exe, In Quarantäne, [6f5a1cea4645c4728af18b5d9769e818], PUP.Optional.MultiPlug.A, C:\ProgramData\CCoupExtennsIon\4osh.exe, In Quarantäne, [86430600d7b43df9008334dd22df3cc4], PUP.Optional.Multiplug, C:\ProgramData\FFunDeeAls\0NvL.exe, In Quarantäne, [5b6e0ff73d4e5cda7a4cec431be69f61], PUP.Optional.MultiPlug.Uns, C:\ProgramData\The AdBlocker\The AdBlocker.exe, In Quarantäne, [5079897d1a71bc7a1f7b83fc33cf847c], PUP.Optional.MultiPlug.A, C:\ProgramData\UTubaeNiouADs\NJTNBi.exe, In Quarantäne, [6a5fc73f3b50a3936122d04148b9de22], PUP.Optional.MultiPlug.Uns, C:\ProgramData\Yellow AdBlocker\Yellow AdBlocker.exe, In Quarantäne, [7d4c32d4ec9f69cd3e5c0f70b74b54ac], PUP.Optional.MultiPlug.A, C:\ProgramData\CouPExtensioon\MZjQ.exe, In Quarantäne, [5c6d60a60784bf77176cba5712ef58a8], PUP.Optional.MultiPlug, C:\ProgramData\DeualExpress\UVFZQp2coM.exe, In Quarantäne, [cbfe5aac6b208aacfd7d3af7e51c6e92], PUP.Optional.MultiPlug.Uns, C:\ProgramData\Mini - Adblocker\Mini - Adblocker.exe, In Quarantäne, [78519a6cc6c558de1882780789795ea2], PUP.Optional.MultiPlug, C:\ProgramData\NuEtooCouuponn\G2Kihpq.exe, In Quarantäne, [efda49bd08837abc9cde58d9ee1358a8], PUP.Optional.MultiPlug, C:\ProgramData\SaveMasos\G5TiaEub7v.exe, In Quarantäne, [deeb0006048750e6453598998a77936d], Trojan.Agent, C:\ProgramData\SaveNewaAppz\PzIEqRjzESlvZ9.exe, In Quarantäne, [a3268f77f596fe38fb31352491700af6], Trojan.Agent, C:\ProgramData\SaverExtension\jPRLpjBE5LS1ON.exe, In Quarantäne, [11b820e69dee0d29012bfe5b40c1b34d], PUP.Optional.Multiplug.A, C:\Program Files\Autofill IRCTC Tatkal FormPlugin Extension\Autofill IRCTC Tatkal FormPlugin Extension.exe, In Quarantäne, [f6d3f0168ffcb680d8fdd1a9a35e56aa], PUP.Optional.Multiplug.A, C:\Program Files\ExstruaCCoupeonn\9DJTA6WPMHrx66.exe, In Quarantäne, [339629dd6823fa3cac29d6a4a061f907], PUP.Optional.Multiplug.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.exe, In Quarantäne, [04c5a95df695fa3c795c9fdb61a036ca], PUP.Optional.Multiplug.A, C:\Program Files\FIendBestDeAl\FIendBestDeAl.exe, In Quarantäne, [8c3d9b6bd0bb9b9bc60fa6d4b24f639d], PUP.Optional.MultiPlug.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.dll, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.x64.dll, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.Multiplug.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.exe, In Quarantäne, [5f6a49bdf4973ff7756052287d849967], PUP.Optional.Multiplug.A, C:\Program Files\SaaveLotts\iW6ZNywHgasv0q.exe, In Quarantäne, [57729274b7d47eb8b91c6c0e709158a8], PUP.Optional.Multiplug.A, C:\Program Files\SAveNewaAppz\MFKDkizdiOTzUf.exe, In Quarantäne, [2a9fa75fbccf7eb8dcf9512920e19c64], PUP.Optional.Multiplug.A, C:\Program Files\SavuerExtEnseion\SavuerExtEnseion.exe, In Quarantäne, [b71229ddcac184b2f9dce694b54cc937], PUP.Optional.Multiplug.A, C:\Program Files\SiteLauncher\SiteLauncher.exe, In Quarantäne, [04c59076b2d954e2874ea5d5bf42f907], PUP.Optional.Multiplug.A, C:\Program Files (x86)\4chan Plus\4chan Plus.exe, In Quarantäne, [31982ed8c0cb84b24d887406dc2525db], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll, In Quarantäne, [caff010547443cfafa85f5be88793bc5], PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, In Quarantäne, [448533d3018aba7c62142b54fb0a37c9], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsuA782.exe, In Quarantäne, [98310ef8424977bf5ca6f10de21eba46], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsuAADD.exe, In Quarantäne, [cbfe64a2e3a82f07ce348e70857b50b0], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsuAE38.exe, In Quarantäne, [c207cb3b5c2f45f1867c8f6f47b99b65], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nskFBB0.exe, In Quarantäne, [8f3abc4af398d95d0101e11d6d93be42], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsa228.exe, In Quarantäne, [bd0c7591414ac17506fc58a67090fb05], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsf1C63.exe, In Quarantäne, [c801f1150a813bfb4cb67b83cc34c23e], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsfFEEC.exe, In Quarantäne, [0dbcdd2927644bebf909b44af7093ec2], PUP.Optional.Somoto, C:\Users\Lukas\AppData\Local\Temp\UpdateCheckerSetup.exe, In Quarantäne, [3297b2540f7c999ddf9c39ef41bfee12], PUP.Optional.BrowseFox, C:\Users\Lukas\AppData\Local\Temp\Caramava_bs.exe, In Quarantäne, [deeb7690ccbf4beb2d407e2755ac0df3], PUP.Optional.CouponAlerts.A, C:\Users\Lukas\AppData\Local\Temp\CouponAlerts_new.exe, In Quarantäne, [80490006513aa4925b9020eaaf52e719], PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\nsz80A0\SpSetup.exe, In Quarantäne, [facf66a0f3987bbbf3b3698d6799bc44], PUP.Optional.Somoto.A, C:\Users\Lukas\AppData\Local\Temp\nsj364.tmp\Setup28048.exe, In Quarantäne, [8148f80e602b8da96343d82672928779], PUP.Optional.ClientConnect, C:\Users\Lukas\AppData\Local\Temp\67e4acd7-6415-40e6-b716-cf18be8bc785\Free_PDF_to_Word_Doc_Converter_1.1.exe, In Quarantäne, [4089d82e167575c120e698a0c33e6b95], PUP.Optional.Multiplug.A, C:\Windows\Temp\tmp3aa8ew\hHCKydPt3TIwZES.exe, In Quarantäne, [9f2ac93dc6c54fe78550295103feef11], PUP.Optional.MultiPlug.A, C:\Windows\Temp\tmpegec8d\dbghelp.dll, In Quarantäne, [6e5b0afce1aa9d99b9c67c37a160dd23], PUP.Optional.MultiPlug.A, C:\Windows\Temp\tmpjjsw4g\dbghelp.dll, In Quarantäne, [f3d67690a0eb3cfab9c605ae42bfdf21], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\2307105400dsisetup23071176622.exe, In Quarantäne, [ac1d7294f398e452590e960d5ea31fe1], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\dsisetup13365924172.exe, In Quarantäne, [c40554b2f299f93d511632718b765ca4], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\dsisetup2245874322.exe, In Quarantäne, [4e7b4cba4447072f21464b583cc58977], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\dsisetup3286858852.exe, In Quarantäne, [765370969af158def86ff1b28e730bf5], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Local\genienext\nengine.dll, In Quarantäne, [ffcad234c0cb10263b7624f117ea4db3], PUP.Optional.ExtraCoupon.A, C:\Program Files\ExstruaCCoupeonn\9DJTA6WPMHrx66.tlb, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, C:\Program Files\ExstruaCCoupeonn\9DJTA6WPMHrx66.dat, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.SaveLots.A, C:\Program Files\SaaveLotts\iW6ZNywHgasv0q.tlb, In Quarantäne, [8841b25408833006d0144fca8f74e41c], PUP.Optional.SaveLots.A, C:\Program Files\SaaveLotts\iW6ZNywHgasv0q.dat, In Quarantäne, [8841b25408833006d0144fca8f74e41c], PUP.Optional.SaveLots.A, C:\Program Files\SaavieoLots\93dj2WZycHmOie.tlb, In Quarantäne, [c20760a6ed9e270f5c8840d9986b7f81], PUP.Optional.SaveLots.A, C:\Program Files\SaavieoLots\93dj2WZycHmOie.dat, In Quarantäne, [c20760a6ed9e270f5c8840d9986b7f81], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter\WinFilter.dll, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter\WinFilterSvc.dll, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter\WinFilter_x64.dll, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, In Quarantäne, [32970204d6b5b383399fea4749ba1ee2], PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, In Quarantäne, [a4254bbb3556df576d6c43ee19ea7888], PUP.Optional.SoftwareUpdater.A, C:\Users\Lukas\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [05c473930784989efc73f84bc83bfe02], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, In Quarantäne, [c900b452d0bb0e286d144cfb5aa907f9], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-Updater removing, In Quarantäne, [28a1f115fb90f046d4ad61e63ec5b14f], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer\log.txt, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\searchplugins\MyStart Search.xml, In Quarantäne, [c00934d27714f83e3c8d193d9c67db25], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\background.html, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\44150.crx, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\44150.xpi, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\Installer.log, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp\54.json, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp\67.json, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp\DataBase, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, In Quarantäne, [d0f94cba0388b18519580c55dc2741bf], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-Updater removing.job, In Quarantäne, [fdcc10f697f44de91e535011b74c6a96], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop.lpd, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop.dat, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop_cfg.lpd, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop_ps.lpd, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], PUP.Optional.SaveNewAppz.A, C:\Program Files\SAveNewaAppz\MFKDkizdiOTzUf.tlb, In Quarantäne, [b415ca3ce7a4f34326ca8a120bf9b749], PUP.Optional.SaveNewAppz.A, C:\Program Files\SAveNewaAppz\MFKDkizdiOTzUf.dat, In Quarantäne, [b415ca3ce7a4f34326ca8a120bf9b749], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\lsdb.js, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\background.html, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\content.js, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\lDqzKkl09.js, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\manifest.json, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\lsdb.js, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\background.html, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\content.js, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\manifest.json, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.FindBestDeal.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.tlb, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.dat, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.tlb, In Quarantäne, [f8d140c6dfac16207883b0ede81ca35d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.dat, In Quarantäne, [f8d140c6dfac16207883b0ede81ca35d], PUP.Optional.GreatSave4U.A, C:\Program Files\GreeaatSeaovve4U\9MYWQpIqlrLZru.tlb, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, C:\Program Files\GreeaatSeaovve4U\9MYWQpIqlrLZru.dat, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.DollarKeeper.A, C:\Program Files\dollaerkeEper\jbvkr1HJcNlcib.tlb, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, C:\Program Files\dollaerkeEper\jbvkr1HJcNlcib.dat, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, In Quarantäne, [eadf848284077cbacf30980a52b241bf], Trojan.Downloader.DGI, C:\Users\Lukas\AppData\Local\2307105400dsisetup23071176622.exe, In Quarantäne, [9534b94d6229ef47cba97d2dcf35c53b], Adware.InstallBrain, C:\Windows\System32\dmwu.exe, Löschen bei Neustart, [b118897d1873c86e0e6c410cf70da060], PUP.Optional.BrowseToSave.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save\Browse2save.lnk, In Quarantäne, [e4e519edcfbc59dd00a5aa3609f98c74], PUP.Optional.BrowseToSave.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save\Uninstall.lnk, In Quarantäne, [e4e519edcfbc59dd00a5aa3609f98c74], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\46FE4100311C4583B76646E8F8BF67AE\TuneUpUtilities2013-2200306_de-DE.exe, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\B10235C11F34481598622CC88F1D2F43\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.FilesFrog.A, C:\Users\Lukas\AppData\Local\FilesFrog Update Checker\update_checker.exe, In Quarantäne, [64651aec3457a294a05af4ec10f2659b], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Config.bin, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\SWDS.bin, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcp100.dll, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcr100.dll, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\uninstaller.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\UninstallerLauncher.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\51678.crx, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\51678.xpi, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\background.html, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\Installer.log, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\Uninstall.exe, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\153.dat, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\a.db, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\b.db, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\Re-markit153.bin, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iEngine.dll, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\imHelper.dll, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\immapi.dll, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iNewsFlash.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iPlugin.dll, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iSaver.scr, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iSaverCtrl.exe, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\MyPicturesWiz.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\MyStocksWiz.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\regmod.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\rplayer.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\copylcache.bat, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base\control.xml, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base\layout.xml, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base\layout.xml.bak, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\background.gif, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\background.jpg, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\get_flash_player.gif, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\PremiereTVGuide.swf, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons\default-sync.ico, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons\default.ico, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons\Thumbs.db, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\Icons\premiere_tvguide@{premiere-iweblabs-de}.ico, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\Icons\Thumbs.db, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\isaver.cnt, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\ISAVER.HLP, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\isaver.cnt, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\ISAVER.HLP, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\comdlg.mo, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\iSaver.mo, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\languages.mo, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\util.mo, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\skin.css, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google.com.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120701215741.log, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.GboxApp.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://search.gboxapp.com), Ersetzt,[08c122e4d2b955e1657c1f6a2ed7dc24] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
09.08.2015, 23:54
| #3 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 MBAM Logfile:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 09.08.2015 Suchlaufzeit: 21:21 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.09.05 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lukas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 422921 Abgelaufene Zeit: 2 Std., 17 Min., 21 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 Adware.InstallBrain, C:\Windows\System32\dmwu.exe, 2124, Löschen bei Neustart, [b118897d1873c86e0e6c410cf70da060] PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iSaverCtrl.exe, 5032, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 303 PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.9, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.9, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.P4233F11C_F7E3_4CA9_9AAE_3BBC5344A65C_.9, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C}\INPROCSERVER32, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [f1d89a6c2c5f2b0b4269dfb8d230916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [f1d89a6c2c5f2b0b4269dfb8d230916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [f1d89a6c2c5f2b0b4269dfb8d230916f], PUP.Optional.EasyLife.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}, In Quarantäne, [408913f3602bf24410515c6f956d3ac6], PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}, In Quarantäne, [408913f3602bf24410515c6f956d3ac6], PUP.Optional.Babylon.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [4980e1255635c27432aadcb7c2406f91], PUP.Optional.CouponAlerts.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F791D8AE-47E8-40A5-A913-EB2D2AF29602}, In Quarantäne, [84459b6b5734280ea55e10886d95ff01], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [5e6bea1cf69521155187ac1f35cdbe42], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [8f3a7a8c5c2f0135ddfc5b703bc7bf41], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD41CD6F-6BDB-E11C-0CC1-79856A935EE9}, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.SilentInstall.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}, In Quarantäne, [e1e8778f404b6dc95b20846453ad7f81], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, In Quarantäne, [5b6e0ff73d4e5cda7a4cec431be69f61], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C6E49138-C2CF-5337-D358-0734FD33EFB4}, In Quarantäne, [6a5fc73f3b50a3936122d04148b9de22], PUP.Optional.MultiPlug.Uns, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, In Quarantäne, [78519a6cc6c558de1882780789795ea2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}, In Quarantäne, [deeb0006048750e6453598998a77936d], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{98449C67-C7AF-BB53-112D-26C916814611}, In Quarantäne, [339629dd6823fa3cac29d6a4a061f907], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}, In Quarantäne, [04c5a95df695fa3c795c9fdb61a036ca], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_.9, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_.9, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P35E6B0DE_249A_476B_B134_AB2622159991_.P35E6B0DE_249A_476B_B134_AB2622159991_.9, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{35E6B0DE-249A-476B-B134-AB2622159991}, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}, In Quarantäne, [b71229ddcac184b2f9dce694b54cc937], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{51417852-174C-88D4-34A0-D0FE7858BE47}, In Quarantäne, [04c59076b2d954e2874ea5d5bf42f907], PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}, In Quarantäne, [31982ed8c0cb84b24d887406dc2525db], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{05273886-A138-4AAA-A965-9B728D8A2B32}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0C10CCDE-D834-4C2F-9700-86A1C54BCCBA}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{11B41CF7-E9F6-4B87-85B1-287D261D30D9}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B32D668A-8CCE-43FD-BA94-9EDD5096587D}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{20DECC9C-3FEC-48DA-AACC-7DF2EA6ADD0B}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{243DBF42-7E71-49FB-A624-3BF0E135DDBB}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7F9C5EFA-CF30-4C2B-87DB-F22416234288}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3860E7E-5749-4186-AF1D-F5E49ACE3C31}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{20DECC9C-3FEC-48DA-AACC-7DF2EA6ADD0B}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{243DBF42-7E71-49FB-A624-3BF0E135DDBB}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7F9C5EFA-CF30-4C2B-87DB-F22416234288}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D3860E7E-5749-4186-AF1D-F5E49ACE3C31}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{20DECC9C-3FEC-48DA-AACC-7DF2EA6ADD0B}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{243DBF42-7E71-49FB-A624-3BF0E135DDBB}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7F9C5EFA-CF30-4C2B-87DB-F22416234288}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D3860E7E-5749-4186-AF1D-F5E49ACE3C31}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B83055E5-D13F-4DB9-A034-3B89A4CFE680}, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3FC69210-B7B9-4F4B-B279-C5B0832BAE2C}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8A3BE153-291B-47CE-9CD0-244314616F0E}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C457B822-F9CF-423C-A76C-21AA0E5BEAF7}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3FC69210-B7B9-4F4B-B279-C5B0832BAE2C}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8A3BE153-291B-47CE-9CD0-244314616F0E}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C457B822-F9CF-423C-A76C-21AA0E5BEAF7}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3FC69210-B7B9-4F4B-B279-C5B0832BAE2C}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8A3BE153-291B-47CE-9CD0-244314616F0E}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C457B822-F9CF-423C-A76C-21AA0E5BEAF7}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SweetIM, In Quarantäne, [76539175cfbccc6a6870ad7f2fd459a7], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT1060933, In Quarantäne, [a623a85e5536eb4b49508b190301946c], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2117678, In Quarantäne, [6a5f26e05c2f77bff9a0752f38cce818], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2795644, In Quarantäne, [7059bf475b30ef475a3f663e7d87a759], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [b5140ef8f794b2846256c38f43c0c53b], PUP.Optional.BenchUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bench-sys, Löschen bei Neustart, [428714f20b807eb81111b065cc374fb1], PUP.Optional.BenchUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bench-Updater removing, Löschen bei Neustart, [f5d47a8cd7b4979f53cf868f40c3aa56], PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WSE_Astromenda, Löschen bei Neustart, [8940a363503bb680a379a86d35ce9f61], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [14b546c02c5f95a1682a8123d2327c84], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT, In Quarantäne, [07c2d5319af1c76fcb4d86f415efdc24], PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\WOW6432NODE\AdvertisingSupport, In Quarantäne, [983136d0fc8f51e5466f39f8907332ce], PUP.Optional.CouponAlerts.A, HKLM\SOFTWARE\WOW6432NODE\Coupon Alerts, In Quarantäne, [4584b25439529f977c51212daf5439c7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [efda8c7a72190c2a7c473f21ea1923dd], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\InstallCore, In Quarantäne, [5574e71fdcaffc3a13939ea4a360728e], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, In Quarantäne, [bb0eef174c3fb680b52386a6a75cd828], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT1060933, In Quarantäne, [369319ed434854e2b1e8bce840c47090], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2117678, In Quarantäne, [d5f427df52390036a5f42b7949bba55b], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2795644, In Quarantäne, [96331cea662552e4aaef9a0a30d4946c], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [49803bcb315a082e4474331f32d1bf41], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, In Quarantäne, [884158ae0388f93dcfbbca6ca3607789], PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, In Quarantäne, [8049ed190784ef47b78f6db0ea19ad53], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [af1aea1c56359f971f73267eac583ac6], Adware.InstallBrain, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService, In Quarantäne, [b118897d1873c86e0e6c410cf70da060], PUP.Optional.SweetIM.A, HKU\S-1-5-18\SOFTWARE\SweetIM, In Quarantäne, [94351cea55367eb88b4ced3f748f22de], PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, In Quarantäne, [e0e9778fc7c481b537e099e13fc50bf5], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\1ClickDownload, In Quarantäne, [1bae2dd9365500365e20afc5bd47fc04], PUP.Optional.InstallCore.C, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\InstallCore, In Quarantäne, [a326b452e6a506307df32086d52f649c], PUP.Optional.Squeaky.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\Squeaky, In Quarantäne, [e8e1cb3bb2d9bb7b510ec85bb54e27d9], PUP.Optional.SweetIM.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\SweetIM, In Quarantäne, [46839e68f19a53e34196c96350b34fb1], PUP.Optional.Astromenda.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\wse_astromenda, In Quarantäne, [a2276a9ccebd4bebc658c17cf310ae52], PUP.Optional.SProtector.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\APPDATALOW\SProtector, In Quarantäne, [fdcc21e55437290d960c9ed78e7626da], PUP.Optional.Conduit.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, In Quarantäne, [4485778ffc8f47ef1203ed44af5436ca], PUP.Optional.CrossRider.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [c900c1457219d95dd409186e17ed22de], PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [d6f329dd365573c3a01c425ca361f907], PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}, In Quarantäne, [5a6f57af9eedd0665a62f6a8fb0959a7], PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\WNLT, In Quarantäne, [8e3b0bfba8e392a40116d6a4f311e41c], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WNLT, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C987897E-F70A-458C-896B-54A454819F9D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5EBF305B-8036-4379-B6AE-FC355BFF9464}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{32D37CAB-4DFA-4847-A886-A5C6F26EF990}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA0FB24B-235A-43C2-A574-D642ECED3E3F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DDEEAF36-1967-4A6A-90CA-327094E8F2D4}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{32D37CAB-4DFA-4847-A886-A5C6F26EF990}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA0FB24B-235A-43C2-A574-D642ECED3E3F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DDEEAF36-1967-4A6A-90CA-327094E8F2D4}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{32D37CAB-4DFA-4847-A886-A5C6F26EF990}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA0FB24B-235A-43C2-A574-D642ECED3E3F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DDEEAF36-1967-4A6A-90CA-327094E8F2D4}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5EBF305B-8036-4379-B6AE-FC355BFF9464}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5EBF305B-8036-4379-B6AE-FC355BFF9464}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iEngine.URLPreviewPage, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iEngine.URLPreviewPage, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iEngine.URLPreviewPage, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C987897E-F70A-458C-896B-54A454819F9D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EB414BCC-E1BD-4809-AA0D-E1FEDFE8B59B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iEngine.URLPreview, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iEngine.URLPreview, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iEngine.URLPreview, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EB414BCC-E1BD-4809-AA0D-E1FEDFE8B59B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01045116-B0BD-4D34-BDE7-95E24DEFA068}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{06F37872-B70D-43A3-A1E4-917DB57CF4ED}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{143FE1AD-BDF6-49DE-A062-13A1B73F00DE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{168FF480-A1B1-4176-A14C-39E1D6C7DAF8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1C89F77B-7536-4464-A96B-5F000105C482}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2163BA6A-5A61-437F-BD72-9C8574039DCC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{28F48A2B-EF20-42B3-8023-6F312B41DD1A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37E9C8E4-8EE0-4177-8E0B-02018165D512}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A6B4BA2-55E7-4683-9FE6-E6935E9A5C9F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4521010E-F9C0-4A92-B0F1-0F58E723B44E}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{476EECE5-8340-4A90-8532-7FC0AD1A9B85}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47CA8A75-CA46-403F-88E3-DB639AA570CA}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{54580C9C-4969-47ED-B07C-47DF914BA5EE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6267A223-8C50-40EA-BA4E-FA22A550EE94}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{75603FF3-33B1-45F3-8027-A80CEEFF40CE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8480F36A-DFC9-4BC0-B153-2952D09468E9}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{92D2F519-1994-4AE2-B530-268B73E3B146}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A0B767D6-D43B-4A61-9ECA-31B99EDC3322}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8EB2AF7-51C0-449B-9D66-281584E01BAC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AFF0C879-4060-4E2E-9771-866DE428D549}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32D9D3C-0796-470D-AE05-3255ECB97CE8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B66366A2-6BA1-4098-A8A4-5201429F16F0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B8B20BAD-272E-406B-84C2-7648CF2AAFA7}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DB838F51-689A-4EC7-A3AB-C9F6E9E52E49}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DCD74798-11D9-4F78-A5C6-64A537B066AE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3047AF3-53F0-4EDA-8D09-F1A47EE8911B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EB00D4F9-A922-4125-BEE9-8DD3DCD48F5D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F3121B44-111E-459A-8635-F9684DAFBA69}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA4B231A-5073-41EC-A9B1-94C1EED84716}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{06F37872-B70D-43A3-A1E4-917DB57CF4ED}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{143FE1AD-BDF6-49DE-A062-13A1B73F00DE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{168FF480-A1B1-4176-A14C-39E1D6C7DAF8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1C89F77B-7536-4464-A96B-5F000105C482}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2163BA6A-5A61-437F-BD72-9C8574039DCC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28F48A2B-EF20-42B3-8023-6F312B41DD1A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37E9C8E4-8EE0-4177-8E0B-02018165D512}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A6B4BA2-55E7-4683-9FE6-E6935E9A5C9F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4521010E-F9C0-4A92-B0F1-0F58E723B44E}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{476EECE5-8340-4A90-8532-7FC0AD1A9B85}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47CA8A75-CA46-403F-88E3-DB639AA570CA}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54580C9C-4969-47ED-B07C-47DF914BA5EE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6267A223-8C50-40EA-BA4E-FA22A550EE94}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75603FF3-33B1-45F3-8027-A80CEEFF40CE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8480F36A-DFC9-4BC0-B153-2952D09468E9}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{92D2F519-1994-4AE2-B530-268B73E3B146}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A0B767D6-D43B-4A61-9ECA-31B99EDC3322}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8EB2AF7-51C0-449B-9D66-281584E01BAC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AFF0C879-4060-4E2E-9771-866DE428D549}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32D9D3C-0796-470D-AE05-3255ECB97CE8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B66366A2-6BA1-4098-A8A4-5201429F16F0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B8B20BAD-272E-406B-84C2-7648CF2AAFA7}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DB838F51-689A-4EC7-A3AB-C9F6E9E52E49}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DCD74798-11D9-4F78-A5C6-64A537B066AE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3047AF3-53F0-4EDA-8D09-F1A47EE8911B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB00D4F9-A922-4125-BEE9-8DD3DCD48F5D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F3121B44-111E-459A-8635-F9684DAFBA69}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA4B231A-5073-41EC-A9B1-94C1EED84716}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{06F37872-B70D-43A3-A1E4-917DB57CF4ED}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{143FE1AD-BDF6-49DE-A062-13A1B73F00DE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{168FF480-A1B1-4176-A14C-39E1D6C7DAF8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1C89F77B-7536-4464-A96B-5F000105C482}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2163BA6A-5A61-437F-BD72-9C8574039DCC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{28F48A2B-EF20-42B3-8023-6F312B41DD1A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{37E9C8E4-8EE0-4177-8E0B-02018165D512}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A6B4BA2-55E7-4683-9FE6-E6935E9A5C9F}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4521010E-F9C0-4A92-B0F1-0F58E723B44E}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{476EECE5-8340-4A90-8532-7FC0AD1A9B85}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47CA8A75-CA46-403F-88E3-DB639AA570CA}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54580C9C-4969-47ED-B07C-47DF914BA5EE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6267A223-8C50-40EA-BA4E-FA22A550EE94}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{75603FF3-33B1-45F3-8027-A80CEEFF40CE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8480F36A-DFC9-4BC0-B153-2952D09468E9}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{92D2F519-1994-4AE2-B530-268B73E3B146}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A0B767D6-D43B-4A61-9ECA-31B99EDC3322}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A8EB2AF7-51C0-449B-9D66-281584E01BAC}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AFF0C879-4060-4E2E-9771-866DE428D549}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B32D9D3C-0796-470D-AE05-3255ECB97CE8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B66366A2-6BA1-4098-A8A4-5201429F16F0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B8B20BAD-272E-406B-84C2-7648CF2AAFA7}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DB838F51-689A-4EC7-A3AB-C9F6E9E52E49}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DCD74798-11D9-4F78-A5C6-64A537B066AE}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E3047AF3-53F0-4EDA-8D09-F1A47EE8911B}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EB00D4F9-A922-4125-BEE9-8DD3DCD48F5D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F3121B44-111E-459A-8635-F9684DAFBA69}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA4B231A-5073-41EC-A9B1-94C1EED84716}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.NullActionPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.NullActionPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.NullActionPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{01045116-B0BD-4D34-BDE7-95E24DEFA068}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01A2654F-DEBD-40CA-A5FD-E20CBD49DA6C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMRequest, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMRequest, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMRequest, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{01A2654F-DEBD-40CA-A5FD-E20CBD49DA6C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{06BC106E-E6F0-41C1-8326-C5F96698D65D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMObjectList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMObjectList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMObjectList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{06BC106E-E6F0-41C1-8326-C5F96698D65D}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0EB9C4ED-F163-4E47-BCDF-82D56C2F4DB8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMIdList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMIdList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMIdList, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0EB9C4ED-F163-4E47-BCDF-82D56C2F4DB8}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0FD8FD1A-7900-4379-9110-051258BAF158}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.NullPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.NullPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.NullPlugin, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0FD8FD1A-7900-4379-9110-051258BAF158}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{29904BFB-4245-4E48-9F06-0A46F1204877}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMStdApplication, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMStdApplication, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMStdApplication, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{29904BFB-4245-4E48-9F06-0A46F1204877}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5EAD7FE5-2C27-49F0-83FA-8E24A0649BB1}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMSimpleContainer, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMSimpleContainer, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMSimpleContainer, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5EAD7FE5-2C27-49F0-83FA-8E24A0649BB1}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AD478D0B-6387-4120-9A2B-F0386399AAC5}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMUriRef, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMUriRef, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMUriRef, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AD478D0B-6387-4120-9A2B-F0386399AAC5}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D535B075-217D-481C-A025-33F81016CD84}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMAction, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMAction, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMAction, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D535B075-217D-481C-A025-33F81016CD84}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E51B8113-3F1C-4C07-9DBC-EAE5CEFD975C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMPluginManager, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMPluginManager, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMPluginManager, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E51B8113-3F1C-4C07-9DBC-EAE5CEFD975C}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F06AF7BA-8D16-499D-AAB2-404406B46AD0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\iPlugin.IMPluginManager2, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iPlugin.IMPluginManager2, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\iPlugin.IMPluginManager2, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F06AF7BA-8D16-499D-AAB2-404406B46AD0}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], Registrierungswerte: 23 PUP.Optional.NextLive.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [c80184821e6de3539b166ca9b34e946c] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [14b546c02c5f95a1682a8123d2327c84] PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT|PDV, [BLACKLIST=1], In Quarantäne, [07c2d5319af1c76fcb4d86f415efdc24] PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, In Quarantäne, [dced10f6eba065d1c6b404164cb728d8] PUP.Optional.EasyLifeApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}|URL, hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ie2&r=2013/03/26&hid=4244877122&lg=EN&cc=DE, In Quarantäne, [c1083cca9af12d09a72a2beef11216ea] PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678, In Quarantäne, [8049ed190784ef47b78f6db0ea19ad53] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [af1aea1c56359f971f73267eac583ac6] PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [e0e9778fc7c481b537e099e13fc50bf5] PUP.Optional.EasyLifeApp.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}|URL, hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ie2&r=2013/03/26&hid=4244877122&lg=EN&cc=DE, In Quarantäne, [e5e4887e5f2ca294eae699807c8747b9] PUP.Optional.Babylon.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), In Quarantäne, [8e3b34d289025adc1b00a3f83dc757a9] PUP.Optional.Babylon.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290412_2_bst&babsrc=SP_ss&mntrId=d432252d0000000000000025228d8296, In Quarantäne, [0cbdfc0a2e5dd85ec93890892ad96799] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconURL, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [d6f329dd365573c3a01c425ca361f907] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconURLFallback, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [26a30afc7714c373c6f6adf12bd9867a] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26, In Quarantäne, [dfea58ae0a813ff72d8f3a64719359a7] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURLFallback, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26, In Quarantäne, [aa1fc6402e5da78fe7d5653920e4ee12] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26, In Quarantäne, [e1e8e5214c3ff14511abddc141c3cc34] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|FaviconURL, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [5a6f57af9eedd0665a62f6a8fb0959a7] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|FaviconURLFallback, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [77529b6b701b9b9b5c605a44d23246ba] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|TopResultURL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [e0e92ed8b2d967cf2f8dced048bcc33d] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|TopResultURLFallback, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [f3d6d4323b5062d4b00c59457e86b050] PUP.Optional.Incredibar.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|URL, hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [f3d6b551e7a490a62399cdd1a262c53b] PUP.Optional.InstallBrain.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [8e3b0bfba8e392a40116d6a4f311e41c] PUP.Optional.Isaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|iSaverCtrl, C:\Program Files (x86)\iSaver\iSaverCtrl.exe --startup, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729] Registrierungsdaten: 4 Trojan.SProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\winfil~1\winfil~1.dll, Gut: (), Schlecht: (c:\progra~3\winfil~1\winfil~1.dll),Ersetzt,[b613ac5addaea39373b738e071900df3] PUP.Optional.WinFilter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\winfil~1\winfil~1.dll, Gut: (), Schlecht: (c:\progra~3\winfil~1\winfil~1.dll),Ersetzt,[577285813f4c0b2b94602705f80b8779] PUP.Optional.WinFilter.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~3\WINFIL~1\WINFIL~2.DLL, Gut: (), Schlecht: (C:\PROGRA~3\WINFIL~1\WINFIL~2.DLL),Ersetzt,[577285813f4c0b2b94602705f80b8779] PUP.Optional.GboxApp.A, HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|First Home Page, hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=httpSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]AGut: (www.google.com)FGut: (www.google.com)Fsearch.gboxapp.comGut: (www.google.com)F&OSP=httpSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]AGut: (www.google.com)FGut: (www.google.com)Fwww.bing.comGut: (www.google.com)FsearchSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]FqSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]D%7BsearchTerms%7D%26formSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]DMSSEDF%26pcSchlecht: (hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fsearch.gboxapp.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DMSSEDF%26pc%3DMSSE),Ersetzt,[7f4ab0564744d462bddc81c11aeb53ad]DMSSE, %4, %5 Ordner: 79 PUP.Optional.ExtraCoupon.A, C:\Program Files\ExstruaCCoupeonn, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.SaveLots.A, C:\Program Files\SaaveLotts, In Quarantäne, [8841b25408833006d0144fca8f74e41c], PUP.Optional.SaveLots.A, C:\Program Files\SaavieoLots, In Quarantäne, [c20760a6ed9e270f5c8840d9986b7f81], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.SoftwareUpdater.A, C:\Users\Lukas\AppData\Local\SwvUpdater, In Quarantäne, [05c473930784989efc73f84bc83bfe02], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer\Playlists, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer\Snap, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], PUP.Optional.SaveNewAppz.A, C:\Program Files\SAveNewaAppz, In Quarantäne, [b415ca3ce7a4f34326ca8a120bf9b749], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.FindBestDeal.A, C:\Program Files\FiandBesitDieal, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiiNdBeStDeaul, In Quarantäne, [f8d140c6dfac16207883b0ede81ca35d], PUP.Optional.GreatSave4U.A, C:\Program Files\GreeaatSeaovve4U, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.DollarKeeper.A, C:\Program Files\dollaerkeEper, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\icons_3.6.1.0, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.BrowseToSave.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save, In Quarantäne, [e4e519edcfbc59dd00a5aa3609f98c74], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\46FE4100311C4583B76646E8F8BF67AE, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\B10235C11F34481598622CC88F1D2F43, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\OpenCandy_46FE4100311C4583B76646E8F8BF67AE, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.FilesFrog.A, C:\Users\Lukas\AppData\Local\FilesFrog Update Checker, In Quarantäne, [64651aec3457a294a05af4ec10f2659b], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\cache, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [4782a1658dfe4aec72857e64738fe51b], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [4782a1658dfe4aec72857e64738fe51b], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\Icons, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, In Quarantäne, [359428de5d2e1323192b40b8f60c8f71], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\C06B0F556C27638B, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.MiniAdblocker.A, C:\ProgramData\Mini - Adblocker, In Quarantäne, [ccfdc541fa91f046b10bec1012f0bf41], PUP.Optional.YellowAdblocker.A, C:\ProgramData\Yellow AdBlocker, In Quarantäne, [04c535d15536bd797d0f1be23dc5a060], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp, In Quarantäne, [55749571474414225d89699dd72c758b], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\Setup, In Quarantäne, [55749571474414225d89699dd72c758b], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\SN.Booster, In Quarantäne, [55749571474414225d89699dd72c758b], PUP.Optional.AllAboutApp.A, C:\ProgramData\AllaboutApp\SN.Booster\4674074418, In Quarantäne, [55749571474414225d89699dd72c758b], Dateien: 209 Trojan.SProtector, C:\ProgramData\WinFilter\WinFilter.dll, Löschen bei Neustart, [b613ac5addaea39373b738e071900df3], Trojan.SProtector, C:\ProgramData\WinFilter\WinFilterSvc.dll, Löschen bei Neustart, [c207a264e2a9f046ff1b050f61a034cc], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [c80184821e6de3539b166ca9b34e946c], PUP.Optional.MultiPlug.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.x64.dll, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.dll, In Quarantäne, [62678f779cefb1859a6e9e1fb849f40c], PUP.Optional.MultiPlug.A, C:\ProgramData\AlllCCheaopPrrice\drIu7vFR.exe, In Quarantäne, [6c5dce38612a8caa6f1458b9ca377f81], PUP.Optional.MultiPlug.A, C:\ProgramData\BirowwsyE2savee\5151ff8e96dd5.dll, In Quarantäne, [2c9d34d2414a3afc7176d115a55b1ce4], PUP.Optional.SilentInstall.A, C:\ProgramData\BirowwsyE2savee\uninstall.exe, In Quarantäne, [e1e8778f404b6dc95b20846453ad7f81], PUP.Optional.SilentInstall.A, C:\ProgramData\Browse2save\uninstall.exe, In Quarantäne, [6f5a1cea4645c4728af18b5d9769e818], PUP.Optional.MultiPlug.A, C:\ProgramData\CCoupExtennsIon\4osh.exe, In Quarantäne, [86430600d7b43df9008334dd22df3cc4], PUP.Optional.Multiplug, C:\ProgramData\FFunDeeAls\0NvL.exe, In Quarantäne, [5b6e0ff73d4e5cda7a4cec431be69f61], PUP.Optional.MultiPlug.Uns, C:\ProgramData\The AdBlocker\The AdBlocker.exe, In Quarantäne, [5079897d1a71bc7a1f7b83fc33cf847c], PUP.Optional.MultiPlug.A, C:\ProgramData\UTubaeNiouADs\NJTNBi.exe, In Quarantäne, [6a5fc73f3b50a3936122d04148b9de22], PUP.Optional.MultiPlug.Uns, C:\ProgramData\Yellow AdBlocker\Yellow AdBlocker.exe, In Quarantäne, [7d4c32d4ec9f69cd3e5c0f70b74b54ac], PUP.Optional.MultiPlug.A, C:\ProgramData\CouPExtensioon\MZjQ.exe, In Quarantäne, [5c6d60a60784bf77176cba5712ef58a8], PUP.Optional.MultiPlug, C:\ProgramData\DeualExpress\UVFZQp2coM.exe, In Quarantäne, [cbfe5aac6b208aacfd7d3af7e51c6e92], PUP.Optional.MultiPlug.Uns, C:\ProgramData\Mini - Adblocker\Mini - Adblocker.exe, In Quarantäne, [78519a6cc6c558de1882780789795ea2], PUP.Optional.MultiPlug, C:\ProgramData\NuEtooCouuponn\G2Kihpq.exe, In Quarantäne, [efda49bd08837abc9cde58d9ee1358a8], PUP.Optional.MultiPlug, C:\ProgramData\SaveMasos\G5TiaEub7v.exe, In Quarantäne, [deeb0006048750e6453598998a77936d], Trojan.Agent, C:\ProgramData\SaveNewaAppz\PzIEqRjzESlvZ9.exe, In Quarantäne, [a3268f77f596fe38fb31352491700af6], Trojan.Agent, C:\ProgramData\SaverExtension\jPRLpjBE5LS1ON.exe, In Quarantäne, [11b820e69dee0d29012bfe5b40c1b34d], PUP.Optional.Multiplug.A, C:\Program Files\Autofill IRCTC Tatkal FormPlugin Extension\Autofill IRCTC Tatkal FormPlugin Extension.exe, In Quarantäne, [f6d3f0168ffcb680d8fdd1a9a35e56aa], PUP.Optional.Multiplug.A, C:\Program Files\ExstruaCCoupeonn\9DJTA6WPMHrx66.exe, In Quarantäne, [339629dd6823fa3cac29d6a4a061f907], PUP.Optional.Multiplug.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.exe, In Quarantäne, [04c5a95df695fa3c795c9fdb61a036ca], PUP.Optional.Multiplug.A, C:\Program Files\FIendBestDeAl\FIendBestDeAl.exe, In Quarantäne, [8c3d9b6bd0bb9b9bc60fa6d4b24f639d], PUP.Optional.MultiPlug.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.dll, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.MultiPlug.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.x64.dll, In Quarantäne, [09c00cfa36557bbb0305e7d604fd32ce], PUP.Optional.Multiplug.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.exe, In Quarantäne, [5f6a49bdf4973ff7756052287d849967], PUP.Optional.Multiplug.A, C:\Program Files\SaaveLotts\iW6ZNywHgasv0q.exe, In Quarantäne, [57729274b7d47eb8b91c6c0e709158a8], PUP.Optional.Multiplug.A, C:\Program Files\SAveNewaAppz\MFKDkizdiOTzUf.exe, In Quarantäne, [2a9fa75fbccf7eb8dcf9512920e19c64], PUP.Optional.Multiplug.A, C:\Program Files\SavuerExtEnseion\SavuerExtEnseion.exe, In Quarantäne, [b71229ddcac184b2f9dce694b54cc937], PUP.Optional.Multiplug.A, C:\Program Files\SiteLauncher\SiteLauncher.exe, In Quarantäne, [04c59076b2d954e2874ea5d5bf42f907], PUP.Optional.Multiplug.A, C:\Program Files (x86)\4chan Plus\4chan Plus.exe, In Quarantäne, [31982ed8c0cb84b24d887406dc2525db], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll, In Quarantäne, [caff010547443cfafa85f5be88793bc5], PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, In Quarantäne, [448533d3018aba7c62142b54fb0a37c9], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsuA782.exe, In Quarantäne, [98310ef8424977bf5ca6f10de21eba46], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsuAADD.exe, In Quarantäne, [cbfe64a2e3a82f07ce348e70857b50b0], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsuAE38.exe, In Quarantäne, [c207cb3b5c2f45f1867c8f6f47b99b65], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nskFBB0.exe, In Quarantäne, [8f3abc4af398d95d0101e11d6d93be42], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsa228.exe, In Quarantäne, [bd0c7591414ac17506fc58a67090fb05], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsf1C63.exe, In Quarantäne, [c801f1150a813bfb4cb67b83cc34c23e], PUP.Optional.SearchProtect.A, C:\Users\Lukas\AppData\Local\Temp\nsfFEEC.exe, In Quarantäne, [0dbcdd2927644bebf909b44af7093ec2], PUP.Optional.Somoto, C:\Users\Lukas\AppData\Local\Temp\UpdateCheckerSetup.exe, In Quarantäne, [3297b2540f7c999ddf9c39ef41bfee12], PUP.Optional.BrowseFox, C:\Users\Lukas\AppData\Local\Temp\Caramava_bs.exe, In Quarantäne, [deeb7690ccbf4beb2d407e2755ac0df3], PUP.Optional.CouponAlerts.A, C:\Users\Lukas\AppData\Local\Temp\CouponAlerts_new.exe, In Quarantäne, [80490006513aa4925b9020eaaf52e719], PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\nsz80A0\SpSetup.exe, In Quarantäne, [facf66a0f3987bbbf3b3698d6799bc44], PUP.Optional.Somoto.A, C:\Users\Lukas\AppData\Local\Temp\nsj364.tmp\Setup28048.exe, In Quarantäne, [8148f80e602b8da96343d82672928779], PUP.Optional.ClientConnect, C:\Users\Lukas\AppData\Local\Temp\67e4acd7-6415-40e6-b716-cf18be8bc785\Free_PDF_to_Word_Doc_Converter_1.1.exe, In Quarantäne, [4089d82e167575c120e698a0c33e6b95], PUP.Optional.Multiplug.A, C:\Windows\Temp\tmp3aa8ew\hHCKydPt3TIwZES.exe, In Quarantäne, [9f2ac93dc6c54fe78550295103feef11], PUP.Optional.MultiPlug.A, C:\Windows\Temp\tmpegec8d\dbghelp.dll, In Quarantäne, [6e5b0afce1aa9d99b9c67c37a160dd23], PUP.Optional.MultiPlug.A, C:\Windows\Temp\tmpjjsw4g\dbghelp.dll, In Quarantäne, [f3d67690a0eb3cfab9c605ae42bfdf21], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\2307105400dsisetup23071176622.exe, In Quarantäne, [ac1d7294f398e452590e960d5ea31fe1], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\dsisetup13365924172.exe, In Quarantäne, [c40554b2f299f93d511632718b765ca4], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\dsisetup2245874322.exe, In Quarantäne, [4e7b4cba4447072f21464b583cc58977], PUP.Optional.DsiLoad, C:\Users\Lukas\AppData\Local\dsisetup3286858852.exe, In Quarantäne, [765370969af158def86ff1b28e730bf5], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Local\genienext\nengine.dll, In Quarantäne, [ffcad234c0cb10263b7624f117ea4db3], PUP.Optional.ExtraCoupon.A, C:\Program Files\ExstruaCCoupeonn\9DJTA6WPMHrx66.tlb, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.ExtraCoupon.A, C:\Program Files\ExstruaCCoupeonn\9DJTA6WPMHrx66.dat, In Quarantäne, [19b0788ea1ea39fd540221f6ac570bf5], PUP.Optional.SaveLots.A, C:\Program Files\SaaveLotts\iW6ZNywHgasv0q.tlb, In Quarantäne, [8841b25408833006d0144fca8f74e41c], PUP.Optional.SaveLots.A, C:\Program Files\SaaveLotts\iW6ZNywHgasv0q.dat, In Quarantäne, [8841b25408833006d0144fca8f74e41c], PUP.Optional.SaveLots.A, C:\Program Files\SaavieoLots\93dj2WZycHmOie.tlb, In Quarantäne, [c20760a6ed9e270f5c8840d9986b7f81], PUP.Optional.SaveLots.A, C:\Program Files\SaavieoLots\93dj2WZycHmOie.dat, In Quarantäne, [c20760a6ed9e270f5c8840d9986b7f81], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter\WinFilter.dll, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter\WinFilterSvc.dll, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.WinFilter.A, C:\ProgramData\WinFilter\WinFilter_x64.dll, Löschen bei Neustart, [577285813f4c0b2b94602705f80b8779], PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, In Quarantäne, [32970204d6b5b383399fea4749ba1ee2], PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, In Quarantäne, [a4254bbb3556df576d6c43ee19ea7888], PUP.Optional.SoftwareUpdater.A, C:\Users\Lukas\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [05c473930784989efc73f84bc83bfe02], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, In Quarantäne, [c900b452d0bb0e286d144cfb5aa907f9], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-Updater removing, In Quarantäne, [28a1f115fb90f046d4ad61e63ec5b14f], PUP.Optional.NewPlayer.A, C:\Users\Lukas\AppData\Local\newplayer\log.txt, In Quarantäne, [38917591e4a721152e8be766ec172bd5], PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\searchplugins\MyStart Search.xml, In Quarantäne, [c00934d27714f83e3c8d193d9c67db25], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\background.html, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\44150.crx, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\44150.xpi, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.MediaPlayerEnhance.A, C:\Program Files (x86)\MediaPlayerEnhance\Installer.log, In Quarantäne, [408918ee90fbc96d7be875e754afa060], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp\54.json, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp\67.json, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], PUP.Optional.Awesomehp.ShrtCln, C:\Users\Lukas\AppData\Roaming\awesomehp\DataBase, In Quarantäne, [ae1b18ee8506eb4b2a6f005d25de6997], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, In Quarantäne, [d0f94cba0388b18519580c55dc2741bf], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-Updater removing.job, In Quarantäne, [fdcc10f697f44de91e535011b74c6a96], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop.lpd, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop.dat, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop_cfg.lpd, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], Adware.LolliPop.IT, C:\Users\Lukas\AppData\Local\Lollipop\lollipop_ps.lpd, In Quarantäne, [e6e35aacd4b76bcb26da61fb05ff48b8], PUP.Optional.SaveNewAppz.A, C:\Program Files\SAveNewaAppz\MFKDkizdiOTzUf.tlb, In Quarantäne, [b415ca3ce7a4f34326ca8a120bf9b749], PUP.Optional.SaveNewAppz.A, C:\Program Files\SAveNewaAppz\MFKDkizdiOTzUf.dat, In Quarantäne, [b415ca3ce7a4f34326ca8a120bf9b749], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\lsdb.js, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\background.html, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\content.js, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\lDqzKkl09.js, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\hhghdaehgjmdplkcnfiihnccipindamf\manifest.json, In Quarantäne, [95341ceaf794033318585a434fb5b947], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\lsdb.js, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\background.html, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\content.js, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.MultiPlug, C:\ProgramData\mbohffaphoedaljeaomhfllchognkhln\manifest.json, In Quarantäne, [0dbc30d65f2c5cda620eaaf317ed34cc], PUP.Optional.FindBestDeal.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.tlb, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiandBesitDieal\ZTX6PypNRylBMV.dat, In Quarantäne, [0cbda36343483cfaba412f6ee123d32d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.tlb, In Quarantäne, [f8d140c6dfac16207883b0ede81ca35d], PUP.Optional.FindBestDeal.A, C:\Program Files\FiiNdBeStDeaul\8zbpHikF9YYMfE.dat, In Quarantäne, [f8d140c6dfac16207883b0ede81ca35d], PUP.Optional.GreatSave4U.A, C:\Program Files\GreeaatSeaovve4U\9MYWQpIqlrLZru.tlb, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.GreatSave4U.A, C:\Program Files\GreeaatSeaovve4U\9MYWQpIqlrLZru.dat, In Quarantäne, [f6d347bfbad1c76fa0d4653af70d2cd4], PUP.Optional.DollarKeeper.A, C:\Program Files\dollaerkeEper\jbvkr1HJcNlcib.tlb, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.DollarKeeper.A, C:\Program Files\dollaerkeEper\jbvkr1HJcNlcib.dat, In Quarantäne, [3e8b13f30c7fe94dac72ffa11ce8bd43], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, In Quarantäne, [eadf848284077cbacf30980a52b241bf], PUP.Optional.UpdateProc.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, In Quarantäne, [eadf848284077cbacf30980a52b241bf], Trojan.Downloader.DGI, C:\Users\Lukas\AppData\Local\2307105400dsisetup23071176622.exe, In Quarantäne, [9534b94d6229ef47cba97d2dcf35c53b], Adware.InstallBrain, C:\Windows\System32\dmwu.exe, Löschen bei Neustart, [b118897d1873c86e0e6c410cf70da060], PUP.Optional.BrowseToSave.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save\Browse2save.lnk, In Quarantäne, [e4e519edcfbc59dd00a5aa3609f98c74], PUP.Optional.BrowseToSave.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save\Uninstall.lnk, In Quarantäne, [e4e519edcfbc59dd00a5aa3609f98c74], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\46FE4100311C4583B76646E8F8BF67AE\TuneUpUtilities2013-2200306_de-DE.exe, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\B10235C11F34481598622CC88F1D2F43\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [37927393bccf59dd5b56954b57abdb25], PUP.Optional.FilesFrog.A, C:\Users\Lukas\AppData\Local\FilesFrog Update Checker\update_checker.exe, In Quarantäne, [64651aec3457a294a05af4ec10f2659b], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Config.bin, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\SWDS.bin, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcp100.dll, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\msvcr100.dll, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\uninstaller.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\Uninstall\UninstallerLauncher.exe, In Quarantäne, [e1e86e98830894a2f4522ab7ab57738d], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [caff9f67dcafd660dd4f37ab010117e9], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\51678.crx, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\51678.xpi, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\background.html, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\Installer.log, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\Uninstall.exe, In Quarantäne, [a6230afc711ad95df9be7c67897931cf], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\153.dat, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\a.db, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\b.db, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\Re-markit153.bin, In Quarantäne, [b11835d10e7dc4727b555293fd0532ce], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.FaceMoods.A, C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png, In Quarantäne, [a920b25476150d296f395393ec16ee12], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iEngine.dll, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\imHelper.dll, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\immapi.dll, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iNewsFlash.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iPlugin.dll, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iSaver.scr, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\iSaverCtrl.exe, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\MyPicturesWiz.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\MyStocksWiz.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\regmod.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\rplayer.exe, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\copylcache.bat, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base\control.xml, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base\layout.xml, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\base\layout.xml.bak, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\background.gif, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\background.jpg, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\get_flash_player.gif, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\resindependent\PremiereTVGuide.swf, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons\default-sync.ico, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons\default.ico, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\gnpft\premiere_tvguide@{premiere-iweblabs-de}\tnaicons\Thumbs.db, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\Icons\premiere_tvguide@{premiere-iweblabs-de}.ico, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\Icons\Thumbs.db, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\isaver.cnt, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\ISAVER.HLP, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\isaver.cnt, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\ISAVER.HLP, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\comdlg.mo, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\iSaver.mo, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\languages.mo, Löschen bei Neustart, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.Isaver.A, C:\Program Files (x86)\iSaver\locale\de\LC_MESSAGES\util.mo, In Quarantäne, [a524db2bc9c21323c53ba54f649ed729], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\skin.css, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google.com.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [62675da9aedd43f3e8cb8e67748e1de3], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120701215741.log, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll, In Quarantäne, [d4f5778fb0db082eeb648574cd35ab55], PUP.Optional.GboxApp.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://search.gboxapp.com), Ersetzt,[08c122e4d2b955e1657c1f6a2ed7dc24] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
09.08.2015, 23:58
| #4 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2015 20:01:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17843) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 55,08% Memory free 16,00 Gb Paging File | 12,00 Gb Available in Paging File | 74,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 131,48 Gb Free Space | 44,11% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 279,39 Gb Free Space | 60,00% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.08.09 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Downloads\OTL.exe PRC - [2015.08.09 19:13:20 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 PRC - [2015.08.06 14:32:26 | 000,849,016 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe PRC - [2015.08.06 14:32:26 | 000,511,608 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\31.0.1889.99\opera_crashreporter.exe PRC - [2015.08.03 20:10:21 | 007,596,652 | ---- | M] () -- C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe PRC - [2015.07.24 01:23:38 | 002,895,552 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2015.07.24 01:23:38 | 001,861,312 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe PRC - [2015.07.24 01:23:38 | 000,838,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2015.07.07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2015.03.16 04:03:56 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe PRC - [2015.01.05 18:48:06 | 000,781,616 | ---- | M] () -- C:\Windows\SysWOW64\mjcm\dnkt.exe PRC - [2014.11.28 11:40:40 | 000,193,568 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2014.03.25 10:16:58 | 000,241,704 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe PRC - [2013.11.04 17:25:24 | 000,020,608 | ---- | M] (Mr. John aka japamd) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe PRC - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.17 21:56:22 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.03.16 01:47:47 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.01.10 14:49:20 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.07.08 16:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe PRC - [2009.06.08 12:11:00 | 001,160,192 | ---- | M] (infoMantis GmbH) -- C:\Program Files (x86)\iSaver\iSaverCtrl.exe PRC - [2009.05.04 20:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.01.27 15:11:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.27 15:11:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2015.08.09 19:14:26 | 000,592,896 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0044\~de6248.tmp MOD - [2015.08.09 19:13:21 | 000,697,884 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0044\~df394b.tmp MOD - [2015.08.06 14:32:25 | 058,599,032 | ---- | M] () -- C:\Program Files (x86)\Opera\31.0.1889.99\opera.dll MOD - [2015.08.06 14:32:16 | 001,781,368 | ---- | M] () -- C:\Program Files (x86)\Opera\31.0.1889.99\libglesv2.dll MOD - [2015.08.06 14:32:16 | 000,081,528 | ---- | M] () -- C:\Program Files (x86)\Opera\31.0.1889.99\libegl.dll MOD - [2015.07.24 01:24:00 | 002,410,176 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll MOD - [2015.07.24 01:23:38 | 000,703,168 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2015.07.15 00:03:30 | 016,307,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll MOD - [2015.07.07 22:41:46 | 000,169,984 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\openvr_api.dll MOD - [2015.07.03 18:12:46 | 004,962,816 | ---- | M] () -- C:\Program Files (x86)\Steam\v8.dll MOD - [2015.07.03 18:12:28 | 039,553,928 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2015.07.03 18:12:28 | 001,556,992 | ---- | M] () -- C:\Program Files (x86)\Steam\icui18n.dll MOD - [2015.07.03 18:12:28 | 001,187,840 | ---- | M] () -- C:\Program Files (x86)\Steam\icuuc.dll MOD - [2015.07.03 18:12:24 | 000,778,240 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2015.01.05 18:48:06 | 001,710,384 | ---- | M] () -- C:\Windows\SysWOW64\mjcm\5154\nsib.dll MOD - [2015.01.05 18:48:06 | 000,781,616 | ---- | M] () -- C:\Windows\SysWOW64\mjcm\dnkt.exe MOD - [2014.12.01 23:31:16 | 002,396,672 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll MOD - [2014.12.01 23:31:16 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll MOD - [2014.12.01 23:31:16 | 000,479,744 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll MOD - [2014.12.01 23:31:16 | 000,442,880 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll MOD - [2014.12.01 23:31:16 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll MOD - [2014.10.16 11:15:38 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2014.05.24 18:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll MOD - [2014.05.24 18:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll MOD - [2014.02.12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014.02.12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009.04.20 12:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2009.01.26 21:58:28 | 000,969,728 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2015.05.25 20:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2015.05.22 20:47:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015.01.05 18:48:02 | 003,039,536 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:64bit: - [2014.11.21 04:12:40 | 000,244,736 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2014.11.20 21:23:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (03e661da) SRV - [2015.08.03 20:10:21 | 007,596,652 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe -- (resegioninhelp) SRV - [2015.07.24 01:23:38 | 000,838,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2015.07.15 00:03:33 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015.07.07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015.06.17 15:45:31 | 001,997,168 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2015.04.30 01:53:40 | 000,366,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2015.04.30 01:53:40 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2015.04.03 07:37:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015.03.16 04:03:56 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService) SRV - [2014.04.12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014.03.25 10:16:58 | 000,241,704 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService) SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013.11.04 17:25:24 | 000,020,608 | ---- | M] (Mr. John aka japamd) [Auto | Running] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service) SRV - [2013.03.26 18:23:32 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3) SRV - [2012.12.17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012.10.23 11:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.16 01:49:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.03.16 01:48:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.03.16 01:47:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2011.01.10 14:49:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter) SRV - [2010.03.12 05:40:54 | 000,136,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015.03.04 19:34:52 | 000,124,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2014.11.21 04:40:00 | 018,959,360 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2014.11.21 04:08:54 | 000,589,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2014.10.28 01:46:12 | 000,062,152 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd) DRV:64bit: - [2014.06.21 19:01:22 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.14 21:12:42 | 000,123,120 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8) DRV:64bit: - [2011.08.02 19:47:06 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.10 14:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan) DRV:64bit: - [2010.12.31 07:00:00 | 000,854,632 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu) DRV:64bit: - [2010.11.25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.28 03:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2014.02.11 16:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3) DRV - [2012.02.10 03:28:14 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.1.0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2} IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ie2&r=2013/03/26&hid=4244877122&lg=EN&cc=DE IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 F9 D4 84 D4 EF CB 01 [binary data] IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKCU\..\URLSearchHook: {5570f0a0-580c-4c69-808f-8b2aaa2aa93c} - No CLSID value found IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2} IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ie2&r=2013/03/26&hid=4244877122&lg=EN&cc=DE IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290412_2_bst&babsrc=SP_ss&mntrId=d432252d0000000000000025228d8296 IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26 IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{C84562DC-1C5F-407A-9249-FA145D0EF8A3}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/?a=6PQCaQ8YL5&loc=skw&search={searchTerms}&i=26&did=10963 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.region: "DE" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1 FF - prefs.js..browser.startup.homepage: "hxxp://search.gboxapp.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.29 15:49:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.29 15:49:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2014.04.28 13:49:27 | 000,000,000 | ---D | M] [2013.09.17 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2013.09.17 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2015.05.18 16:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\47nu5o9o.default\extensions [2015.08.09 17:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged [2013.09.17 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Sunbird\Profiles\j7cwwtg9.default\extensions [2015.08.09 16:32:28 | 000,002,161 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\47nu5o9o.default\searchplugins\MyStart Search.xml [2015.04.11 16:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.04.11 16:37:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2014.05.15 17:03:37 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (FiandBesitDieal) - {4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C} - C:\Programme\FiandBesitDieal\ZTX6PypNRylBMV.x64.dll () O2 - BHO: (FiandBesitDieal) - {4233F11C-F7E3-4CA9-9AAE-3BBC5344A65C} - C:\Programme\FiandBesitDieal\ZTX6PypNRylBMV.dll () O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [NextLive] C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://vpnssl1.cs.fh-nuernberg.de/NELX.cab (NELaunchCtrl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36ED2503-3472-49B3-98F0-DD22FE2554CD}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{374433E6-840B-4DE2-8222-90A0D58C5370}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B76604-D8E8-4932-A814-365652761723}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E43D05F-1449-46D5-9A2D-B9D5D446AAFA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C7773B-0CAD-409B-BE74-D9ECF596AB76}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB33C0B5-43E6-4F0B-9097-FCB5D671036E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8624FA6-16DD-4418-9AD2-DAD9CB3A259A}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WINFIL~1\WINFIL~2.DLL) - C:\ProgramData\WinFilter\WinFilter_x64.dll () O20 - AppInit_DLLs: (c:\progra~3\winfil~1\winfil~1.dll) - c:\ProgramData\WinFilter\WinFilter.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.08.09 19:52:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\WiseUpdate [2015.08.09 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Wise Registry Cleaner [2015.08.09 19:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner [2015.08.09 19:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise [2015.08.09 17:22:37 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2015.08.09 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\FiandBesitDieal [2015.08.09 17:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\FIendBestDeAl [2015.08.09 17:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Autofill IRCTC Tatkal FormPlugin Extension [2015.08.09 17:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\FiiNdBeStDeaul [2015.08.06 21:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigISaver [2015.08.06 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDIgiSaover [2015.08.06 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Follow [2015.08.06 21:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DIgiSoaverr [2015.08.03 20:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\resegioninhelp [2015.07.23 20:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg [2015.07.23 20:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClearProg [2015.07.22 12:17:02 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\CEF [2015.07.10 21:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4chan Plus [2015.07.10 20:45:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.08.09 20:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.08.09 19:45:36 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk [2015.08.09 19:24:01 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\bench-Updater removing.job [2015.08.09 19:23:31 | 000,028,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.08.09 19:23:31 | 000,028,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.08.09 19:15:12 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\WSE_Astromenda.job [2015.08.09 19:12:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.08.09 19:11:59 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys [2015.08.09 18:09:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\bench-sys.job [2015.08.09 17:12:18 | 000,000,079 | ---- | M] () -- C:\Program Files\prefs.js [2015.08.03 12:13:31 | 000,000,020 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\appdataFr2.bin [2015.07.28 18:14:52 | 000,000,222 | ---- | M] () -- C:\Users\Lukas\Desktop\Football Manager 2015.url [2015.07.23 20:05:44 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\ClearProg.lnk [2015.07.15 00:03:32 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.07.15 00:03:32 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.08.09 19:45:36 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk [2015.08.09 17:12:18 | 000,000,079 | ---- | C] () -- C:\Program Files\prefs.js [2015.07.28 18:14:51 | 000,000,222 | ---- | C] () -- C:\Users\Lukas\Desktop\Football Manager 2015.url [2015.07.23 20:05:44 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\ClearProg.lnk [2015.07.10 13:56:17 | 000,000,020 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\appdataFr2.bin [2015.05.14 14:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015.03.16 04:03:57 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys [2015.03.16 04:03:56 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll [2015.03.16 04:03:56 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe [2015.02.18 06:19:11 | 000,632,320 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2015.02.18 06:19:11 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2014.12.17 18:23:23 | 000,022,528 | ---- | C] () -- C:\Users\Lukas\AppData\Local\dsisetup3286858852.exe [2014.12.04 15:37:57 | 000,022,528 | ---- | C] () -- C:\Users\Lukas\AppData\Local\dsisetup13365924172.exe [2014.11.21 18:44:31 | 000,022,528 | ---- | C] () -- C:\Users\Lukas\AppData\Local\dsisetup2245874322.exe [2014.11.20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2014.11.11 20:34:34 | 000,000,001 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DSI.DAT [2014.11.11 20:34:31 | 000,022,528 | ---- | C] () -- C:\Users\Lukas\AppData\Local\2307105400dsisetup23071176622.exe [2014.11.09 14:15:02 | 000,000,265 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\WB.CFG [2014.01.31 17:57:06 | 000,000,646 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.10.13 01:35:28 | 001,065,984 | ---- | C] () -- C:\Users\Lukas\AppData\Local\file__0.localstorage [2011.11.17 00:18:46 | 000,017,408 | ---- | C] () -- C:\Users\Lukas\AppData\Local\WebpageIcons.db [2011.09.23 17:34:53 | 000,001,472 | ---- | C] () -- C:\Users\Lukas\AppData\Local\RecConfig.xml [2011.06.02 11:26:11 | 000,007,597 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg [2011.05.31 20:18:23 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.10.10 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\2K Sports [2012.05.08 22:49:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Audacity [2014.02.17 21:36:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\awesomehp [2012.05.09 20:40:18 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Babylon [2014.04.24 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.08.02 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite [2013.04.02 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Downloaded Installations [2011.07.28 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Duden [2013.04.02 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FileOpen [2014.11.09 16:23:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FileZilla [2013.04.06 06:38:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FMRTE13 [2014.05.11 21:12:53 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FMRTE14 [2015.02.19 19:16:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FMRTE15 [2015.07.06 20:32:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Foxit Software [2011.07.21 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Free Download Manager [2012.10.25 02:26:55 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Full Ace [2011.05.18 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Get from YouTube [2013.03.14 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\IrfanView [2014.05.30 14:15:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\library_dir [2013.07.01 23:46:07 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Milestone [2011.05.18 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Music Editor Free [2011.04.01 08:43:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\NCH Swift Sound [2015.08.09 19:13:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\newnext.me [2013.04.02 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Nitro [2014.04.17 15:33:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Nitro PDF [2011.10.23 13:32:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Nuance [2014.06.05 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenCandy [2014.06.05 19:19:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org [2014.02.23 16:20:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Opera Software [2015.06.17 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin [2014.04.24 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PDAppFlex [2012.05.09 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PlayerPlug [2012.05.09 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PropMgrAsync [2014.10.09 22:59:37 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\RadeonPro [2012.02.27 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\REDitor II [2015.08.09 16:52:39 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ScreeNet iSaver [2011.05.29 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\SendSpace [2011.10.23 13:11:54 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Smart PDF Converter [2014.09.03 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Soda PDF 6 [2012.02.14 19:39:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\SoftGrid Client [2015.03.16 04:04:09 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Solecismic Software [2014.04.24 20:10:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\SolidDocuments [2014.05.21 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Sports Interactive [2014.05.15 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Systweak [2011.06.02 11:08:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Tific [2012.05.09 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TotalRecorder [2012.02.14 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TP [2014.06.05 19:37:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TuneUp Software [2014.02.14 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Uniblue [2015.08.09 19:55:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Wise Registry Cleaner [2015.08.09 19:55:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\WiseUpdate [2014.11.09 13:15:13 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\WSE_Astromenda [2014.06.12 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Zattoo [2011.10.23 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A8AF8B49 < End of report > [/CODE] OTL Extras Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.08.2015 20:01:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 55,08% Memory free
16,00 Gb Paging File | 12,00 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 131,48 Gb Free Space | 44,11% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 279,39 Gb Free Space | 60,00% Space Free | Partition Type: NTFS
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138995B-5647-425F-83C9-AE3884723D48}" = lport=10243 | protocol=6 | dir=in | app=system |
"{17508D0C-70FA-458D-9450-F50D26A0D06D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FE7FBCC-F264-481A-A111-F628A1B36C71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2DE9E3AE-D258-4866-B615-521E7D7DFE04}" = rport=445 | protocol=6 | dir=out | app=system |
"{4261B4FA-E8B3-4DDE-BACF-C673700EE6FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E0F1996-24FA-4A19-8894-78228E58B4C1}" = lport=137 | protocol=17 | dir=in | app=system |
"{5FC54708-E0E6-4B34-88FB-1EB246718B84}" = rport=138 | protocol=17 | dir=out | app=system |
"{6652E40A-2EFD-4BDC-87E0-A38E18609321}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75CFD2F8-360C-4ADF-AD53-2817D9CA8316}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7610EB92-CCED-473F-8D48-53A9B0103052}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E76FE35-EC32-42FA-873C-E0F746539765}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8606AD8F-3071-4B3E-8DD7-4EB24B2635D3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90EDACDF-8866-4130-8113-B85344E66335}" = rport=139 | protocol=6 | dir=out | app=system |
"{A1CA1303-8D7B-4131-9675-0863534491F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3E2E7D6-E2CD-4E3B-A4E0-AE0198E67F0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B8FC52BE-C4A2-464B-98E3-16CF6BFA90CD}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB2A4E32-AB8D-4148-B8B4-DFDDB2627145}" = lport=138 | protocol=17 | dir=in | app=system |
"{D154AEDB-C3C8-4E0D-840C-D042748BF63A}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF60F125-3051-4D2B-AC25-F64ABEE67A35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E16F5D90-47D1-421C-B911-59DFAF309A41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E207D1A9-2DF5-4863-935A-2C1D1C70DE49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F972B0E0-6DD3-4471-A145-613E9FD9CC7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FAFBC0A7-2BDE-447B-ABAF-D164C542AA98}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE05BE2-AD15-4684-AB03-B5E552AEA539}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{109CA977-DAC3-44E5-B8A0-305A805C4A70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12D41C6F-6B49-40C2-99A3-9AA322FC6411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13BCADAF-066A-47B6-9EFF-F60062149E9F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{159A3875-6FAD-4448-96E0-5D02E7997425}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1731CFC2-C31C-4870-BBF2-FE96FA324E96}" = protocol=17 | dir=in | app=d:\steam ordner 2\steamapps\common\football manager 2015 editor\editor.exe |
"{17B6B42C-EB29-4A78-BB56-1448D0F534A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\biohazard 6 benchmark tool\bh6.exe |
"{1A2E9A96-FFF0-4D19-9B9B-36ED850E4AD2}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1DD92EDF-934B-451F-AFA6-5858E03544C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{20CB0FAB-D58E-4A48-A0D9-00300D2B3E36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3144577E-127F-49EF-9B69-D7BCE7F85DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{37C9E266-14D0-44DF-9EE3-43F84D9F8D4C}" = protocol=17 | dir=in | app=d:\steam ordner 2\steamapps\common\football manager 2015\fm.exe |
"{3C4B7886-127E-479D-80CF-6722B599CD9C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3E88DBD8-7C06-4E49-AA6F-262C2277769D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{41ACF74E-625C-489D-9AA2-C666BB2E9F7E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{4586EF09-5DB2-4A26-9A10-CBC3214E493A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{499ED506-0AA1-4A69-9AD2-21E857D80435}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver fusion\driverfusion.exe |
"{4C7B255B-2BB4-4DCD-A098-9E7D6810B927}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5212BE67-3F1B-4A9C-AFCE-F9EC054E3B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54DBED74-5A65-4D94-A66C-66ABFF4664DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6B0087DC-64B6-410D-9EF8-1B26619E3D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6B4D818B-3D9B-454B-9A4F-A6EC152B472B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CA65887-EEB0-476C-93A3-14AE1633CC4A}" = protocol=6 | dir=in | app=d:\steam ordner 2\steamapps\common\football manager 2015 editor\editor.exe |
"{6DC28745-B760-41F4-9B86-A885724A6020}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6F247F3A-0E2F-4940-84A6-F888C53B6E35}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{706728BF-32D9-41A7-93EA-BBCA1D641D2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72266EE1-E4B0-4441-8C8A-177D6B51FD59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72698E50-CB25-421C-AFD6-FFD8ECA6A17D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{72B0AFE3-7775-4842-A01E-02D4E727CFD5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{73C85FC5-20E5-46DD-973D-2673CE8001CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AEAFB64-05D2-41F8-BE5B-D6DEE5BDC554}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{8229A504-B6B3-4C45-B592-9BC7E1963A91}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8269810E-AFCA-4FE4-BBAE-B87A02C3867F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D14DC31-BC60-4474-B2EE-8F974A6A0877}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8DE00F84-3A13-4F43-8529-E42EC4B86C1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver fusion\driverfusion.exe |
"{93ADF1B8-995F-4871-9532-CAECD72F2DAE}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9B03AB44-0170-4157-A262-936071E4C924}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9F9E63D2-0426-449B-8ACE-FE2EE3C85CEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A08D94F6-83B8-4E26-9D3E-D1DA50C8BD78}" = protocol=17 | dir=in | app=d:\steam ordner 2\steamapps\common\mafia ii\pc\mafia2.exe |
"{A0999B8C-F5F1-43B1-BD79-3EB5C8DCA513}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A46CB999-7378-4A38-9304-7FCC273861CC}" = protocol=6 | dir=out | app=system |
"{A87FE51F-CEED-40A6-8C1C-906181B42100}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AB07CAA1-130B-4429-8E80-86EEF2A75A97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{AF62527A-1F5D-4194-B300-B112D7343405}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{B6164A22-FDEF-44E2-8192-463C60D21129}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B78A0275-0860-4712-85F4-DFA37A7FB7C4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B946E0BA-D5BF-4D65-B2FF-BFE60A016948}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C8154014-2D3D-4215-A1BC-E67F0F663B2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{CC160C3F-F24E-4340-8615-F7E9774716F9}" = protocol=6 | dir=in | app=d:\steam ordner 2\steamapps\common\mafia ii\pc\mafia2.exe |
"{D278CAB6-9ACB-412F-8680-3CDDDBFA2962}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D5AFBD1C-CD90-479E-AE97-BD0120C3DC04}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D86FCC0D-8B38-42E4-8153-12FE3567E63B}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{DB7757CF-A03D-4497-B979-71B6E909420C}" = protocol=6 | dir=in | app=d:\steam ordner 2\steamapps\common\football manager 2015\fm.exe |
"{DB84E1EB-5EB9-44DF-92D1-79BDFCB3682F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E79AEED7-8519-4F62-BB01-679EC0EB2074}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{E88A9ECC-866A-460B-8187-F85732DD1B84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF79003E-439F-4E09-ADCF-3A18A6770885}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F797FDE5-BFA7-4F67-A52A-27051E41A04E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F80D78F8-1126-4484-AA38-DD2501AFF14B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F94DB783-9C7D-48F3-B3C4-D6D5C0B2047D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\biohazard 6 benchmark tool\bh6.exe |
"TCP Query User{0E043A6E-E302-450F-A233-EAE4BCEFAAB5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{18A211F4-0FAD-420C-8DAE-2A9E0366C3DA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{272A0C38-A1BC-4C3A-859C-18072AE987FE}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{2C366063-B893-4ED0-A232-80509F5AE30A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{A991ACC9-B7B0-4CB6-899C-09CE3870A26E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{D7A0D845-DCEC-4940-8DE4-6543D8B6B3AA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{FAFA5EE1-FF30-4AFD-8E82-BF5A16A5484B}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{1F14052A-15E9-410F-9BAA-EF1FB8E2280B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{602E03CD-9BE3-4A4B-88CA-F2AD3AF30094}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7EDF11F7-7ABD-497E-A521-4A82C496C122}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{7F7B9F58-243C-4F60-845E-E6260309749D}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{B3356AE5-A086-4024-BF51-B055F9667E8F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D02BC1BE-975F-4A5A-BDA3-9827CD7A607E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{E80D421F-9E81-4D5F-BE13-4A9A4555F8A2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}" = AMD Wireless Display v3.0
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1664D45E-FA92-8C52-92E9-E8ADB04A18ED}" = AMD Drag and Drop Transcoding
"{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F06417067FF}" = Java 7 Update 67 (64-bit)
"{2C637DB1-3E0A-4089-8366-C6C0B01E5C2B}" = AMD Steady Video Plug-In
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{426582A8-202F-D13C-8BD5-F00551BAFC93}" = AMD Wireless Display v3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E1C1F33-BD77-4D84-8FEC-6DE9977BFBF2}" = Nitro Reader 3
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C97B34C-51D6-49FB-9FEC-C4669CA866EF}" = CIB pdf brewer
"{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1" = FMRTE 15.2.1.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F2415FA-72F2-F029-0450-4EB2FAE484C5}" = AMD Accelerated Video Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}" = AMD Wireless Display v3.0
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}" = Microsoft Security Client
"{DBAFD1B4-DDC5-DD01-D1C4-E7AEB5139097}" = AMD Fuel
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F2A7CE36-57BF-5C86-952D-90DBF3746D82}" = AMD Catalyst Install Manager
"{F7FE0989-5F4C-3499-B78F-A63E942D100B}" = ccc-utility64
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0FE3F13F-8A37-46BA-F973-762F81E833C3}" = CCC Help French
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1543E140-FADF-9E99-D388-4435C2FBC55E}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 67
"{274E3C5C-178E-EAE2-A52F-2863C0EECD46}" = SavuerExtEnseion
"{2C9A2369-162D-7AD7-D50F-5F59CEC8A046}" = CCC Help Danish
"{2D61415B-F99C-8161-F452-760B6E441428}" = CCC Help Hungarian
"{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}" = AMD OverDrive
"{339647D6-A277-974F-FF29-83CA6284559B}" = CCC Help German
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = Mini - Adblocker
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{478472F9-9E09-492A-BDAB-42EE595EF1AD}" = FFunDeeAls
"{4835750F-F8A7-4D3C-A6A9-123E31C12AF8}" = AMD OverDrive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD8FB0D-9407-429D-C412-FAE0A318A8AE}" = CCC Help Polish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D594F78-0C6D-1442-61CC-94D735FEC05D}" = CCC Help English
"{51417852-174C-88D4-34A0-D0FE7858BE47}" = SiteLauncher
"{5958C669-28BF-D667-A004-E6FBF448027D}" = CCC Help Spanish
"{5A2E0110-0296-46C3-97E1-C6A0D36E898A}" = System Requirements Lab Detection
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da}" = WinFilter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{637B1239-84B7-0B0F-2549-7020CA57C831}" = CCC Help Thai
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6AE0A655-9BB8-460E-1956-ED37E3B221FA}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B254D2F-6F6F-5455-DD3B-E71E5C1C0C9A}" = AMD Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7481E13B-EC16-1B14-0E32-E88165CD4C57}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ABA4B54-3672-0548-C1CC-97405F767061}" = CCC Help Russian
"{7FE73251-50FA-E864-67EB-19C4BC7AA1C9}" = CCC Help Portuguese
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 6.9.2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{894CBED0-8225-D59B-5632-D01B14C6D520}" = CCC Help Norwegian
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8BD7C51C-0CC4-3E28-CFDC-F7D4C5583783}" = CCC Help Finnish
"{8ECCC07B-83E3-3877-26DF-815CD2B30749}" = CCC Help Italian
"{900FD4B9-9C27-D907-36E7-E9CCF170E2FC}" = Catalyst Control Center InstallProxy
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{98449C67-C7AF-BB53-112D-26C916814611}" = ExstruaCCoupeonn
"{988949CE-DE9A-D187-A010-22B9085FB813}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}" = SaveMasos
"{A85092B2-8FB5-5A8C-B27A-69A3D78979D8}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AB468309-88EB-4250-BFEA-45479091102B}" = JavaFX Scene Builder 1.1
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.12) - Deutsch
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1977E93-5FC0-0BA4-2D5A-D3E69870C7D4}" = CCC Help Chinese Traditional
"{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}" = JavaFX Scene Builder 2.0
"{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}" = FiandBesitDieal
"{BBC9BF50-A35D-B0C2-9117-F3CA2F6BB64A}" = CCC Help Czech
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = BirowwsyE2savee
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6E49138-C2CF-5337-D358-0734FD33EFB4}" = UTubaeNiouADs
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA09491-F5C1-4D20-91A6-7F7E39769E94}" = OpenOffice.org 3.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}" = 4chan Plus
"{D0FD2FF9-1BE9-E729-3878-9A603B5F1529}" = Catalyst Control Center Localization All
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D94F2DE6-55B4-B211-A381-54089BC791A0}" = CCC Help Japanese
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{EEFDBD75-0BD9-AC5F-8F61-903C6A19C0ED}" = CCC Help Dutch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A6C690-C12C-4E7A-B4BD-958678215418}" = 3DMark
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB415F81-DC5E-ED99-D2FE-3DC4D88BCA58}" = CCC Help Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player PPAPI" = Adobe Flash Player 18 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = Configuration DivX
"DokanLibrary" = Dokan Library 0.6.0
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.9.0.6
"fmXML_is1" = fmXML version 0.3
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 37.0.1 (x86 de)" = Mozilla Firefox 37.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Opera 31.0.1889.99" = Opera Stable 31.0.1889.99
"Origin" = Origin
"PrintKey2000" = PrintKey2000
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.1.1.0)
"Revo Uninstaller" = Revo Uninstaller 1.95
"Rockstar Games Social Club" = Rockstar Games Social Club
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"SopCast" = SopCast 3.3.2
"Steam App 231390" = Biohazard 6 Benchmark Tool
"Steam App 233570" = Driver Fusion
"Steam App 295270" = Football Manager 2015
"Steam App 295350" = Football Manager 2015 Editor
"Steam App 50130" = Mafia II
"TeamViewer 7" = TeamViewer 7
"TotalRecorder" = Total Recorder 8.3 Standard Edition
"VLC media player" = VLC media player 2.1.0
"Winamp" = Winamp
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 8.66
"WNLT" = IB Updater Service
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"790152df1a5783f8" = Draft Analyzer
"bc1f77244dd140f8" = GamePlanAnalyzer
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.08.2015 10:32:32 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeb033f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000027de
ID
des fehlerhaften Prozesses: 0x7f4 Startzeit der fehlerhaften Anwendung: 0x01d0d2b02e75dc5c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 77f89ef7-3ea3-11e5-b28d-0025228d8296
Error - 09.08.2015 10:56:53 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeb033f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000027de
ID
des fehlerhaften Prozesses: 0xfd0 Startzeit der fehlerhaften Anwendung: 0x01d0d2b39d26c45d
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: dedec5d3-3ea6-11e5-8237-0025228d8296
Error - 09.08.2015 12:48:03 | Computer Name = Lukas-PC | Source = Application Hang | ID = 1002
Description = Programm wusa.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a70 Startzeit:
01d0d2b70725787c Endzeit: 1 Anwendungspfad: C:\Windows\SysWOW64\wusa.exe Berichts-ID:
Error - 09.08.2015 12:51:56 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fm.exe, Version: 15.3.2.0, Zeitstempel:
0x551d37bc Name des fehlerhaften Moduls: fm.exe, Version: 15.3.2.0, Zeitstempel:
0x551d37bc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b66406 ID des fehlerhaften Prozesses:
0x1a18 Startzeit der fehlerhaften Anwendung: 0x01d0d2be7a960d41 Pfad der fehlerhaften
Anwendung: D:\Steam Ordner 2\steamapps\common\Football Manager 2015\fm.exe Pfad
des fehlerhaften Moduls: D:\Steam Ordner 2\steamapps\common\Football Manager 2015\fm.exe
Berichtskennung:
f123a5cf-3eb6-11e5-8237-0025228d8296
Error - 09.08.2015 12:57:46 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeb033f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000027de
ID
des fehlerhaften Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0x01d0d2c482ff9c27
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: c17b3ebf-3eb7-11e5-b22f-0025228d8296
Error - 09.08.2015 13:13:02 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeb033f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000027de
ID
des fehlerhaften Prozesses: 0xaa8 Startzeit der fehlerhaften Anwendung: 0x01d0d2c6967d6756
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: e3fe6209-3eb9-11e5-8b1b-0025228d8296
Error - 09.08.2015 13:24:00 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeb033f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000027de
ID
des fehlerhaften Prozesses: 0xdb0 Startzeit der fehlerhaften Anwendung: 0x01d0d2c82df414e0
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 6c234ed3-3ebb-11e5-8b1b-0025228d8296
Error - 09.08.2015 13:44:08 | Computer Name = Lukas-PC | Source = Application Hang | ID = 1002
Description = Programm SmartDataRecovery.exe, Version 4.3.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1654 Startzeit: 01d0d2c9cecc6252 Endzeit: 16 Anwendungspfad:
C:\Program Files (x86)\Smart PC Solutions\Smart Data Recovery\SmartDataRecovery.exe
Berichts-ID:
Error - 09.08.2015 14:42:07 | Computer Name = Lukas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error - 09.08.2015 14:42:14 | Computer Name = Lukas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
[ System Events ]
Error - 09.08.2015 14:42:56 | Computer Name = Lukas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.08.2015 14:42:56 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 09.08.2015 14:42:57 | Computer Name = Lukas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.08.2015 14:42:57 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 09.08.2015 14:44:42 | Computer Name = Lukas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.08.2015 14:44:42 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 09.08.2015 14:44:43 | Computer Name = Lukas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.08.2015 14:44:43 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 09.08.2015 14:44:44 | Computer Name = Lukas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.08.2015 14:44:44 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
< End of report >
[/CODE] |
|
10.08.2015, 16:17
| #5 |
| /// TB-Ausbilder   | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Scan mit Combofix
|
|
10.08.2015, 18:50
| #6 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Vielen Dank Matthias für die schnelle Rückmeldung. Habe deine Anweisungen befolgt und combofix.exe ausgeführt. Hier die entsprechende combofix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 15-08-08.01 - Lukas 10.08.2015 19:27:12.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.4729 [GMT 2:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\NewPlayer
c:\program files (x86)\NewPlayer\references\extaudio.png
c:\program files (x86)\NewPlayer\references\extvideo.png
c:\program files (x86)\NewPlayer\references\folder.png
c:\program files (x86)\NewPlayer\references\libreria.png
c:\program files (x86)\NewPlayer\references\Thumbs.db
c:\program files (x86)\NewPlayer\Windows\Thumbs.db
c:\program files (x86)\NewSavver
c:\program files (x86)\NewSavver\pFjkdyd0VpMVYF.dat
c:\program files (x86)\NewSavver\pFjkdyd0VpMVYF.tlb
c:\programdata\8108833817704537162UL
c:\programdata\8108833817704537162UL\026816f45d2e47b2c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\0762f68e5503cb15c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\0efc2c41e5cf7bcfc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\1256edbb7b62739bc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\16c76bc5779910c6c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\1d75dec2c25bc849c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\21dd2fa5f20cc109c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\22d744506cad0c4cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\24e88a37d2d9c836c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\28d0b1947fe80791c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\28ffb307da9e37a9c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\2c5fe605111bf77fc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\3457565de100e38cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\35555c15a234937fc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\37a553f5bd0c8932c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\3c5cad6980e1eb9ac20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\3f0327b152e6b712c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\4cc9484e5308b1bcc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\4dc887bcc29b26c6c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\509988526bee90c2c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\52f7a96b3ed86261c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\55a8e9c86128951fc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\5ba3ff2d19c3f782c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\5d1b2a979a71d538c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\5f559a794b51f15cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\610c92036204ce19c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\638b22b38fe15e8cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\6757e794ec36f69ec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\67c9553d6b57f65cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\6be6042d1f304613c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\720f743a776772bec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\7766d983eaa2eed8c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\79149b23a8da931ec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\7d3a17969ee8d54ec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\8385057e4dea7006c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\880e4cb7292a1ce4c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\9056980660156c5cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\906b6fb1d09c124bc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\963a03e3172e9e7ac20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\9dd5802009ccebafc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\a1f3cf6f9ad2222bc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\a4311af4acf03b3ec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\a4be4e28c0601c05c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\a923305d1f1aa43ec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\ab04ecb30c557b37c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\af0c9ff59bf040b6c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\af302d532a5eb6b8c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\af7d149721897c8ac20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\bb3b03074f60650fc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\bb89253d12b1b87dc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\bddd23884695b1acc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\beca2007fdd0d58ac20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\c964044650c9e4efc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\c9cd1ae9d4a3d15ec20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\cc7b4f190afc6facc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\d10de703829fe2d8c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\d1b1b8b13a226202c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\d20502567d1fd408c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\d37be5ddee8c6f50c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\d39d838e59875b4cc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\d43a473d94acb0b6c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\dc276ae9d91ac2fbc20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\dd632212936319c2c20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\e32dc874f74c87fac20114596cdb6d9e.ini
c:\programdata\8108833817704537162UL\f7610c3afe2bbcd1c20114596cdb6d9e.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\DownloadnSave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DownloadnSave\Uninstall.lnk
c:\users\Lukas\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\2e@E.net
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\2e@E.net\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\2e@E.net\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\2e@E.net\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\2e@E.net\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\3z@r.org
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\3z@r.org\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\3z@r.org\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\3z@r.org\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\3z@r.org\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\5W@GH.edu
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\5W@GH.edu\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\5W@GH.edu\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\5W@GH.edu\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\5W@GH.edu\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\6es8av6j@s8.edu
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\6es8av6j@s8.edu\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\6es8av6j@s8.edu\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\6es8av6j@s8.edu\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\6es8av6j@s8.edu\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\C@6J.org
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\C@6J.org\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\C@6J.org\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\C@6J.org\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\C@6J.org\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\nRkqrM@xomO.edu
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\nRkqrM@xomO.edu\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\nRkqrM@xomO.edu\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\nRkqrM@xomO.edu\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\nRkqrM@xomO.edu\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\oOX@YHNZ.com
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\oOX@YHNZ.com\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\oOX@YHNZ.com\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\oOX@YHNZ.com\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\oOX@YHNZ.com\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\tDIp@PcE.org
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\tDIp@PcE.org\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\tDIp@PcE.org\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\tDIp@PcE.org\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\tDIp@PcE.org\install.rdf
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\u@5h.net
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\u@5h.net\bootstrap.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\u@5h.net\chrome.manifest
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\u@5h.net\content\bg.js
c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\u@5h.net\install.rdf
c:\users\Lukas\AppData\Roaming\PropMgrAsync
c:\users\Lukas\AppData\Roaming\PropMgrAsync\PropMgrAsync.cfg
c:\users\Lukas\AppData\Roaming\PropMgrAsync\PropMgrAsync.log
c:\windows\SysWow64\tmp7C31.tmp
c:\windows\SysWow64\tmp7C32.tmp
c:\windows\SysWow64\WNLT
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-07-10 bis 2015-08-10 ))))))))))))))))))))))))))))))
.
.
2015-08-10 17:35 . 2015-08-10 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-10 16:24 . 2011-05-29 13:51 58880 ------w- c:\windows\system32\dui7032.Vdll
2015-08-09 22:07 . 2015-08-09 22:09 -------- d-----w- C:\FRST
2015-08-09 19:18 . 2015-08-09 23:05 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-09 19:18 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-09 19:18 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-09 19:18 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-09 19:18 . 2015-08-09 19:18 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-08-09 17:52 . 2015-08-09 17:55 -------- d-----w- c:\users\Lukas\AppData\Roaming\WiseUpdate
2015-08-09 17:45 . 2015-08-09 17:55 -------- d-----w- c:\users\Lukas\AppData\Roaming\Wise Registry Cleaner
2015-08-09 17:45 . 2015-08-09 17:45 -------- d-----w- c:\program files (x86)\Wise
2015-08-09 17:22 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3018C439-3ADB-4B7F-94D6-90F4D09643D5}\mpengine.dll
2015-08-09 17:08 . 2015-07-02 05:31 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39F88233-1D3F-4A27-819A-F286DAC0AA47}\gapaengine.dll
2015-08-09 17:07 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-09 15:22 . 2015-08-09 15:22 -------- d-----w- c:\windows\CheckSur
2015-08-09 15:12 . 2015-08-09 21:47 -------- d-----w- c:\program files\FIendBestDeAl
2015-08-09 15:12 . 2015-08-09 21:47 -------- d-----w- c:\program files\Autofill IRCTC Tatkal FormPlugin Extension
2015-08-09 15:12 . 2015-08-09 15:12 79 ----a-w- c:\program files\prefs.js
2015-08-06 19:39 . 2015-08-09 14:28 -------- d-----w- c:\program files (x86)\DigISaver
2015-08-06 19:39 . 2015-08-09 14:28 -------- d-----w- c:\program files (x86)\DDIgiSaover
2015-08-06 19:38 . 2015-08-09 14:28 -------- d-----w- c:\program files (x86)\Follow
2015-08-06 19:38 . 2015-08-09 14:28 -------- d-----w- c:\program files (x86)\DIgiSoaverr
2015-08-03 18:10 . 2015-08-03 18:10 -------- d-----w- c:\program files (x86)\resegioninhelp
2015-07-23 18:05 . 2015-07-23 18:05 -------- d-----w- c:\program files (x86)\ClearProg
2015-07-22 10:17 . 2015-07-22 10:17 -------- d-----w- c:\users\Lukas\AppData\Local\CEF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-03 10:13 . 2015-07-10 11:56 20 ----a-w- c:\users\Lukas\AppData\Roaming\appdataFr2.bin
2015-07-14 22:03 . 2015-02-20 17:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-14 22:03 . 2015-02-20 17:43 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 10:08 . 2011-04-06 23:19 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-02 05:31 . 2012-02-10 10:51 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-17 11:51 . 2011-03-23 15:38 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-01 19:16 . 2015-06-16 16:04 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-16 16:04 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-16 16:05 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-16 16:05 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-16 16:05 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-16 16:05 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-16 16:05 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-16 16:05 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-16 16:05 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-16 16:05 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-16 16:05 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-16 16:05 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-16 16:05 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-16 16:05 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-16 16:05 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-16 16:05 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-16 16:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-16 16:05 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-16 16:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-16 16:05 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-16 16:05 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-16 16:05 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-16 16:05 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-16 16:05 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-16 16:05 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-16 16:05 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-16 16:05 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-16 16:05 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-16 16:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-16 16:05 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-16 16:05 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-16 16:05 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-16 16:05 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-16 16:05 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-16 16:05 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-16 16:05 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-16 16:05 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-16 16:05 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-16 16:05 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-16 16:05 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-16 16:05 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-16 16:05 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-16 16:05 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-16 16:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-16 16:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-16 16:05 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-16 16:05 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-16 16:05 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-16 16:05 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-16 16:05 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-16 16:05 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-16 16:05 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-16 16:05 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-16 16:05 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-16 16:05 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-16 16:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-16 16:05 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-16 16:05 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-16 16:05 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-16 16:05 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-16 16:05 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-16 16:05 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-16 16:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-16 16:05 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-16 16:05 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-16 16:05 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-16 16:05 37888 ----a-w- c:\windows\SysWow64\relog.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-23 2895552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-17 74752]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
c:\users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-1-27 384512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files (x86)\PrintKey2000\Printkey2000.exe [2011-7-15 869376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 03e661da;WinFilter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 resegioninhelp;resegioninhelp;c:\program files (x86)\resegioninhelp\resegioninhelp.exe;c:\program files (x86)\resegioninhelp\resegioninhelp.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1.0;AODDriver4.1.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AODDRIVER
*Deregistered* - AODDriver
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-20 22:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser//
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKU-Default-Run-Duden Korrektor SysTray - c:\program files (x86)\Duden\Duden Korrektor\DKTray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da} - c:\progra~3\WINFIL~1\WINFIL~1.DLL
AddRemove-{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} - c:\program files (x86)\NewSavver\pFjkdyd0VpMVYF.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\Software\G*e*n*i*e*"!\FM Genie Scout 13]
"ShortlistDir"="c:\\Users\\Lukas\\Documents\\Sports Interactive\\Football Manager 2013\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Lukas\\Documents\\Sports Interactive\\Football Manager 2013"
"SaveDir"="c:\\Users\\Lukas\\Documents\\Sports Interactive\\Football Manager 2013\\"
"HistoryAutoTracking"=dword:00000000
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a32a
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:00000158
"UniqueID"="14-F355-2143"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:0000001e
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000002
"FilterByClubFeatureNum"=dword:00000001
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000001
"GenieReportFeatureNum"=dword:0000000f
"TopFormationFeatureNum"=dword:00000001
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:000000b3
"GameLoadedCounter"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\Software\G*e*n*i*e*"!\FM Genie Scout 14]
"GameDir"="c:\\FM Genie Scout 14\\games"
"ShortlistDir"="c:\\FM Genie Scout 14\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\FM Genie Scout 14"
"SaveDir"="c:\\FM Genie Scout 14\\"
"HistoryAutoTracking"=dword:00000000
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a32a
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000001a2
"UniqueID"="14-F355-2143"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000000
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:0000000a
"GameLoadedCounter"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\Software\SecuROM\License information*]
"datasecu"=hex:ac,ae,a5,51,f3,91,87,93,7c,40,1d,2b,7b,12,1b,52,d8,3d,c7,a4,0c,
e0,0a,38,f4,6b,e5,d9,68,45,f4,75,d1,84,53,71,9a,b4,81,6a,61,3b,30,96,32,80,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-08-10 19:38:49
ComboFix-quarantined-files.txt 2015-08-10 17:38
.
Vor Suchlauf: 16 Verzeichnis(se), 141.152.301.056 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 146.789.056.512 Bytes frei
.
- - End Of File - - 7FF46E6C7059AD624A820B030995E1A7
A36C5E4F47E84449FF07ED3517B43A31 |
|
11.08.2015, 09:13
| #7 |
| /// TB-Ausbilder | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Gut gemacht.  So geht es weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
11.08.2015, 19:49
| #8 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 so nun die 5 Logfiles, um die du mich gebeten hast. AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 11/08/2015 um 18:01:55
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Lukas - LUKAS-PC
# Gestarted von : C:\Users\Lukas\Desktop\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : 03e661da
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browse2Save
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SNT
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\The AdBlocker
Ordner Gelöscht : C:\ProgramData\AllCheapPriice
Ordner Gelöscht : C:\ProgramData\AlllCCheaopPrrice
Ordner Gelöscht : C:\ProgramData\BirowwsyE2savee
Ordner Gelöscht : C:\ProgramData\CCoupExtennsIon
Ordner Gelöscht : C:\ProgramData\CooupExtensIon
Ordner Gelöscht : C:\ProgramData\CouPExtensioon
Ordner Gelöscht : C:\ProgramData\DeualExpress
Ordner Gelöscht : C:\ProgramData\FFunDeeAls
Ordner Gelöscht : C:\ProgramData\NuEtooCouuponn
Ordner Gelöscht : C:\ProgramData\RoboSSaver
Ordner Gelöscht : C:\ProgramData\SavE neT
Ordner Gelöscht : C:\ProgramData\SaveMasos
Ordner Gelöscht : C:\ProgramData\SaveNewaAppz
Ordner Gelöscht : C:\ProgramData\SaverExtension
Ordner Gelöscht : C:\ProgramData\UTubaeNiouADs
Ordner Gelöscht : C:\ProgramData\70885d650ef41c4a
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BirowwsyE2savee
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\DigiSaver
Ordner Gelöscht : C:\Program Files (x86)\DDIgiSaover
Ordner Gelöscht : C:\Program Files (x86)\DIgiSoaverr
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\System32\ARFC
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\ASPNET\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\torch
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Browse2Save
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\DownloadnSave
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\BirowwsyE2savee
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\SendSpace
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\download Manager
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Ordner Gelöscht : C:\Users\Lukas\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\prefs.js
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Lukas\daemonprocess.txt
Datei Gelöscht : C:\Users\Lukas\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Lukas\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Lukas\AppData\Roaming\regsvr32.exe_log.txt
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{04A0F1FA-CF83-4ECD-9F68-D94D3F8A7622}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1DB3812C-B5BC-4714-8F98-4669354B6000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{532ECD0F-E6C9-4ACE-860A-3730B1F6F1DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{917A80E3-C425-4F5F-B8D3-4804A0CCA924}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92B989D7-D747-4BA3-A01E-B4D46EA6F5C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{995AEC82-0E5F-419A-864E-4E50012D0863}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BD601133-B03F-4C73-B593-DB2322CBD22E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D109FD35-ED23-483B-87F3-9160F08B53B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Schlüssel Gelöscht : HKCU\Software\Ask&Record
Schlüssel Gelöscht : HKCU\Software\AutocompleteProBHO
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Smart PC Solutions
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.incredibar-search.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v37.0.1 (x86 de)
-\\ Google Chrome v
-\\ Chromium v
-\\ Comodo Dragon v
-\\ Opera v31.0.1889.99
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [23415 Bytes] - [11/08/2015 18:00:23]
AdwCleaner[S0].txt - [22120 Bytes] - [11/08/2015 18:01:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22180 Bytes] ##########
[/CODE] MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.08.2015 Suchlaufzeit: 18:27 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.11.06 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lukas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 459299 Abgelaufene Zeit: 37 Min., 58 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 3 PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{53B21E29-3967-C332-57EB-C02631658584}, In Quarantäne, [ddb517f0c1cac76fd8f8780238c99967], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [0f8347c0fd8e9a9c1194465f966ecf31], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [7919f413721974c2c9dca30219ebc43c], Registrierungswerte: 2 PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [0f8347c0fd8e9a9c1194465f966ecf31] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [7919f413721974c2c9dca30219ebc43c] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.TakeTheCoupon.A, C:\Program Files (x86)\TTakeTThheCouPPoun, In Quarantäne, [82102adddeadd75f3e57c2dd7d87d828], Dateien: 9 PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll, In Quarantäne, [31612bdc5a31ac8ae28d783b60a1e61a], PUP.Optional.Multiplug.A, C:\Program Files (x86)\TTakeTThheCouPPoun\6mdUeBIDX6hpTh.exe, In Quarantäne, [ddb517f0c1cac76fd8f8780238c99967], PUP.Optional.MultiPlug.A, C:\Windows\temp\tmpbglhmc\6mdUeBIDX6hpTh.dll, In Quarantäne, [5c369e69b0db3cfa41b47547629fa25e], PUP.Optional.MultiPlug.A, C:\Windows\temp\tmpbglhmc\6mdUeBIDX6hpTh.x64.dll, In Quarantäne, [a9e9d23538530e28fff6803c2cd5e21e], PUP.Optional.Multiplug.A, C:\Windows\temp\tmpbglhmc\A5Ewq9KBHpBH3Um.exe, In Quarantäne, [6b270304008ba492854bceac3fc27090], PUP.Optional.MultiPlug.A, C:\Windows\temp\tmpzhqhuc\dbghelp.dll, In Quarantäne, [5141ab5cf9929a9ca2cd6b48ac550bf5], PUP.Optional.MultiPlug.A, C:\Windows\temp\tmpzryzd_\dbghelp.dll, In Quarantäne, [573b7e892d5eef47046beec519e8669a], PUP.Optional.TakeTheCoupon.A, C:\Program Files (x86)\TTakeTThheCouPPoun\6mdUeBIDX6hpTh.tlb, In Quarantäne, [82102adddeadd75f3e57c2dd7d87d828], PUP.Optional.TakeTheCoupon.A, C:\Program Files (x86)\TTakeTThheCouPPoun\6mdUeBIDX6hpTh.dat, In Quarantäne, [82102adddeadd75f3e57c2dd7d87d828], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Professional x64
Ran by Lukas on 11.08.2015 at 20:08:21,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Failed to delete: [Task] C:\Windows\system32\tasks\WiseCleaner
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
Successfully deleted: [File] C:\Users\Lukas\AppData\Roaming\appdataFr2.bin
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\cloud software ltd
Successfully deleted: [Folder] C:\Users\Lukas\Documents\add-in express
Successfully deleted: [Folder] C:\Users\Lukas\Appdata\Local\28050
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\47nu5o9o.default\extensions\staged
~~~ Chrome
[C:\Users\Lukas\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Lukas\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Lukas\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Lukas\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.08.2015 at 20:11:24,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015
durchgeführt von Lukas (Administrator) auf LUKAS-PC (11-08-2015 20:36:35)
Gestartet von C:\Users\Lukas\Desktop
Geladene Profile: Lukas (Verfügbare Profile: Lukas)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-03-17] (Nullsoft, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk [2011-07-15]
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2014-06-05]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {C84562DC-1C5F-407A-9249-FA145D0EF8A3} URL = hxxp://www.google.de/search?q={searchTerms}
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://vpnssl1.cs.fh-nuernberg.de/NELX.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{36ED2503-3472-49B3-98F0-DD22FE2554CD}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{374433E6-840B-4DE2-8222-90A0D58C5370}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{61B76604-D8E8-4932-A814-365652761723}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{7E43D05F-1449-46D5-9A2D-B9D5D446AAFA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A6C7773B-0CAD-409B-BE74-D9ECF596AB76}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{BB33C0B5-43E6-4F0B-9097-FCB5D671036E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E8624FA6-16DD-4418-9AD2-DAD9CB3A259A}: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default
FF Homepage: https://www.malwarebytes.org/restorebrowser//
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-24] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2010-02-19] (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-29]
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [oibhdbdejgpfhoddlpccabifnmmopchn] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ojkljipanbocbngapmmpflnkgmnohjhm] - <kein Path/update_url>
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Lukas\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-05-23]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2010-03-12] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Datei ist nicht signiert]
S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Datei ist nicht signiert]
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S2 LicCtrlService; C:\Windows\runservice.exe [2560 2015-03-16] () [Datei ist nicht signiert]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-17] (Electronic Arts)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [Datei ist nicht signiert]
S2 resegioninhelp; C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe [7596652 2015-08-03] () [Datei ist nicht signiert] <==== ACHTUNG
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [56448 2012-02-10] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-02] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [854632 2010-12-31] (Realtek Semiconductor Corporation )
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-11 20:36 - 2015-08-11 20:37 - 00018508 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-08-11 20:36 - 2015-08-11 20:36 - 00000000 ____D C:\Users\Lukas\Desktop\FRST-OlderVersion
2015-08-11 20:11 - 2015-08-11 20:11 - 00001780 _____ C:\Users\Lukas\Desktop\JRT.txt
2015-08-11 20:06 - 2015-08-11 20:06 - 00003175 _____ C:\Users\Lukas\Desktop\mbam.txt
2015-08-11 19:03 - 2015-08-11 19:03 - 19284168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-11 18:24 - 2015-08-11 18:24 - 00022509 _____ C:\Users\Lukas\Desktop\AdwCleaner[S0].txt
2015-08-11 17:58 - 2015-08-11 18:03 - 00000000 ____D C:\AdwCleaner
2015-08-11 11:58 - 2015-08-11 11:58 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Lukas\Desktop\JRT.exe
2015-08-11 11:57 - 2015-08-11 11:57 - 02248704 _____ C:\Users\Lukas\Desktop\AdwCleaner_4.208.exe
2015-08-10 19:38 - 2015-08-10 19:38 - 00039754 _____ C:\ComboFix.txt
2015-08-10 19:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-10 19:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-10 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-10 19:15 - 2015-08-10 19:38 - 00000000 ____D C:\Qoobox
2015-08-10 19:14 - 2015-08-10 19:37 - 00000000 ____D C:\Windows\erdnt
2015-08-10 17:25 - 2015-08-10 17:26 - 05634368 ____R (Swearware) C:\Users\Lukas\Desktop\ComboFix.exe
2015-08-10 12:36 - 2015-08-10 12:36 - 02870984 _____ (ESET) C:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
2015-08-10 00:07 - 2015-08-11 20:36 - 00000000 ____D C:\FRST
2015-08-10 00:05 - 2015-08-10 00:05 - 00000168 _____ C:\Users\Lukas\defogger_reenable
2015-08-09 23:17 - 2015-08-11 20:36 - 02172416 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-08-09 23:17 - 2015-08-09 23:17 - 00380416 _____ C:\Users\Lukas\Desktop\Gmer-19357.exe
2015-08-09 23:14 - 2015-08-09 23:14 - 00050477 _____ C:\Users\Lukas\Desktop\Defogger.exe
2015-08-09 21:18 - 2015-08-11 20:05 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 21:18 - 2015-08-09 21:18 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-09 21:18 - 2015-08-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-09 21:18 - 2015-08-09 21:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-09 21:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 21:18 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-09 21:18 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-09 19:52 - 2015-08-09 19:55 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\WiseUpdate
2015-08-09 19:45 - 2015-08-11 20:09 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2015-08-09 19:45 - 2015-08-09 19:55 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\Wise Registry Cleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00001227 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\Program Files (x86)\Wise
2015-08-09 17:22 - 2015-08-09 17:22 - 00000000 ____D C:\Windows\CheckSur
2015-08-09 17:12 - 2015-08-09 23:47 - 00000000 ____D C:\Program Files\FIendBestDeAl
2015-08-09 17:12 - 2015-08-09 23:47 - 00000000 ____D C:\Program Files\Autofill IRCTC Tatkal FormPlugin Extension
2015-08-03 20:10 - 2015-08-03 20:10 - 00000000 ____D C:\Program Files (x86)\resegioninhelp
2015-07-28 18:14 - 2015-07-28 18:14 - 00000222 _____ C:\Users\Lukas\Desktop\Football Manager 2015.url
2015-07-23 20:05 - 2015-07-23 20:05 - 00001019 _____ C:\Users\Public\Desktop\ClearProg.lnk
2015-07-23 20:05 - 2015-07-23 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
2015-07-23 20:05 - 2015-07-23 20:05 - 00000000 ____D C:\Program Files (x86)\ClearProg
2015-07-23 12:38 - 2015-07-23 12:38 - 00000000 ____D C:\Users\Lukas\Downloads\Vorlagen Bewerbung
2015-07-22 12:17 - 2015-07-22 12:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\CEF
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-11 20:34 - 2011-03-16 01:18 - 01869485 _____ C:\Windows\WindowsUpdate.log
2015-08-11 20:03 - 2015-02-20 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-11 19:38 - 2009-07-14 06:45 - 00028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 19:38 - 2009-07-14 06:45 - 00028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-11 19:32 - 2011-03-29 17:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-11 19:29 - 2011-03-16 01:50 - 00769918 _____ C:\Windows\PFRO.log
2015-08-11 19:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 19:29 - 2009-07-14 06:51 - 00089823 _____ C:\Windows\setupact.log
2015-08-11 19:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-11 19:27 - 2015-04-11 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-11 19:03 - 2015-02-20 19:43 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 19:03 - 2015-02-20 19:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 19:03 - 2015-02-20 19:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 18:02 - 2011-03-16 01:35 - 00000000 ____D C:\Users\Lukas
2015-08-11 09:57 - 2015-05-16 13:26 - 00000000 ____D C:\Users\Lukas\Documents\Bewerbungen 2015
2015-08-10 19:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-08-10 19:35 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-10 18:26 - 2014-06-26 14:44 - 00000000 ____D C:\Windows\SysWOW64\mjcm
2015-08-10 18:26 - 2014-06-26 14:44 - 00000000 ____D C:\Windows\system32\tprb
2015-08-10 01:26 - 2012-04-29 04:15 - 00000000 ____D C:\Users\Lukas\AppData\Local\2K Games
2015-08-10 01:26 - 2011-03-16 02:33 - 01348224 _____ C:\Windows\DirectX.log
2015-08-10 01:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SchCache
2015-08-10 00:19 - 2011-04-07 01:14 - 00000000 ____D C:\Users\Lukas\AppData\Local\CrashDumps
2015-08-09 23:47 - 2015-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\4chan Plus
2015-08-09 23:47 - 2015-05-20 20:15 - 00000000 ____D C:\Program Files\SiteLauncher
2015-08-09 23:47 - 2015-05-20 20:15 - 00000000 ____D C:\Program Files\SavuerExtEnseion
2015-08-09 23:47 - 2015-04-11 16:37 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 23:47 - 2014-02-23 16:20 - 00001111 _____ C:\Users\Public\Desktop\Opera.lnk
2015-08-09 23:47 - 2012-07-01 21:57 - 00000000 ____D C:\ProgramData\InstallMate
2015-08-09 21:18 - 2012-11-19 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 19:35 - 2011-07-21 21:41 - 00000000 ____D C:\ProgramData\TEMP
2015-08-09 16:56 - 2014-08-25 18:20 - 00000000 ____D C:\Users\Lukas\AppData\Local\SWDS
2015-08-09 16:52 - 2015-04-05 16:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-09 16:52 - 2014-02-23 16:20 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-09 16:52 - 2011-03-30 19:01 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\ScreeNet iSaver
2015-08-09 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-08-09 16:51 - 2011-10-30 21:58 - 00000000 ____D C:\Users\Lukas\AppData\Local\Sports Interactive
2015-08-09 16:27 - 2011-05-29 18:42 - 00000000 ____D C:\Users\Lukas\AppData\Local\Google
2015-08-06 14:32 - 2014-06-12 20:13 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1393165213
2015-08-06 13:49 - 2011-06-12 20:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 11:47 - 2014-12-11 21:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 19:57 - 2015-01-04 22:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-11-09 14:15 - 2015-06-28 00:15 - 0000265 _____ () C:\Users\Lukas\AppData\Roaming\WB.CFG
2014-11-11 20:34 - 2014-12-17 18:23 - 0000001 _____ () C:\Users\Lukas\AppData\Local\DSI.DAT
2013-10-13 01:35 - 2013-10-13 01:36 - 1065984 _____ () C:\Users\Lukas\AppData\Local\file__0.localstorage
2011-05-31 20:18 - 2011-05-31 20:18 - 0000093 _____ () C:\Users\Lukas\AppData\Local\fusioncache.dat
2011-09-23 17:34 - 2011-09-23 17:34 - 0001472 _____ () C:\Users\Lukas\AppData\Local\RecConfig.xml
2011-06-02 11:26 - 2013-10-19 07:39 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2011-11-17 00:18 - 2014-06-12 20:03 - 0017408 _____ () C:\Users\Lukas\AppData\Local\WebpageIcons.db
Einige Dateien in TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-02 16:27
==================== Ende von Ergebnis ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:11-08-2015
durchgeführt von Lukas (2015-08-11 20:38:14)
Gestartet von C:\Users\Lukas\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3103388830-3129877404-954900241-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3103388830-3129877404-954900241-1005 - Limited - Enabled)
Gast (S-1-5-21-3103388830-3129877404-954900241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3103388830-3129877404-954900241-1002 - Limited - Enabled)
Lukas (S-1-5-21-3103388830-3129877404-954900241-1001 - Administrator - Enabled) => C:\Users\Lukas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}) (Version: 3.2.0.0386 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{4835750F-F8A7-4D3C-A6A9-123E31C12AF8}) (Version: 4.1.0.0575 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASRock InstantBoot v1.24 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
Biohazard 6 Benchmark Tool (HKLM-x32\...\Steam App 231390) (Version: - Capcom)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CIB pdf brewer (HKLM\...\{6C97B34C-51D6-49FB-9FEC-C4669CA866EF}) (Version: 2.6.0044 - CIB software GmbH)
ClearProg 1.6.0 Final (HKLM-x32\...\ClearProg) (Version: 1.6.0 Final - Sven Hoffman)
Configuration DivX (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.11 - DivX, LLC)
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Draft Analyzer (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\790152df1a5783f8) (Version: 1.2.0.2 - StelmackSoft)
Driver Fusion (HKLM-x32\...\Steam App 233570) (Version: - )
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FMRTE 15.2.1.10 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.2.1.10 - FMRTE)
fmXML version 0.3 (HKLM-x32\...\fmXML_is1) (Version: - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version: - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
GamePlanAnalyzer (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\bc1f77244dd140f8) (Version: 1.0.0.7 - GamePlanAnalyzer)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX Scene Builder 1.1 (HKLM-x32\...\{AB468309-88EB-4250-BFEA-45479091102B}) (Version: 1.1 - Oracle)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nitro Reader 3 (HKLM\...\{4E1C1F33-BD77-4D84-8FEC-6DE9977BFBF2}) (Version: 3.5.2.10 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.0 (HKLM-x32\...\{CCA09491-F5C1-4D20-91A6-7F7E39769E94}) (Version: 3.0.9379 - OpenOffice.org)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smart Data Recovery v4.3 (HKLM-x32\...\Smart Data Recovery_is1) (Version: 4.3 - Smart PC Solutions)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{5A2E0110-0296-46C3-97E1-C6A0D36E898A}) (Version: 2.1.1.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Total Recorder 8.3 Standard Edition (HKLM-x32\...\TotalRecorder) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
Wise Registry Cleaner 8.66 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.66 - WiseCleaner.com, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
09-08-2015 14:18:47 Windows Update
09-08-2015 15:36:38 Wiederherstellungsvorgang
09-08-2015 16:03:29 Windows-Sicherung
09-08-2015 16:14:23 Wiederherstellungsvorgang
09-08-2015 17:06:22 Windows-Sicherung
09-08-2015 17:22:09 Windows Update
10-08-2015 01:24:26 DirectX wurde installiert
11-08-2015 20:08:25 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-08-10 19:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1AFA25B6-6145-4B33-9D55-0B283C7C7E21} - System32\Tasks\Opera scheduled Autoupdate 1393165213 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)
Task: {23771831-59AD-41EC-8AFC-B73B320555C8} - \WiseCleaner\WRCSkipUAC -> Keine Datei <==== ACHTUNG
Task: {2E7E0EDB-9E5D-4831-856B-A3E326C98736} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {307AA22C-D651-4ABE-8FA5-6C0703B00959} - System32\Tasks\{48E73758-AFEA-49D8-B3D2-DEEA09A9ADE5} => pcalua.exe -a "C:\Program Files (x86)\NCH Swift Sound\VRS\uninst.exe"
Task: {9DA00726-C9F7-4681-8642-E32D8FEF0D77} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D00BAFBD-5CA5-40AF-91FE-037DD8EC01E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {DCC6580A-3085-4B88-9288-6E9EF06454B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E14B03CF-8D73-4CC8-96D0-CF1D703ACFCC} - System32\Tasks\{8D26E614-C7B9-4FAE-8246-E32203F29745} => pcalua.exe -a "C:\Users\Lukas\Downloads\Sunbird_Setup_1.0_Beta_1 (1).exe" -d C:\Users\Lukas\Downloads
Task: {ED926A15-0909-49EF-B263-87A911E9DCDC} - System32\Tasks\{1EFA2FBD-92CC-4B31-A6D4-18C7BFB5A1C2} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Pesgalaxy.com Patch 2013\PESGalaxySwitch.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-16 02:37 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2009-01-26 21:58 - 2009-01-26 21:58 - 00969728 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 58599032 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\opera.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 01781368 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\libglesv2.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 00081528 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:A8AF8B49
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Classes\exefile: <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B946E0BA-D5BF-4D65-B2FF-BFE60A016948}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A87FE51F-CEED-40A6-8C1C-906181B42100}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D7A0D845-DCEC-4940-8DE4-6543D8B6B3AA}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1F14052A-15E9-410F-9BAA-EF1FB8E2280B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{0E043A6E-E302-450F-A233-EAE4BCEFAAB5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E80D421F-9E81-4D5F-BE13-4A9A4555F8A2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{2C366063-B893-4ED0-A232-80509F5AE30A}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7EDF11F7-7ABD-497E-A521-4A82C496C122}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{159A3875-6FAD-4448-96E0-5D02E7997425}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20CB0FAB-D58E-4A48-A0D9-00300D2B3E36}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B03AB44-0170-4157-A262-936071E4C924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8269810E-AFCA-4FE4-BBAE-B87A02C3867F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{18A211F4-0FAD-420C-8DAE-2A9E0366C3DA}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{602E03CD-9BE3-4A4B-88CA-F2AD3AF30094}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{B78A0275-0860-4712-85F4-DFA37A7FB7C4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6DC28745-B760-41F4-9B86-A885724A6020}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{13BCADAF-066A-47B6-9EFF-F60062149E9F}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EF79003E-439F-4E09-ADCF-3A18A6770885}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{D5AFBD1C-CD90-479E-AE97-BD0120C3DC04}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{B6164A22-FDEF-44E2-8192-463C60D21129}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{72B0AFE3-7775-4842-A01E-02D4E727CFD5}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{8229A504-B6B3-4C45-B592-9BC7E1963A91}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{3144577E-127F-49EF-9B69-D7BCE7F85DEF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{0BE05BE2-AD15-4684-AB03-B5E552AEA539}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7AEAFB64-05D2-41F8-BE5B-D6DEE5BDC554}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{6F247F3A-0E2F-4940-84A6-F888C53B6E35}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{AB07CAA1-130B-4429-8E80-86EEF2A75A97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{E79AEED7-8519-4F62-BB01-679EC0EB2074}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [TCP Query User{A991ACC9-B7B0-4CB6-899C-09CE3870A26E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{D02BC1BE-975F-4A5A-BDA3-9827CD7A607E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{FAFA5EE1-FF30-4AFD-8E82-BF5A16A5484B}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{B3356AE5-A086-4024-BF51-B055F9667E8F}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [{41ACF74E-625C-489D-9AA2-C666BB2E9F7E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{93ADF1B8-995F-4871-9532-CAECD72F2DAE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{C8154014-2D3D-4215-A1BC-E67F0F663B2F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1A2E9A96-FFF0-4D19-9B9B-36ED850E4AD2}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{8DE00F84-3A13-4F43-8529-E42EC4B86C1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe
FirewallRules: [{499ED506-0AA1-4A69-9AD2-21E857D80435}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe
FirewallRules: [TCP Query User{272A0C38-A1BC-4C3A-859C-18072AE987FE}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{7F7B9F58-243C-4F60-845E-E6260309749D}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{72698E50-CB25-421C-AFD6-FFD8ECA6A17D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F94DB783-9C7D-48F3-B3C4-D6D5C0B2047D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Biohazard 6 Benchmark Tool\BH6.exe
FirewallRules: [{17B6B42C-EB29-4A78-BB56-1448D0F534A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Biohazard 6 Benchmark Tool\BH6.exe
FirewallRules: [{1DD92EDF-934B-451F-AFA6-5858E03544C2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF62527A-1F5D-4194-B300-B112D7343405}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6CA65887-EEB0-476C-93A3-14AE1633CC4A}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{1731CFC2-C31C-4870-BBF2-FE96FA324E96}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{D86FCC0D-8B38-42E4-8153-12FE3567E63B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D14DC31-BC60-4474-B2EE-8F974A6A0877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB7757CF-A03D-4497-B979-71B6E909420C}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{37C9E266-14D0-44DF-9EE3-43F84D9F8D4C}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{CC160C3F-F24E-4340-8615-F7E9774716F9}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{A08D94F6-83B8-4E26-9D3E-D1DA50C8BD78}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Mafia II\pc\mafia2.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/11/2015 06:03:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (08/11/2015 12:01:03 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lukas-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
Error: (08/10/2015 10:26:04 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lukas-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
Error: (08/10/2015 07:38:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/10/2015 03:31:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 14.0.7151.5001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19b0
Startzeit: 01d0d3705eb0ecbd
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Berichts-ID: 12aec10b-3f64-11e5-b0bf-0025228d8296
Error: (08/10/2015 02:27:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/10/2015 12:36:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/10/2015 12:36:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/10/2015 02:49:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9766
Error: (08/10/2015 02:49:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9766
Systemfehler:
=============
Error: (08/11/2015 08:09:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/11/2015 08:09:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/11/2015 08:09:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sound Blaster X-Fi MB Licensing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "resegioninhelp" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RadeonPro Support Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NitroPDFReaderDriverCreatorReadSpool3" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LicCtrl Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/11/2015 08:09:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Foxit Cloud Safe Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (08/11/2015 06:03:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (08/11/2015 12:01:03 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lukas-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/10/2015 10:26:04 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lukas-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/10/2015 07:38:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/10/2015 03:31:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE14.0.7151.500119b001d0d3705eb0ecbd0C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE12aec10b-3f64-11e5-b0bf-0025228d8296
Error: (08/10/2015 02:27:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/10/2015 12:36:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/10/2015 12:36:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/10/2015 02:49:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9766
Error: (08/10/2015 02:49:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9766
CodeIntegrity:
===================================
Date: 2015-08-10 19:34:42.264
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-08-10 19:34:42.139
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:56.939
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:56.909
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:55.175
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:55.146
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:54.117
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:54.086
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:53.054
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:53.024
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8191.24 MB
Verfügbarer physikalischer RAM: 5684.27 MB
Summe virtueller Speicher: 16380.69 MB
Verfügbarer virtueller Speicher: 13528.27 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:133.7 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:279.39 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 91D9BB8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 590E3263)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== Ende von Ergebnis ============================
|
|
12.08.2015, 08:56
| #9 | |
| /// TB-Ausbilder | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Servus, Schritt 1 Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Schritt 2
|
|
12.08.2015, 10:28
| #10 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 hi, anbei der Link sowie die search.txt https://www.virustotal.com/de/file/e87b68e37621c181134f954be0e579179cab835ec46feebfb5da8c08ebd14cfb/analysis/1439371083/ search.txt Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
durchgeführt von Lukas (2015-08-12 11:23:57)
Gestartet von C:\Users\Lukas\Desktop
Start-Modus: Normal
================== Registry-Suche: "TTakeTThheCouPPoun;FIendBestDeAl;resegioninhelp" ===========
===================== Suchergebnis für "resegioninhelp" ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\resegioninhelp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\resegioninhelp]
"DisplayName"="resegioninhelp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\resegioninhelp]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\resegioninhelp]
"DisplayName"="resegioninhelp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\resegioninhelp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\resegioninhelp]
"DisplayName"="resegioninhelp"
====== Ende von Suche ======
|
|
12.08.2015, 12:17
| #11 |
| /// TB-Ausbilder | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
S2 resegioninhelp; C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe [7596652 2015-08-03] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\resegioninhelp
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
C:\Program Files\FIendBestDeAl
Task: {23771831-59AD-41EC-8AFC-B73B320555C8} - \WiseCleaner\WRCSkipUAC -> Keine Datei <==== ACHTUNG
Task: {E14B03CF-8D73-4CC8-96D0-CF1D703ACFCC} - System32\Tasks\{8D26E614-C7B9-4FAE-8246-E32203F29745} => pcalua.exe -a "C:\Users\Lukas\Downloads\Sunbird_Setup_1.0_Beta_1 (1).exe" -d C:\Users\Lukas\Downloads
AlternateDataStreams: C:\ProgramData\TEMP:A8AF8B49
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Classes\exefile: <===== ACHTUNG
FirewallRules: [{B78A0275-0860-4712-85F4-DFA37A7FB7C4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6DC28745-B760-41F4-9B86-A885724A6020}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{13BCADAF-066A-47B6-9EFF-F60062149E9F}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EF79003E-439F-4E09-ADCF-3A18A6770885}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{D5AFBD1C-CD90-479E-AE97-BD0120C3DC04}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{B6164A22-FDEF-44E2-8192-463C60D21129}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{72B0AFE3-7775-4842-A01E-02D4E727CFD5}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{8229A504-B6B3-4C45-B592-9BC7E1963A91}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{41ACF74E-625C-489D-9AA2-C666BB2E9F7E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{93ADF1B8-995F-4871-9532-CAECD72F2DAE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{C8154014-2D3D-4215-A1BC-E67F0F663B2F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1A2E9A96-FFF0-4D19-9B9B-36ED850E4AD2}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
Schritt 3 ESET Online Scanner
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
13.08.2015, 05:56
| #12 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Fixlog Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
durchgeführt von Lukas (2015-08-12 20:05:30) Run:1
Gestartet von C:\Users\Lukas\Desktop
Geladene Profile: Lukas (Verfügbare Profile: Lukas)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
S2 resegioninhelp; C:\Program Files (x86)\resegioninhelp\resegioninhelp.exe [7596652 2015-08-03] () [Datei ist nicht signiert] <==== ACHTUNG
C:\Program Files (x86)\resegioninhelp
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
C:\Program Files\FIendBestDeAl
Task: {23771831-59AD-41EC-8AFC-B73B320555C8} - \WiseCleaner\WRCSkipUAC -> Keine Datei <==== ACHTUNG
Task: {E14B03CF-8D73-4CC8-96D0-CF1D703ACFCC} - System32\Tasks\{8D26E614-C7B9-4FAE-8246-E32203F29745} => pcalua.exe -a "C:\Users\Lukas\Downloads\Sunbird_Setup_1.0_Beta_1 (1).exe" -d C:\Users\Lukas\Downloads
AlternateDataStreams: C:\ProgramData\TEMP:A8AF8B49
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Classes\exefile: <===== ACHTUNG
FirewallRules: [{B78A0275-0860-4712-85F4-DFA37A7FB7C4}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6DC28745-B760-41F4-9B86-A885724A6020}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{13BCADAF-066A-47B6-9EFF-F60062149E9F}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{EF79003E-439F-4E09-ADCF-3A18A6770885}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{D5AFBD1C-CD90-479E-AE97-BD0120C3DC04}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{B6164A22-FDEF-44E2-8192-463C60D21129}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{72B0AFE3-7775-4842-A01E-02D4E727CFD5}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{8229A504-B6B3-4C45-B592-9BC7E1963A91}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{41ACF74E-625C-489D-9AA2-C666BB2E9F7E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{93ADF1B8-995F-4871-9532-CAECD72F2DAE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{C8154014-2D3D-4215-A1BC-E67F0F663B2F}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1A2E9A96-FFF0-4D19-9B9B-36ED850E4AD2}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
RemoveProxy:
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
resegioninhelp => Dienst erfolgreich entfernt
C:\Program Files (x86)\resegioninhelp => erfolgreich verschoben.
C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben.
C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben.
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
C:\Program Files\FIendBestDeAl => erfolgreich verschoben.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23771831-59AD-41EC-8AFC-B73B320555C8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23771831-59AD-41EC-8AFC-B73B320555C8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E14B03CF-8D73-4CC8-96D0-CF1D703ACFCC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E14B03CF-8D73-4CC8-96D0-CF1D703ACFCC}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{8D26E614-C7B9-4FAE-8246-E32203F29745} => erfolgreich verschoben.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D26E614-C7B9-4FAE-8246-E32203F29745}" => Schlüssel erfolgreich entfernt
C:\ProgramData\TEMP => ":A8AF8B49" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":E8BE05FA" ADS erfolgreich entfernt.
"HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Classes\exefile" => Schlüssel erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B78A0275-0860-4712-85F4-DFA37A7FB7C4} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DC28745-B760-41F4-9B86-A885724A6020} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13BCADAF-066A-47B6-9EFF-F60062149E9F} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF79003E-439F-4E09-ADCF-3A18A6770885} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5AFBD1C-CD90-479E-AE97-BD0120C3DC04} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6164A22-FDEF-44E2-8192-463C60D21129} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72B0AFE3-7775-4842-A01E-02D4E727CFD5} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8229A504-B6B3-4C45-B592-9BC7E1963A91} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41ACF74E-625C-489D-9AA2-C666BB2E9F7E} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93ADF1B8-995F-4871-9532-CAECD72F2DAE} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8154014-2D3D-4215-A1BC-E67F0F663B2F} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A2E9A96-FFF0-4D19-9B9B-36ED850E4AD2} => Wert erfolgreich entfernt
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
EmptyTemp: => 744.4 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden..
==== Ende von Fixlog 20:09:19 ====
Emsisoft Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0
Letztes Update: 12.08.2015 20:29:07
Benutzerkonto: Lukas-PC\Lukas
Scan-Einstellungen:
Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien
PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 12.08.2015 20:31:40
Value: HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Gefunden: Application.AdGenie (A)
C:\ProgramData\ejmhjdnejnafgddmebbballeapibmodc\ejmhjdnejnafgddmebbballeapibmodc.crx -> pA_DIKbA.js Gefunden: Adware.MultiPlug.CY (B)
C:\settings.ini Gefunden: Gen:Adware.MPlug.1 (B)
Gescannt: 345676
Gefunden 12
Scan-Ende: 12.08.2015 21:10:00
Scan-Zeit: 0:38:20
C:\settings.ini Quarantäne Gen:Adware.MPlug.1 (B)
C:\ProgramData\ejmhjdnejnafgddmebbballeapibmodc\ejmhjdnejnafgddmebbballeapibmodc.crx Quarantäne Adware.MultiPlug.CY (B)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantäne Application.AdGenie (A)
Value: HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3103388830-3129877404-954900241-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Quarantäne 8
ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f22f9a8596c0f446a454ba6833e19233
# end=init
# utc_time=2015-08-12 08:16:00
# local_time=2015-08-12 10:16:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25250
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f22f9a8596c0f446a454ba6833e19233
# end=updated
# utc_time=2015-08-12 08:19:07
# local_time=2015-08-12 10:19:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f22f9a8596c0f446a454ba6833e19233
# engine=25250
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-13 02:54:15
# local_time=2015-08-13 04:54:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7835930 133612065 0 0
# scanned=1525061
# found=44
# cleaned=0
# scan_time=23707
sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lukas\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lukas\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=299687D1BDD313032F4E60C550EAED7392529074 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\2e@E.net\content\bg.js.vir"
sh=6D93133547D99321B916B3564CF25FDB1503554E ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\3z@r.org\content\bg.js.vir"
sh=BF5077C53EF5ED5B392E9440C75D8849827C01F1 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\5W@GH.edu\content\bg.js.vir"
sh=7D47D58460A03DB31F5FA86FF7A43600063C32B9 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\6es8av6j@s8.edu\content\bg.js.vir"
sh=8BB441E52DA8617D7FD910AAD198F39C89A615B6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\C@6J.org\content\bg.js.vir"
sh=F5D2AA5FF07268506015425CA8459D876FEBE3D8 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\nRkqrM@xomO.edu\content\bg.js.vir"
sh=6936C35AE56B1AED125F1F92ED947CF6AD65C7CA ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\oOX@YHNZ.com\content\bg.js.vir"
sh=2B8E60DFD612444330AA17B49CFF0ACC4E69B290 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\tDIp@PcE.org\content\bg.js.vir"
sh=9494534DA099B849D5D0781E098330E4D135DD73 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.I Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default\extensions\staged\u@5h.net\content\bg.js.vir"
sh=2BB405DEFD74AD06B02E933ACA325107E6FEC7AB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2013-11-24 040018\Backup Files 2013-12-01 040018\Backup files 17.zip"
sh=5B789700C85EB0683934D04D0AF43D2475B35AF2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2013-11-24 040018\Backup Files 2013-12-01 040018\Backup files 5.zip"
sh=75487269C1704E9C2A3D66873F2324F5A2DC19CE ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2013-11-24 040018\Backup Files 2013-12-01 040018\Backup files 6.zip"
sh=3EFC734F7CF5A5549C5FB6668A360B3B3EEDBEDD ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2013-11-24 040018\Backup Files 2013-12-01 040018\Backup files 9.zip"
sh=F966CAA05B2B6DE1442BA0342C0B7B1C14E65B9D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2013-11-24 040018\Backup Files 2013-12-15 040004\Backup files 3.zip"
sh=F9BE5F3576BA3D37A1909E71534EFF9D3B88C7C0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-17 142639\Backup Files 2014-02-17 142639\Backup files 10.zip"
sh=DF1A5782B37974C1FB7605E4326C23B43262354B ft=0 fh=0000000000000000 vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-17 142639\Backup Files 2014-02-17 142639\Backup files 11.zip"
sh=96954503B57D10F478D511FC83C94BF3738D5E7A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-17 142639\Backup Files 2014-02-17 142639\Backup files 13.zip"
sh=6E0DDA9D710C1A29C18D839E044B1A302DB54880 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-17 142639\Backup Files 2014-02-17 142639\Backup files 15.zip"
sh=31268179DA127622C70A3003376DDF46A6E2FB5C ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.AG evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-17 142639\Backup Files 2014-02-17 142639\Backup files 16.zip"
sh=9566297E9393246A172AEC47CD8DECFC3F36CB20 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-02-23 040015\Backup files 10.zip"
sh=98F930F9350072AE4C013ABC7071BAAD0174A0E1 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-02-23 040015\Backup files 11.zip"
sh=257DCA951F0000E490F2A6DF5F454E180980E8AD ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-02-23 040015\Backup files 13.zip"
sh=68CB6B00F8289010C6EBE8F40D10151A59C9A2E7 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-02-23 040015\Backup files 15.zip"
sh=8877D1C93C6DE293AA797103F8A12DA3A2766BA8 ft=0 fh=0000000000000000 vn="Variante von Win32/Amonetize.AG evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-02-23 040015\Backup files 16.zip"
sh=3F8FC63F23EE6A197144EC386148ED22419A852B ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-02-23 040015\Backup files 333.zip"
sh=E2C750113E391EBEDA381B396DA1D4889CF785A6 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-03-23 040010\Backup files 1.zip"
sh=F4539D051A22BECDE054D50F2BE69455DDFA43B5 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-04-21 163506\Backup files 1.zip"
sh=6983DF235E6392E9D063C251C803A24C199673FD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-02-23 040015\Backup Files 2014-04-21 163506\Backup files 2.zip"
sh=92A20C86DDF99B4FF845FAD8CF9AED2E3AD0CDE4 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-05-18 120907\Backup Files 2014-06-08 135828\Backup files 10.zip"
sh=28303DCB502D44096463D6B5EF153006318D1DC1 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-05-18 120907\Backup Files 2014-06-08 135828\Backup files 12.zip"
sh=19C80FB2B69355E8E4FB8ACEB6EBB03622508427 ft=0 fh=0000000000000000 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-05-18 120907\Backup Files 2014-06-08 135828\Backup files 15.zip"
sh=BFEBE0B598CAC2162D5001F7F4A522F57A9630E1 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2014-05-18 120907\Backup Files 2014-06-08 135828\Backup files 7.zip"
sh=D61F67CEADF35AB8C8493484AB4CB6C2A362FE25 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2014-05-18 120907\Backup Files 2014-06-08 135828\Backup files 8.zip"
sh=EB5DC82CAAF3010374ACEAF29A19C5BB5EDE8B45 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-03-01 124304\Backup Files 2015-03-01 124304\Backup files 12.zip"
sh=3BA3315FEE4A462CB902D50D898D301883ED258E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2015-03-01 124304\Backup Files 2015-03-01 124304\Backup files 13.zip"
sh=B13D219234BCA73415CC0CDAFD1C17C2A007CC51 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-03-01 124304\Backup Files 2015-03-01 124304\Backup files 14.zip"
sh=CE06A84423A37046114B848CB97C78F2A25BD861 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-03-01 124304\Backup Files 2015-03-01 124304\Backup files 19.zip"
sh=E057338E0CEF8DAA11A4BEFCCA08B9781A76DCE5 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-05-10 140250\Backup Files 2015-05-10 140250\Backup files 12.zip"
sh=3C817A068EA57AB0700091311FCD5A34BFB060DA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LUKAS-PC\Backup Set 2015-05-10 140250\Backup Files 2015-05-10 140250\Backup files 13.zip"
sh=6F04ABDE38D5206F900A0A3A4446BE214320B1C0 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-05-10 140250\Backup Files 2015-05-10 140250\Backup files 14.zip"
sh=92FC4C40AA6B6FBF2D791ABEA14F8BCD54530778 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-05-10 140250\Backup Files 2015-05-10 140250\Backup files 20.zip"
sh=C7418004757C9BDF08CE6BCD38CB41D0E8219C2F ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\LUKAS-PC\Backup Set 2015-05-10 140250\Backup Files 2015-05-10 140250\Backup files 21.zip"
FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015
durchgeführt von Lukas (Administrator) auf LUKAS-PC (13-08-2015 06:47:43)
Gestartet von C:\Users\Lukas\Desktop
Geladene Profile: Lukas (Verfügbare Profile: Lukas)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Windows\Runservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Fred's Software) C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Macrovision Europe Ltd.) C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.99\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-03-17] (Nullsoft, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk [2011-07-15]
ShortcutTarget: Printkey2000.lnk -> C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2014-06-05]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3103388830-3129877404-954900241-1001 -> {C84562DC-1C5F-407A-9249-FA145D0EF8A3} URL = hxxp://www.google.de/search?q={searchTerms}
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} hxxps://vpnssl1.cs.fh-nuernberg.de/NELX.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{36ED2503-3472-49B3-98F0-DD22FE2554CD}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{374433E6-840B-4DE2-8222-90A0D58C5370}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{61B76604-D8E8-4932-A814-365652761723}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{7E43D05F-1449-46D5-9A2D-B9D5D446AAFA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A6C7773B-0CAD-409B-BE74-D9ECF596AB76}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{BB33C0B5-43E6-4F0B-9097-FCB5D671036E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E8624FA6-16DD-4418-9AD2-DAD9CB3A259A}: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\47nu5o9o.default
FF Homepage: https://www.malwarebytes.org/restorebrowser//
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-24] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2010-02-19] (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-29]
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [oibhdbdejgpfhoddlpccabifnmmopchn] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ojkljipanbocbngapmmpflnkgmnohjhm] - <kein Path/update_url>
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Lukas\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-05-23]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2010-03-12] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Datei ist nicht signiert]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2015-03-16] () [Datei ist nicht signiert]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-17] (Electronic Arts)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [Datei ist nicht signiert]
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-03-16] (Creative Labs) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [56448 2012-02-10] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-02] (DT Soft Ltd)
R4 epp64; C:\EEK\bin\epp64.sys [136456 2015-08-12] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [854632 2010-12-31] (Realtek Semiconductor Corporation )
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-13 06:47 - 2015-08-13 06:49 - 00020683 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-08-12 22:15 - 2015-08-12 22:15 - 02870984 _____ (ESET) C:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
2015-08-12 22:09 - 2015-08-12 22:09 - 00006180 _____ C:\Users\Lukas\Desktop\scan_150812-203140.txt
2015-08-12 20:25 - 2015-08-12 20:25 - 00000743 _____ C:\Users\Lukas\Desktop\Start Emsisoft Emergency Kit.lnk
2015-08-12 20:24 - 2015-08-12 20:25 - 00000000 ____D C:\EEK
2015-08-12 20:21 - 2015-08-12 20:22 - 165936288 _____ C:\Users\Lukas\Desktop\EmsisoftEmergencyKit.exe
2015-08-12 20:11 - 2015-08-12 20:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-11 20:36 - 2015-08-13 06:46 - 00000000 ____D C:\Users\Lukas\Desktop\FRST-OlderVersion
2015-08-11 19:03 - 2015-08-11 19:03 - 19284168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-11 17:58 - 2015-08-11 18:03 - 00000000 ____D C:\AdwCleaner
2015-08-11 11:58 - 2015-08-11 11:58 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Lukas\Desktop\JRT.exe
2015-08-11 11:57 - 2015-08-11 11:57 - 02248704 _____ C:\Users\Lukas\Desktop\AdwCleaner_4.208.exe
2015-08-10 19:38 - 2015-08-10 19:38 - 00039754 _____ C:\ComboFix.txt
2015-08-10 19:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-10 19:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-10 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-10 19:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-10 19:15 - 2015-08-10 19:38 - 00000000 ____D C:\Qoobox
2015-08-10 19:14 - 2015-08-10 19:37 - 00000000 ____D C:\Windows\erdnt
2015-08-10 17:25 - 2015-08-10 17:26 - 05634368 ____R (Swearware) C:\Users\Lukas\Desktop\ComboFix.exe
2015-08-10 00:07 - 2015-08-13 06:47 - 00000000 ____D C:\FRST
2015-08-10 00:05 - 2015-08-10 00:05 - 00000168 _____ C:\Users\Lukas\defogger_reenable
2015-08-09 23:17 - 2015-08-13 06:46 - 02173952 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-08-09 23:17 - 2015-08-09 23:17 - 00380416 _____ C:\Users\Lukas\Desktop\Gmer-19357.exe
2015-08-09 23:14 - 2015-08-09 23:14 - 00050477 _____ C:\Users\Lukas\Desktop\Defogger.exe
2015-08-09 21:18 - 2015-08-12 20:11 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 21:18 - 2015-08-09 21:18 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-09 21:18 - 2015-08-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-09 21:18 - 2015-08-09 21:18 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-09 21:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 21:18 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-09 21:18 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-09 19:52 - 2015-08-09 19:55 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\WiseUpdate
2015-08-09 19:45 - 2015-08-11 20:09 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2015-08-09 19:45 - 2015-08-09 19:55 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\Wise Registry Cleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00001227 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-08-09 19:45 - 2015-08-09 19:45 - 00000000 ____D C:\Program Files (x86)\Wise
2015-08-09 17:22 - 2015-08-09 17:22 - 00000000 ____D C:\Windows\CheckSur
2015-08-09 17:12 - 2015-08-09 23:47 - 00000000 ____D C:\Program Files\Autofill IRCTC Tatkal FormPlugin Extension
2015-07-28 18:14 - 2015-07-28 18:14 - 00000222 _____ C:\Users\Lukas\Desktop\Football Manager 2015.url
2015-07-23 20:05 - 2015-07-23 20:05 - 00001019 _____ C:\Users\Public\Desktop\ClearProg.lnk
2015-07-23 20:05 - 2015-07-23 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
2015-07-23 20:05 - 2015-07-23 20:05 - 00000000 ____D C:\Program Files (x86)\ClearProg
2015-07-23 12:38 - 2015-07-23 12:38 - 00000000 ____D C:\Users\Lukas\Downloads\Vorlagen Bewerbung
2015-07-22 12:17 - 2015-07-22 12:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\CEF
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-13 06:03 - 2015-02-20 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-13 02:20 - 2011-03-16 01:18 - 01925559 _____ C:\Windows\WindowsUpdate.log
2015-08-12 22:08 - 2014-01-31 17:57 - 00000000 ____D C:\ProgramData\ejmhjdnejnafgddmebbballeapibmodc
2015-08-12 20:21 - 2009-07-14 06:45 - 00028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 20:21 - 2009-07-14 06:45 - 00028096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 20:12 - 2011-03-29 17:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-12 20:11 - 2011-03-16 01:50 - 00770270 _____ C:\Windows\PFRO.log
2015-08-12 20:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 20:11 - 2009-07-14 06:51 - 00089879 _____ C:\Windows\setupact.log
2015-08-12 20:05 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-12 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-08-11 19:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-11 19:27 - 2015-04-11 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-11 19:03 - 2015-02-20 19:43 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 19:03 - 2015-02-20 19:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 19:03 - 2015-02-20 19:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 18:02 - 2011-03-16 01:35 - 00000000 ____D C:\Users\Lukas
2015-08-11 09:57 - 2015-05-16 13:26 - 00000000 ____D C:\Users\Lukas\Documents\Bewerbungen 2015
2015-08-10 19:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-08-10 19:35 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-10 18:26 - 2014-06-26 14:44 - 00000000 ____D C:\Windows\SysWOW64\mjcm
2015-08-10 18:26 - 2014-06-26 14:44 - 00000000 ____D C:\Windows\system32\tprb
2015-08-10 01:26 - 2012-04-29 04:15 - 00000000 ____D C:\Users\Lukas\AppData\Local\2K Games
2015-08-10 01:26 - 2011-03-16 02:33 - 01348224 _____ C:\Windows\DirectX.log
2015-08-10 01:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SchCache
2015-08-10 00:19 - 2011-04-07 01:14 - 00000000 ____D C:\Users\Lukas\AppData\Local\CrashDumps
2015-08-09 23:47 - 2015-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\4chan Plus
2015-08-09 23:47 - 2015-05-20 20:15 - 00000000 ____D C:\Program Files\SiteLauncher
2015-08-09 23:47 - 2015-05-20 20:15 - 00000000 ____D C:\Program Files\SavuerExtEnseion
2015-08-09 23:47 - 2015-04-11 16:37 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 23:47 - 2014-02-23 16:20 - 00001111 _____ C:\Users\Public\Desktop\Opera.lnk
2015-08-09 23:47 - 2012-07-01 21:57 - 00000000 ____D C:\ProgramData\InstallMate
2015-08-09 21:18 - 2012-11-19 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 19:35 - 2011-07-21 21:41 - 00000000 ____D C:\ProgramData\TEMP
2015-08-09 16:56 - 2014-08-25 18:20 - 00000000 ____D C:\Users\Lukas\AppData\Local\SWDS
2015-08-09 16:52 - 2015-04-05 16:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-09 16:52 - 2014-02-23 16:20 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-09 16:52 - 2011-03-30 19:01 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\ScreeNet iSaver
2015-08-09 16:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-08-09 16:51 - 2011-10-30 21:58 - 00000000 ____D C:\Users\Lukas\AppData\Local\Sports Interactive
2015-08-09 16:27 - 2011-05-29 18:42 - 00000000 ____D C:\Users\Lukas\AppData\Local\Google
2015-08-06 14:32 - 2014-06-12 20:13 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1393165213
2015-08-06 13:49 - 2011-06-12 20:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 11:47 - 2014-12-11 21:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 19:57 - 2015-01-04 22:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-11-09 14:15 - 2015-06-28 00:15 - 0000265 _____ () C:\Users\Lukas\AppData\Roaming\WB.CFG
2014-11-11 20:34 - 2014-12-17 18:23 - 0000001 _____ () C:\Users\Lukas\AppData\Local\DSI.DAT
2013-10-13 01:35 - 2013-10-13 01:36 - 1065984 _____ () C:\Users\Lukas\AppData\Local\file__0.localstorage
2011-05-31 20:18 - 2011-05-31 20:18 - 0000093 _____ () C:\Users\Lukas\AppData\Local\fusioncache.dat
2011-09-23 17:34 - 2011-09-23 17:34 - 0001472 _____ () C:\Users\Lukas\AppData\Local\RecConfig.xml
2011-06-02 11:26 - 2013-10-19 07:39 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2011-11-17 00:18 - 2014-06-12 20:03 - 0017408 _____ () C:\Users\Lukas\AppData\Local\WebpageIcons.db
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-12 21:40
==================== Ende von Ergebnis ============================
Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-08-2015
durchgeführt von Lukas (2015-08-13 06:49:29)
Gestartet von C:\Users\Lukas\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3103388830-3129877404-954900241-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3103388830-3129877404-954900241-1005 - Limited - Enabled)
Gast (S-1-5-21-3103388830-3129877404-954900241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3103388830-3129877404-954900241-1002 - Limited - Enabled)
Lukas (S-1-5-21-3103388830-3129877404-954900241-1001 - Administrator - Enabled) => C:\Users\Lukas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{2F51311F-8A4B-4D17-9CB8-AAEACBBA9A92}) (Version: 3.2.0.0386 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{4835750F-F8A7-4D3C-A6A9-123E31C12AF8}) (Version: 4.1.0.0575 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASRock InstantBoot v1.24 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
Biohazard 6 Benchmark Tool (HKLM-x32\...\Steam App 231390) (Version: - Capcom)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CIB pdf brewer (HKLM\...\{6C97B34C-51D6-49FB-9FEC-C4669CA866EF}) (Version: 2.6.0044 - CIB software GmbH)
ClearProg 1.6.0 Final (HKLM-x32\...\ClearProg) (Version: 1.6.0 Final - Sven Hoffman)
Configuration DivX (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.11 - DivX, LLC)
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
Draft Analyzer (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\790152df1a5783f8) (Version: 1.2.0.2 - StelmackSoft)
Driver Fusion (HKLM-x32\...\Steam App 233570) (Version: - )
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FMRTE 15.2.1.10 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.2.1.10 - FMRTE)
fmXML version 0.3 (HKLM-x32\...\fmXML_is1) (Version: - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version: - Sports Interactive)
Football Manager 2015 Editor (HKLM-x32\...\Steam App 295350) (Version: - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
GamePlanAnalyzer (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\bc1f77244dd140f8) (Version: 1.0.0.7 - GamePlanAnalyzer)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX Scene Builder 1.1 (HKLM-x32\...\{AB468309-88EB-4250-BFEA-45479091102B}) (Version: 1.1 - Oracle)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nitro Reader 3 (HKLM\...\{4E1C1F33-BD77-4D84-8FEC-6DE9977BFBF2}) (Version: 3.5.2.10 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.0 (HKLM-x32\...\{CCA09491-F5C1-4D20-91A6-7F7E39769E94}) (Version: 3.0.9379 - OpenOffice.org)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PrintKey2000 (HKLM-x32\...\PrintKey2000) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smart Data Recovery v4.3 (HKLM-x32\...\Smart Data Recovery_is1) (Version: 4.3 - Smart PC Solutions)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{5A2E0110-0296-46C3-97E1-C6A0D36E898A}) (Version: 2.1.1.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Total Recorder 8.3 Standard Edition (HKLM-x32\...\TotalRecorder) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3103388830-3129877404-954900241-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
Wise Registry Cleaner 8.66 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.66 - WiseCleaner.com, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
11-08-2015 20:08:25 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-08-10 19:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1AFA25B6-6145-4B33-9D55-0B283C7C7E21} - System32\Tasks\Opera scheduled Autoupdate 1393165213 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)
Task: {2E7E0EDB-9E5D-4831-856B-A3E326C98736} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {307AA22C-D651-4ABE-8FA5-6C0703B00959} - System32\Tasks\{48E73758-AFEA-49D8-B3D2-DEEA09A9ADE5} => pcalua.exe -a "C:\Program Files (x86)\NCH Swift Sound\VRS\uninst.exe"
Task: {9DA00726-C9F7-4681-8642-E32D8FEF0D77} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D00BAFBD-5CA5-40AF-91FE-037DD8EC01E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {DCC6580A-3085-4B88-9288-6E9EF06454B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {ED926A15-0909-49EF-B263-87A911E9DCDC} - System32\Tasks\{1EFA2FBD-92CC-4B31-A6D4-18C7BFB5A1C2} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Pesgalaxy.com Patch 2013\PESGalaxySwitch.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-01-10 14:49 - 2011-01-10 14:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2015-03-16 04:03 - 2015-03-16 04:03 - 00002560 _____ () C:\Windows\runservice.exe
2011-03-16 02:37 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-21 20:56 - 2011-03-21 20:56 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-16 04:03 - 2015-03-16 04:03 - 00045056 _____ () C:\Windows\mmfs.dll
2013-03-12 18:10 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 18:32 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 18:32 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 18:32 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 20:52 - 2015-07-24 01:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 04:04 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-14 06:44 - 2015-07-24 01:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 12:16 - 2015-07-07 22:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2009-01-26 21:58 - 2009-01-26 21:58 - 00969728 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-08-12 20:12 - 2015-08-12 20:12 - 00697884 _____ () C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp
2015-08-12 20:12 - 2015-08-12 20:12 - 00592896 _____ () C:\Users\Lukas\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp
2011-03-16 01:49 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2011-03-16 01:49 - 2009-04-20 12:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-03-29 17:34 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 58599032 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\opera.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 01781368 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\libglesv2.dll
2015-08-06 14:32 - 2015-08-06 14:32 - 00081528 _____ () C:\Program Files (x86)\Opera\31.0.1889.99\libegl.dll
2015-08-11 19:03 - 2015-08-11 19:03 - 16392904 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_232.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3103388830-3129877404-954900241-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B946E0BA-D5BF-4D65-B2FF-BFE60A016948}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A87FE51F-CEED-40A6-8C1C-906181B42100}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D7A0D845-DCEC-4940-8DE4-6543D8B6B3AA}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1F14052A-15E9-410F-9BAA-EF1FB8E2280B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{0E043A6E-E302-450F-A233-EAE4BCEFAAB5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E80D421F-9E81-4D5F-BE13-4A9A4555F8A2}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{2C366063-B893-4ED0-A232-80509F5AE30A}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7EDF11F7-7ABD-497E-A521-4A82C496C122}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{159A3875-6FAD-4448-96E0-5D02E7997425}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20CB0FAB-D58E-4A48-A0D9-00300D2B3E36}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B03AB44-0170-4157-A262-936071E4C924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8269810E-AFCA-4FE4-BBAE-B87A02C3867F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{18A211F4-0FAD-420C-8DAE-2A9E0366C3DA}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{602E03CD-9BE3-4A4B-88CA-F2AD3AF30094}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{3144577E-127F-49EF-9B69-D7BCE7F85DEF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{0BE05BE2-AD15-4684-AB03-B5E552AEA539}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7AEAFB64-05D2-41F8-BE5B-D6DEE5BDC554}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{6F247F3A-0E2F-4940-84A6-F888C53B6E35}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{AB07CAA1-130B-4429-8E80-86EEF2A75A97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [{E79AEED7-8519-4F62-BB01-679EC0EB2074}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\amd driver updater, vista and 7, 64 bit\Setup.exe
FirewallRules: [TCP Query User{A991ACC9-B7B0-4CB6-899C-09CE3870A26E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{D02BC1BE-975F-4A5A-BDA3-9827CD7A607E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{FAFA5EE1-FF30-4AFD-8E82-BF5A16A5484B}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{B3356AE5-A086-4024-BF51-B055F9667E8F}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Allow) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [{8DE00F84-3A13-4F43-8529-E42EC4B86C1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe
FirewallRules: [{499ED506-0AA1-4A69-9AD2-21E857D80435}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Driver Fusion\DriverFusion.exe
FirewallRules: [TCP Query User{272A0C38-A1BC-4C3A-859C-18072AE987FE}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{7F7B9F58-243C-4F60-845E-E6260309749D}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{72698E50-CB25-421C-AFD6-FFD8ECA6A17D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F94DB783-9C7D-48F3-B3C4-D6D5C0B2047D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Biohazard 6 Benchmark Tool\BH6.exe
FirewallRules: [{17B6B42C-EB29-4A78-BB56-1448D0F534A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Biohazard 6 Benchmark Tool\BH6.exe
FirewallRules: [{1DD92EDF-934B-451F-AFA6-5858E03544C2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF62527A-1F5D-4194-B300-B112D7343405}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6CA65887-EEB0-476C-93A3-14AE1633CC4A}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{1731CFC2-C31C-4870-BBF2-FE96FA324E96}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015 Editor\editor.exe
FirewallRules: [{D86FCC0D-8B38-42E4-8153-12FE3567E63B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D14DC31-BC60-4474-B2EE-8F974A6A0877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB7757CF-A03D-4497-B979-71B6E909420C}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{37C9E266-14D0-44DF-9EE3-43F84D9F8D4C}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Football Manager 2015\fm.exe
FirewallRules: [{CC160C3F-F24E-4340-8615-F7E9774716F9}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{A08D94F6-83B8-4E26-9D3E-D1DA50C8BD78}] => (Allow) D:\Steam Ordner 2\SteamApps\common\Mafia II\pc\mafia2.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/13/2015 06:42:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/13/2015 05:22:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 10:15:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 10:15:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 10:15:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 10:15:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 08:20:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 08:12:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (08/12/2015 11:49:52 AM) (Source: MsiInstaller) (EventID: 1013) (User: Lukas-PC)
Description: Product: NVIDIA PhysX -- Installation terminated
Error: (08/11/2015 06:03:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Systemfehler:
=============
Error: (08/13/2015 05:31:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/13/2015 05:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/13/2015 05:29:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/13/2015 05:28:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/13/2015 02:20:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/12/2015 10:19:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/12/2015 10:19:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/12/2015 10:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/12/2015 10:19:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/12/2015 10:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office:
=========================
Error: (08/13/2015 06:42:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/13/2015 05:22:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (08/12/2015 10:15:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/12/2015 10:15:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/12/2015 10:15:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/12/2015 10:15:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/12/2015 08:20:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\$Recycle.Bin\S-1-5-21-3103388830-3129877404-954900241-1001\$R7RLQI1.exe
Error: (08/12/2015 08:12:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (08/12/2015 11:49:52 AM) (Source: MsiInstaller) (EventID: 1013) (User: Lukas-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/11/2015 06:03:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
CodeIntegrity:
===================================
Date: 2015-08-10 19:34:42.264
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-08-10 19:34:42.139
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:56.939
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:56.909
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:55.175
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:55.146
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:54.117
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:54.086
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:53.054
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-27 16:51:53.024
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 8191.24 MB
Verfügbarer physikalischer RAM: 4879.74 MB
Summe virtueller Speicher: 16380.69 MB
Verfügbarer virtueller Speicher: 12515.16 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:138.18 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:279.39 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 91D9BB8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 590E3263)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== Ende von Ergebnis ============================
|
|
13.08.2015, 11:56
| #13 |
| /// TB-Ausbilder | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Servus, Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. |
|
13.08.2015, 14:58
| #14 |
| | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 FSS Code:
ATTFilter Farbar Service Scanner Version: 26-07-2015
Ran by Lukas (administrator) on 13-08-2015 at 13:29:17
Running from "C:\Users\Lukas\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
14.08.2015, 11:26
| #15 |
| /// TB-Ausbilder | Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002 Servus, bevor wir weitermachen, habe ich noch eine Frage: Bekommst du immer noch die genannte Fehlermeldung vom Windows Update? |
|
Linear-Darstellung
