| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer seid 1 Woche ungewöhnlich langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.09.2015, 14:15
| #1 |
 |  Computer seid 1 Woche ungewöhnlich langsam Guten Tag Trojaner-Board Team, seid ca. einer Woche ist mein Computer ungewöhnlich langsam und auch das starten von Webseiten dauert überdurchschnittlich lange! Aber nur das erstmalige starten einer Webseite dauert lange, sobald der Computer einmal warm geworden ist geht es wieder schneller. Ich hoffe ihr habt mein Problem verstanden und könnt mir schnellst möglich helfen. MFG feuerstein98 |
|
09.09.2015, 14:39
| #2 |
| /// the machine /// TB-Ausbilder    | Computer seid 1 Woche ungewöhnlich langsam hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.09.2015, 16:29
| #3 |
| | Computer seid 1 Woche ungewöhnlich langsam Guten Abend,
__________________danke für die schnelle Antworten! Hier sind die von ihnen angeforderten txt-Dokumente: FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
durchgeführt von User (Administrator) auf USER-PC (09-09-2015 17:25:05)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hi-Rez Studios) D:\spiele\Smite\HiPatchService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Run: [RazerCortex] => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe -autorun
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-08-28] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D19DB10C-7A53-48DE-9229-AE6103467CAA}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-11-15] (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-23] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: YouTube Center - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-02-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Plugin: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\internal-nacl-plugin Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll Keine Datei
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll Keine Datei
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll Keine Datei
CHR Plugin: (Java(TM) Platform SE 8 U31) - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll Keine Datei
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll Keine Datei
CHR Plugin: (ArcPlugin) - D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Steam inventory helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-07-26]
CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-07]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Lounge Assistant) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2015-07-26]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ArcService; D:\Arc\ArcService.exe [88584 2015-04-09] (Perfect World Entertainment Inc)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
R2 HiPatchService; D:\spiele\Smite\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S4 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2007048 2015-08-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-10] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-09 17:25 - 2015-09-09 17:25 - 00017212 _____ C:\Users\User\Desktop\FRST.txt
2015-09-09 17:24 - 2015-09-09 17:25 - 00000000 ____D C:\FRST
2015-09-09 17:23 - 2015-09-09 17:23 - 01692160 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ___RD C:\Program Files\Skype
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-12 15:09 - 2015-08-12 15:09 - 00008804 _____ C:\Users\User\Documents\Stunden plan.xlsx
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-09 17:14 - 2015-04-19 19:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-09 17:13 - 2012-01-20 17:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-09-09 16:44 - 2015-02-01 17:01 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-09 16:31 - 2011-01-03 17:46 - 01813166 _____ C:\Windows\WindowsUpdate.log
2015-09-09 16:23 - 2011-11-12 20:51 - 00000000 ____D C:\Program Files\Steam
2015-09-09 16:22 - 2015-06-27 16:20 - 00000000 ____D C:\Users\User\Desktop\Neben Programme
2015-09-09 16:15 - 2011-05-28 10:08 - 00000000 ____D C:\Users\User\Documents\Spiele
2015-09-09 16:13 - 2011-11-29 15:19 - 00000000 ____D C:\Users\User\Bilder
2015-09-09 16:08 - 2012-12-25 13:07 - 00000000 ____D C:\Program Files\Adobe
2015-09-09 16:08 - 2009-07-14 06:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 16:08 - 2009-07-14 06:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 16:07 - 2011-01-16 11:23 - 00000000 ____D C:\Program Files\EA GAMES
2015-09-09 16:06 - 2011-05-03 14:16 - 00000000 ____D C:\Program Files\Electronic Arts
2015-09-09 16:05 - 2011-01-04 16:52 - 00000000 ____D C:\Program Files\LucasArts
2015-09-09 16:01 - 2015-02-01 17:01 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 16:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 16:01 - 2009-07-14 06:39 - 00248652 _____ C:\Windows\setupact.log
2015-09-09 14:54 - 2015-06-23 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\GameRanger
2015-09-06 11:36 - 2014-07-19 22:43 - 00000000 ____D C:\Program Files\OBS
2015-09-05 23:35 - 2013-10-31 15:21 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2015-09-04 15:00 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-31 19:08 - 2012-10-20 10:42 - 00000000 ___RD C:\Users\User\Desktop\videosmacher
2015-08-31 15:09 - 2012-04-20 18:15 - 00000000 ____D C:\Program Files\Origin
2015-08-31 15:09 - 2011-10-08 12:34 - 00000000 ____D C:\ProgramData\Origin
2015-08-29 11:53 - 2015-08-01 18:54 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2015-08-28 15:02 - 2014-09-07 07:28 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-08-22 08:28 - 2011-04-28 13:04 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-08-19 19:27 - 2012-01-20 17:38 - 00000000 ____D C:\ProgramData\Skype
2015-08-13 15:20 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-13 15:18 - 2013-04-01 18:36 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2015-08-12 15:14 - 2015-04-19 19:24 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 15:14 - 2015-04-19 19:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2012-10-18 10:20 - 2014-10-25 22:29 - 0138056 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2012-01-12 15:36 - 2013-12-01 10:10 - 0006656 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\temp\drm_dyndata_7380014.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-28 19:53
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:07-09-2015
durchgeführt von User (2015-09-09 17:25:43)
Gestartet von C:\Users\User\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-01-03 15:48:49)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2980554796-842610410-1348767362-500 - Administrator - Disabled)
Gast (S-1-5-21-2980554796-842610410-1348767362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2980554796-842610410-1348767362-1003 - Limited - Enabled)
Schule (S-1-5-21-2980554796-842610410-1348767362-1001 - Limited - Enabled)
User (S-1-5-21-2980554796-842610410-1348767362-1000 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Alliance of Valiant Arms (HKLM\...\Steam App 102700) (Version: - )
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Assassin's Creed IV Black Flag (HKLM\...\Uplay Install 273) (Version: - Ubisoft)
ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Blender (HKLM\...\Blender) (Version: 2.70 - Blender Foundation)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version: - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
Combat Arms EU (HKLM\...\Combat Arms EU) (Version: - )
COMPUTERBILD Vorteil-Center (HKLM\...\{B7E68A6D-1C9B-4F18-B021-949115021714}) (Version: 1.1.23 - J3S)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CSS FULL DZ [Oct 15 2007] v18.1 (HKLM\...\CSS FULL DZ [Oct 15 2007]) (Version: v18.1 - GrCs2Ek~)
Cyperia (HKLM\...\{CA9F6B5A-2C32-4CB3-8635-390AB45A8C49}) (Version: 2.0 - Cyperia)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Der Herr der Ringe® - Die Eroberung™ (HKLM\...\{628C3D50-F524-4C49-A958-672CE7953756}) (Version: 1.0.0.1 - Electronic Arts)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
EA SPORTS online 2008 (HKLM\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{17DBC9A6-D723-45E7-8D4C-7C00478B06AB}) (Version: 4.2.64.12 - ESET, spol. s r.o.)
FIFA 08 (HKLM\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
FIFA 12 (HKLM\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 12 DEMO (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.7.0.0 - Electronic Arts)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Gothic 1 (HKLM\...\Gothic 1_is1) (Version: - piranha bytes / Pluto 13 GmbH)
Gothic 3 - Götterdämmerung (HKLM\...\{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}) (Version: 1.0.0 - JoWooD)
Gothic 3 Enhanced Edition (HKLM\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version: - Nordic Games GmbH)
Gothic II (HKLM\...\Gothic II) (Version: - JoWooD Productions Software AG)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MK LOL (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MK LOL) (Version: - )
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.4.0 (HKLM\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Need for Speed™ Most Wanted (HKLM\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - )
Nero 9 Essentials (HKLM\...\{c7d5c462-67fb-4dbf-bbed-5d3a6782ab53}) (Version: - Nero AG)
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Pflanzen gegen Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pokémon Trading Card Game Online (HKLM\...\{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}) (Version: 1.0.0 - The Pokémon Company International)
Prince of Persia T2T (HKLM\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: - )
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.1.2598.3 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Wars Battlefront II (HKLM\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll Keine Datei
==================== Wiederherstellungspunkte =========================
03-07-2015 00:49:19 Windows Update
03-07-2015 11:37:29 Windows Update
04-07-2015 16:21:16 Windows Update
05-07-2015 00:48:09 Windows Update
06-07-2015 00:27:07 Windows Update
06-07-2015 13:37:33 Windows Update
07-07-2015 16:42:58 Windows Update
08-07-2015 00:02:05 Windows Update
08-07-2015 14:30:42 Windows Update
09-07-2015 00:00:48 Windows Update
18-07-2015 19:59:54 Geplanter Prüfpunkt
20-07-2015 10:30:49 Installed Cyperia
21-07-2015 10:51:06 DirectX wurde installiert
01-08-2015 16:22:26 Geplanter Prüfpunkt
07-08-2015 18:06:24 Windows Live Essentials
07-08-2015 18:08:21 DirectX wurde installiert
07-08-2015 18:09:19 DirectX wurde installiert
07-08-2015 18:09:51 DirectX wurde installiert
07-08-2015 18:10:39 WLSetup
09-09-2015 14:52:12 Removed Cyperia
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2015-04-22 10:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05120B8B-C9DE-45FC-9414-DBA168ED6D8B} - System32\Tasks\{E508EDB1-1B6A-4EA8-830D-D44E42906B27} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {1421F044-ADF3-4C7C-A191-C8CACD873A48} - System32\Tasks\{FEF0A5D1-6CDF-47BC-81E0-1C25A73A5752} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM
Task: {15B5DF3F-4AFE-4472-B571-45896165BF35} - System32\Tasks\{8809A844-0BD9-45AC-A222-EC9108A254D6} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads
Task: {259AD77B-4EC5-4251-A982-D02CBD004402} - System32\Tasks\{A0505260-AA58-4B75-B1FB-87B2A2D6ADF5} => pcalua.exe -a C:\Users\User\Downloads\forge-1.7.10-10.13.4.1481-1.7.10-installer-win.exe -d C:\Users\User\Downloads
Task: {322E0348-EBBF-45B1-9FA6-0C973E67FE94} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2980554796-842610410-1348767362-1000
Task: {3549C950-29F9-46B9-A936-3A458947605E} - System32\Tasks\{F5EDFF58-A2BC-474B-AC45-0E5F420215B4} => pcalua.exe -a E:\GameData\Setup.exe -d E:\GameData
Task: {3D4039EC-0416-4BEF-8D9E-B6B9DC060277} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {4027F474-BEE3-4DE0-B6A2-F26EFF3CD23F} - System32\Tasks\{F20100F3-14DB-4979-A131-4C12A05FD21E} => pcalua.exe -a C:\Users\User\Downloads\forge-1.8-11.14.1.1334-installer-win.exe -d C:\Users\User\Downloads
Task: {475E2569-8439-4132-B16B-0E44BF32D308} - System32\Tasks\{838FC016-6ACC-4D83-B395-F7493C30349F} => pcalua.exe -a "C:\Program Files\FreePDF_XP\fpsetup.exe" -c /r
Task: {68EF275A-B886-4DF1-A8F8-BB779E5FC566} - System32\Tasks\{6D88BA9D-A75C-442D-8EE9-D17B3A113591} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {7EE6D388-C5F4-494B-9232-E96182BA6C53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {8731A314-35C5-4C9A-A99E-5AA06433A6AB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {880C4242-24EC-4920-BD4A-E3C79724E728} - System32\Tasks\{C3F92471-0511-49E0-B693-2A386AEB2999} => C:\Program Files\LucasArts\SWKotOR\launcher.exe
Task: {893855DB-7DF0-4DA0-87D7-73123A1BD8AA} - System32\Tasks\{2D6C65C4-2C0B-4F21-8248-58EA50F02A36} => pcalua.exe -a C:\Users\User\Downloads\forge-1.8-11.14.3.1446-installer-win.exe -d C:\Users\User\Downloads
Task: {9231CDF8-2D54-4ED5-951C-996F2DA5FF5F} - System32\Tasks\{8F5D5210-C65D-4549-805A-6DE25EE1229B} => C:\Program Files\LucasArts\SWKotOR\launcher.exe
Task: {929BA8E8-38E7-4D33-BA7D-C2064ED92D48} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {BA00065C-B03F-4E96-A41D-9E59C114DCE1} - System32\Tasks\{97E13E45-1F1A-4D12-9331-83F64BD28E6F} => C:\Users\User\Desktop\Counter Strike\Counter Strike 1.6 Reloaded\cstrike.exe
Task: {BFFC4BD8-2106-4769-B998-C0A704442B42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {C53BF50B-E714-4703-BDD5-224FBB68E2C3} - System32\Tasks\{C28A8C08-CCD2-48B3-A136-ED1FB78A4741} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {CF8CD24A-A2F2-4605-B3ED-1E4E52EC3783} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E7B89EAC-0E88-4443-BF15-92AA2629C65B} - System32\Tasks\{6DC09059-B610-42C9-967D-A0B334A4A10A} => C:\Program Files\LucasArts\SWKotOR\launcher.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-01-03 18:23 - 2005-01-06 19:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-07-10 19:39 - 2015-01-10 21:45 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-10-25 08:39 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-09-04 15:49 - 2015-08-28 02:17 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 15:49 - 2015-08-28 02:17 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libegl.dll
2013-03-12 18:10 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-20 18:10 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-01-20 18:10 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-20 18:10 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-23 14:58 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files\Steam\video.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2011-11-12 20:52 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-07-22 18:44 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files\Steam\bin\openvr_api.dll
2011-11-12 20:52 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files\Steam\bin\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT2
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 11202 mehr eingeschränkte Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: EhttpSrv => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MKLOL => "C:\Program Files\MKJogo\MKLOL\Bin\MKIM.exe" -auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5C89F710-4ABC-4FD3-9196-DEED5D6530D2}] => (Allow) C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [{63BCB089-0826-4392-9FB6-58690C572F2B}] => (Allow) C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [TCP Query User{C7E8BE54-08BE-4CCC-89BF-B8C5B4CA257A}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe] => (Block) C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [UDP Query User{F8235707-D525-4B1C-A117-5A066D1FD049}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe] => (Block) C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [TCP Query User{F9AC659B-470C-4810-A92C-B70138EB1D52}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{69D77CC3-C9B5-4862-81E0-4DE6559115A1}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [TCP Query User{84FD5F19-A5CB-4398-BF40-E8D01F689502}C:\users\user\documents\battlefield 2\bf2_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2_w32ded.exe
FirewallRules: [UDP Query User{0F51D291-94EA-44C7-B6DF-8C27C59B9687}C:\users\user\documents\battlefield 2\bf2_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2_w32ded.exe
FirewallRules: [TCP Query User{408B0663-90D9-4882-88BB-D3C45C1D4BEA}C:\users\user\documents\cod 4 mw\iw3mp.exe] => (Allow) C:\users\user\documents\cod 4 mw\iw3mp.exe
FirewallRules: [UDP Query User{0A741A9F-622D-42E0-93AB-B732A66B179A}C:\users\user\documents\cod 4 mw\iw3mp.exe] => (Allow) C:\users\user\documents\cod 4 mw\iw3mp.exe
FirewallRules: [TCP Query User{0F37C278-9645-4012-901A-A8A1C1BC21F1}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [UDP Query User{0DEA594D-2D43-49E2-9901-EB4A170674A8}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [TCP Query User{507B2A52-BA10-4CA3-8422-A109746604DB}C:\program files\valve\counter-strike source\hl2.exe] => (Block) C:\program files\valve\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{4F0C312B-FBA8-432A-BE31-DAE339AB39F6}C:\program files\valve\counter-strike source\hl2.exe] => (Block) C:\program files\valve\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{02A9D0DA-9CD4-4210-A756-6A81DF65DDDE}C:\users\user\documents\battlefield 2\bf2voipserver.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver.exe
FirewallRules: [UDP Query User{6ABC7435-D48A-4A9A-BF1E-A705EC84F72A}C:\users\user\documents\battlefield 2\bf2voipserver.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver.exe
FirewallRules: [TCP Query User{4AFCEFDE-E935-462F-8EDD-62FE0FF3708F}C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe
FirewallRules: [UDP Query User{31FCE11E-46A3-4FF0-B1BC-C40964A5C3FE}C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe
FirewallRules: [{9B6FA295-CED4-4EE9-A541-4E0D4AB1DB89}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{1A0CB137-B936-4D62-8AFF-2C7388EA1086}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [TCP Query User{E9C1DC0A-30CF-478D-8317-38324553AC4D}D:\gp3.exe] => (Allow) D:\gp3.exe
FirewallRules: [UDP Query User{FA85D081-3590-4540-B9BE-7AE9EB2DB1CF}D:\gp3.exe] => (Allow) D:\gp3.exe
FirewallRules: [{4820DBEE-C665-443F-A65A-83055CE61E52}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{C9849DCC-0038-4854-A704-7375FB2BEB8B}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{426471A7-CE4B-4B84-9FBE-AE0F90B9AD89}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{9E591538-2838-471C-8854-41E8E7EC3418}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [TCP Query User{1FEECFE1-4BA1-4161-9114-74DBC1C96D88}D:\spiele\counter-strike source\hl2.exe] => (Block) D:\spiele\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{2CA2FE3B-FD52-47EB-B373-B6A7E87D829A}D:\spiele\counter-strike source\hl2.exe] => (Block) D:\spiele\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{53D4DF15-9487-490A-BCA0-85D0264F4076}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{46C05F57-B740-41B7-AF50-B3C6628F5ABA}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{7D2EAE6B-D4D6-4E29-8AB3-537D951A0402}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe] => (Allow) C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe
FirewallRules: [UDP Query User{0D5D7AD0-A48B-409B-B753-4441C9908112}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe] => (Allow) C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe
FirewallRules: [TCP Query User{B4559D05-28E2-4AE6-ACB7-D752EFB6868E}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe] => (Allow) C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe
FirewallRules: [UDP Query User{21C5E3B3-6C11-4E7F-B826-EFC0ACB80AC1}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe] => (Allow) C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe
FirewallRules: [TCP Query User{F76F144E-1F0F-411A-9489-322BD18535BD}C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe
FirewallRules: [UDP Query User{A6D15716-31B3-4484-A5C0-02ED188AE3D0}C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe
FirewallRules: [TCP Query User{0321EA23-E509-4C47-BE82-654F8F314948}C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe
FirewallRules: [UDP Query User{D04090BF-4118-4F6E-8287-795CCFF9A56C}C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe
FirewallRules: [{070A0BA6-DE24-4259-90A5-040FD7FD1EBD}] => (Allow) D:\Company OF Heros\RelicCOH.exe
FirewallRules: [{CCABCA9E-18ED-4863-9D61-6498F39E11A6}] => (Allow) D:\Company OF Heros\RelicCOH.exe
FirewallRules: [{52E65720-45D1-4AFB-86F2-2125245961C3}] => (Allow) D:\Company OF Heros\RelicDownloader\RelicDownloader.exe
FirewallRules: [{BAB15634-D13F-49D0-91AF-694BD8543116}] => (Allow) D:\Company OF Heros\RelicDownloader\RelicDownloader.exe
FirewallRules: [TCP Query User{4E2E0AE9-1958-454B-87EE-2BE275DFD217}D:\spiele\battlefront 2\gamedata\battlefrontii.exe] => (Allow) D:\spiele\battlefront 2\gamedata\battlefrontii.exe
FirewallRules: [UDP Query User{5CE0C6DC-B44C-4916-9838-748F9E0725EC}D:\spiele\battlefront 2\gamedata\battlefrontii.exe] => (Allow) D:\spiele\battlefront 2\gamedata\battlefrontii.exe
FirewallRules: [TCP Query User{162681B4-C80E-4123-B50D-D280700D37A5}C:\users\user\desktop\longdong2\metin2client.bin] => (Allow) C:\users\user\desktop\longdong2\metin2client.bin
FirewallRules: [UDP Query User{6A0C7431-900B-464B-A682-BED1A88BDB8F}C:\users\user\desktop\longdong2\metin2client.bin] => (Allow) C:\users\user\desktop\longdong2\metin2client.bin
FirewallRules: [{017B6D88-E24B-46F2-93BA-90EF6B0F3994}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{91F27B67-5AB4-4420-A7F0-65D5CBBC3704}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{C1555A24-B404-4322-B40F-B20508830C95}] => (Allow) C:\Program Files\Origin Games\FIFA 12\Game\fifa.exe
FirewallRules: [{E97BF41B-4392-4FAE-99EB-8E19C937A45D}] => (Allow) C:\Program Files\Origin Games\FIFA 12\Game\fifa.exe
FirewallRules: [TCP Query User{99561F90-8709-4B1E-BCDE-9BFC227F7588}D:\spiele\stronghold crusader + extrem\stronghold crusader.exe] => (Allow) D:\spiele\stronghold crusader + extrem\stronghold crusader.exe
FirewallRules: [UDP Query User{17355C09-78BC-46DA-8CD1-BA45B6004EE4}D:\spiele\stronghold crusader + extrem\stronghold crusader.exe] => (Allow) D:\spiele\stronghold crusader + extrem\stronghold crusader.exe
FirewallRules: [{8801DFD3-C9F7-47F4-A173-BE1519C9382B}] => (Allow) C:\Program Files\UBISOFT\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{343DEB72-8136-41B9-87A4-A7797BC2D036}] => (Allow) C:\Program Files\UBISOFT\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{929A7AC9-1BE2-4562-942E-21E86374F8DC}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E435C717-0E83-4B7B-90E2-5BCBC48D62C8}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E7DB0140-0B54-4821-AB67-C8D3B8ECD717}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{F32BC4EC-F3E5-4AC7-94E4-7763ED4954E9}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{851B3CA1-30FD-4D44-995E-4503963C6A0A}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{03B6B1C8-9143-4ED6-9522-F8380C90AB9E}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{6C8DEFE3-E2CB-498F-BC9A-BEFCF701F017}C:\users\user\desktop\metin2client.bin] => (Allow) C:\users\user\desktop\metin2client.bin
FirewallRules: [UDP Query User{8351C05D-22D1-4253-BB0C-DF34F897710E}C:\users\user\desktop\metin2client.bin] => (Allow) C:\users\user\desktop\metin2client.bin
FirewallRules: [TCP Query User{41AF933C-444F-4F87-AB8F-6347B171C8CE}D:\spiele\metin 2\metin2\metin2.exe] => (Allow) D:\spiele\metin 2\metin2\metin2.exe
FirewallRules: [UDP Query User{46DB4B1B-9286-433F-B38B-CC0C05AF3AA0}D:\spiele\metin 2\metin2\metin2.exe] => (Allow) D:\spiele\metin 2\metin2\metin2.exe
FirewallRules: [{E7E503DF-262F-4845-BB60-25CE158D37E6}] => (Allow) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{E27791E2-679D-48EB-A308-E873E9C88AE0}] => (Allow) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{1A5FC6AD-185F-4CB1-B0FF-38A99BCC50E5}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{F26D2A68-B682-47BC-9D50-9A891332060D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [TCP Query User{03C79E2B-00C0-43DF-8EBB-14E76079FABC}C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe
FirewallRules: [UDP Query User{1A243A86-D76E-447C-AE74-4FAE9F371694}C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe
FirewallRules: [{A53C128C-0397-4FA3-89C2-B08ABB4AA97E}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{1BB48E5E-F6FB-4B11-9146-4814A4BAEFF6}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [TCP Query User{B1A8DAE5-3348-48DE-8577-A5C70CF7D1CC}D:\spiele\gp 3\gp3.exe] => (Allow) D:\spiele\gp 3\gp3.exe
FirewallRules: [UDP Query User{E62E8BDB-9A44-4E1E-8334-C6F6A626C07E}D:\spiele\gp 3\gp3.exe] => (Allow) D:\spiele\gp 3\gp3.exe
FirewallRules: [TCP Query User{AA66586B-B033-40CA-B603-6BDECB6CFF4E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{579F13DA-07CA-4E91-B13D-C90FD23BEFBD}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{C448D492-FC2C-4502-83D6-93E633467E6B}C:\users\user\desktop\cs 1.6\hlds.exe] => (Allow) C:\users\user\desktop\cs 1.6\hlds.exe
FirewallRules: [UDP Query User{BEF59458-7D32-463F-9E91-83E2CA996CA4}C:\users\user\desktop\cs 1.6\hlds.exe] => (Allow) C:\users\user\desktop\cs 1.6\hlds.exe
FirewallRules: [TCP Query User{FBFCB620-630F-43A4-B3F5-825F94F8F52A}C:\users\user\desktop\cs 1.6\hl.exe] => (Allow) C:\users\user\desktop\cs 1.6\hl.exe
FirewallRules: [UDP Query User{A6B1CDB0-DBA7-468D-AF06-C4490DD56727}C:\users\user\desktop\cs 1.6\hl.exe] => (Allow) C:\users\user\desktop\cs 1.6\hl.exe
FirewallRules: [TCP Query User{A704E406-989F-4F30-BC47-9605B17823D8}C:\users\user\desktop\pandora2 reloadet\metin2client.exe] => (Allow) C:\users\user\desktop\pandora2 reloadet\metin2client.exe
FirewallRules: [UDP Query User{D13ED2E8-5A9F-4663-BD09-7FA005D332CE}C:\users\user\desktop\pandora2 reloadet\metin2client.exe] => (Allow) C:\users\user\desktop\pandora2 reloadet\metin2client.exe
FirewallRules: [TCP Query User{C13E44B7-A89F-43B0-A0EA-EA79B29AA239}C:\users\user\desktop\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.bin
FirewallRules: [UDP Query User{D24FCCF9-982F-4E81-A619-3A131F772D8D}C:\users\user\desktop\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.bin
FirewallRules: [TCP Query User{41963AFE-5ECD-48A0-944E-FF245DC43B9D}C:\users\user\desktop\xtrememt2-2012\metin2client.exe] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.exe
FirewallRules: [UDP Query User{DEB4DD0A-0B53-4DA2-A86F-3ADB12FE7DDE}C:\users\user\desktop\xtrememt2-2012\metin2client.exe] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.exe
FirewallRules: [TCP Query User{818ADF39-BE57-48F5-8BE1-A0B19CAA5CE2}C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin
FirewallRules: [UDP Query User{F53FF6FA-01E5-4021-84AB-094B9F913B9E}C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin
FirewallRules: [TCP Query User{7A9B1570-CC3F-4A45-A099-7DBA68CE88BC}C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [UDP Query User{27B2AF27-3D26-4F67-A574-FED32DA84DF5}C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [TCP Query User{67736FA7-2C6C-4C53-9EC7-E1171E4BB80B}C:\users\user\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [UDP Query User{4C78E1DE-BF4B-4224-B3C0-73AC5D1C2ED9}C:\users\user\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [TCP Query User{A49A8FCE-C4FD-4FE0-B5F1-AF37FCDA7487}C:\users\user\hardcore reloaded\metin2client.bin] => (Allow) C:\users\user\hardcore reloaded\metin2client.bin
FirewallRules: [UDP Query User{5975999C-C1C4-4607-B609-F8BC61C01803}C:\users\user\hardcore reloaded\metin2client.bin] => (Allow) C:\users\user\hardcore reloaded\metin2client.bin
FirewallRules: [TCP Query User{E082394A-25B8-47B8-A922-DE609008AC51}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{F33BBAE8-5A81-4BA7-9900-897CFFD11FAB}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{9DCF453E-1AC8-46F6-83B4-2033B6B35D61}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{C19E4895-B3C9-4887-B21D-E1B49E44A0AF}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{2AB2654B-7972-45AC-A240-1B32D2D2A7F2}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6E84B1E9-5E7D-4707-BEAD-8F5DC0547DB6}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8E9F19B8-DE9E-4C6C-94FD-34B923D1E76C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{E0E43190-7BC1-4774-B2B5-D19F7B4C240C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [TCP Query User{E221BBA6-5ABA-4F12-9A2F-FD20D293322A}D:\call of duty v world at war\codwaw.exe] => (Allow) D:\call of duty v world at war\codwaw.exe
FirewallRules: [UDP Query User{1FB4ABA9-2651-4480-A32E-8F4FBD6A84A5}D:\call of duty v world at war\codwaw.exe] => (Allow) D:\call of duty v world at war\codwaw.exe
FirewallRules: [{A7D0700F-665F-4136-A0E4-99B6005C3816}] => (Block) D:\call of duty v world at war\codwaw.exe
FirewallRules: [{6F50C6ED-0C77-4C47-B5FD-8E19146BBBEC}] => (Block) D:\call of duty v world at war\codwaw.exe
FirewallRules: [TCP Query User{4C5A49A4-48EF-47BA-A3D7-CDB1BC1433DA}D:\call of duty v world at war\codwawmp.exe] => (Allow) D:\call of duty v world at war\codwawmp.exe
FirewallRules: [UDP Query User{C96D29AE-DEAC-4209-B7F7-981C6E14FA1E}D:\call of duty v world at war\codwawmp.exe] => (Allow) D:\call of duty v world at war\codwawmp.exe
FirewallRules: [TCP Query User{5EBB8A61-770B-4FF4-AE25-BBA1F9735574}D:\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [UDP Query User{7F831C66-F591-4ABE-9A05-4AD7FAC5BB9A}D:\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [{34927CAA-3A7E-45B9-A20F-A735B468CA42}] => (Block) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [{816BC67B-C62B-4B86-B3B1-040F745B3633}] => (Block) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [TCP Query User{C01E5FFE-B5CA-47CF-A3DB-8B078B7DF220}C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [UDP Query User{6DE07D49-6478-4BF8-B6FB-62EB37CBD344}C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [TCP Query User{A44621D6-C404-4935-AC9B-3CF2DA559FC6}C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [UDP Query User{CFBBAF91-8FC6-4DCE-9BF6-19C3DEE96C95}C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [TCP Query User{2CD02FEC-F681-4F1D-9CD6-BFEA4FEBF211}C:\users\user\documents\call of duty v world at war\codwaw.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw.exe
FirewallRules: [UDP Query User{F2A70A44-DC48-44F7-AF40-32C4D8105C6C}C:\users\user\documents\call of duty v world at war\codwaw.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw.exe
FirewallRules: [TCP Query User{7598DB2F-E399-424D-A3E4-8EE74ED58182}C:\users\user\documents\call of duty v world at war\codwawmp.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwawmp.exe
FirewallRules: [UDP Query User{A07BC4C7-E7A5-4A5A-9A4A-DACE567EE419}C:\users\user\documents\call of duty v world at war\codwawmp.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwawmp.exe
FirewallRules: [TCP Query User{2685C0EE-08B4-4DC5-BF05-096BD6D9C9A7}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{31A664C6-A385-4E74-93F4-E2A263C98836}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{6CB5FB7C-AB1B-4389-BB87-58D878441190}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{942C8FC2-E213-4858-AFAF-168F60FF1A3A}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [TCP Query User{C7F5D76E-594B-4DBA-A6A7-AC84EBD99B17}C:\program files\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{2B8E0844-72B7-4F90-97E3-126A8753B460}C:\program files\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [TCP Query User{6C58738E-57C5-4EED-998D-DAF1CC1F8D8B}D:\spiele\need for speed most wanted\speed.exe] => (Allow) D:\spiele\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{D6455C1C-4AF8-4AEC-B857-B5463A4712D6}D:\spiele\need for speed most wanted\speed.exe] => (Allow) D:\spiele\need for speed most wanted\speed.exe
FirewallRules: [TCP Query User{7E48864F-3324-434D-9D51-386C24DDC6D0}D:\spiele\gta san andreas\gta_sa.exe] => (Allow) D:\spiele\gta san andreas\gta_sa.exe
FirewallRules: [UDP Query User{CE29F317-A5DC-4E62-959B-9989D86723D2}D:\spiele\gta san andreas\gta_sa.exe] => (Allow) D:\spiele\gta san andreas\gta_sa.exe
FirewallRules: [TCP Query User{991BD337-F0D3-4ABB-AAF2-895A0A42AAEE}C:\program files\lolreplay\lolreplay.exe] => (Allow) C:\program files\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{617CDD58-62E1-4D10-AB2F-61484A8FF377}C:\program files\lolreplay\lolreplay.exe] => (Allow) C:\program files\lolreplay\lolreplay.exe
FirewallRules: [{C0343FAF-3D17-4F5E-8248-DDCF9C5E0467}] => (Allow) LPort=25565
FirewallRules: [{DC793143-5952-4F04-837B-0BED97A9AD65}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{C9A6DFE3-658E-4D91-BB04-1F8B5E3D8B4A}D:\spiele\hardcore-reloaded\.hardcore reloaded.exe] => (Allow) D:\spiele\hardcore-reloaded\.hardcore reloaded.exe
FirewallRules: [UDP Query User{25914DD8-D9BB-4E75-AFB8-EDC272519CAA}D:\spiele\hardcore-reloaded\.hardcore reloaded.exe] => (Allow) D:\spiele\hardcore-reloaded\.hardcore reloaded.exe
FirewallRules: [{21E5A1B0-6144-4315-9724-A2E471F4875C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{9BCFE08D-93F0-47AB-9AE1-3A4754018E95}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{C8F4B8D5-B0DA-443E-8D43-1F56045B696C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{35D5D4FC-AF3B-410E-A4E0-B1550C73ADF8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{0D292151-DA4D-43A2-B99B-F00839BFBFF7}D:\spiele\hardcore-reloaded\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\metin2client.bin
FirewallRules: [UDP Query User{1148E299-586E-410B-8E26-C2DD79D45423}D:\spiele\hardcore-reloaded\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\metin2client.bin
FirewallRules: [{0A0D712B-FF30-4FDE-BFDF-0E3EE6E30064}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{1880D8B8-115E-42F8-8E1D-9DD46BAA8F1D}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{FEA536F1-9342-4FF1-BFD1-BD21E57C5E27}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe
FirewallRules: [{7109BD34-991B-4523-B8A8-BE1DDB93E77C}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe
FirewallRules: [TCP Query User{74249E81-D89D-47D5-8CF7-ECC4ECD2CC4F}D:\spiele\gta san andreas\server\mta server.exe] => (Allow) D:\spiele\gta san andreas\server\mta server.exe
FirewallRules: [UDP Query User{805EA52D-3EC0-4E37-B207-1FE69B5DFE78}D:\spiele\gta san andreas\server\mta server.exe] => (Allow) D:\spiele\gta san andreas\server\mta server.exe
FirewallRules: [{2C00857D-1F06-49E2-BCC6-D2C80C5A2AB3}] => (Allow) C:\Program Files\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{3B9E72E8-1BE7-4D7B-AE59-873D29A9A2D4}] => (Allow) C:\Program Files\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{D8DF0F83-A832-436E-9B99-83306B93165F}] => (Allow) C:\Program Files\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{AFAB371D-6366-4397-944B-EF7F537CFEE1}] => (Allow) C:\Program Files\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{EE113D59-C44E-4E01-B602-3CC5E110BB37}D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe] => (Allow) D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe
FirewallRules: [UDP Query User{608C08E0-9482-4475-B106-1608AC361C72}D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe] => (Allow) D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe
FirewallRules: [{BA7485F6-A6F1-41B4-BAA5-DBEAD4F6EB3B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{89A607A8-E276-45B9-92C1-40B16E19B9A8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{2D9491CC-7FF7-4ADC-A769-9D9C72DDC154}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{FFDBEAB1-DA9B-49D5-BC75-1E601477E685}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{79FBD39C-6190-4E33-A844-A1A3E7B369F5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{A5AF03E6-5D0F-4F38-9626-93BFAD574D0B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [TCP Query User{D676F570-74F5-4609-8CDC-56C62C9CE4CE}D:\spiele\world of warfighters\wowplauncher.exe] => (Allow) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [UDP Query User{FFA7D318-A5FC-4E1E-BF82-51DA9D498304}D:\spiele\world of warfighters\wowplauncher.exe] => (Allow) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [{65BE3436-7D41-438B-9795-9C7065F57CDA}] => (Block) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [{E49586F6-73F6-48CE-979D-AD6CE1FA7ED3}] => (Block) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [{3720E0E3-F559-4024-8A56-932F5643F8A5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4D57AC82-01E9-46A7-AFB5-79893E8463EF}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{39787381-1464-46BC-AE10-AAB098072800}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{FB61183A-7DE9-4414-9DFB-722916C57AFA}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{71DD81FF-0BB0-4757-A893-8F81BACCAEFA}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{BD44D8F5-91DF-4992-A361-49A6872093C8}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{B9B0F6B7-49B0-4BFD-B0BF-F39A2173FD6E}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F1056B6C-7FAF-4551-B091-9837037652B5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{1A203B36-0F1A-47E6-90B3-2EA2106CCF1D}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [UDP Query User{2131890F-0712-4974-9489-8DDFA3B8F767}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [{3AABF05B-7E4A-4D41-B6E3-F8CA4C2C913F}] => (Allow) C:\Users\User\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
FirewallRules: [{C47BF929-F56E-42F4-858B-7CB15341C847}] => (Allow) C:\Users\User\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
FirewallRules: [{E3966037-DA0D-40E7-8A34-D16191A19FDA}] => (Allow) LPort=9091
FirewallRules: [{07A9678D-D431-423E-9182-65F4960C91A7}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0D5886CE-B300-446C-B3FF-DE0BC41BE28A}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4BBFBCBE-1AE5-4A3E-A29B-BFCA6B1A5428}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B30E22E2-0987-4053-B52E-4F0A5249CE44}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E9545908-177C-44D6-A537-95F81D1977B9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{DC48B77B-91A6-462D-8227-AD95A53780E1}C:\program files\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{5A73BDF2-D5D9-4FD4-9A47-C68CBAE389F5}C:\program files\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{DCBDCFA1-7B2B-4F73-A6F6-30F216CCDAED}] => (Block) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{0E5FB942-DEAC-477C-A6D5-AC1FE1D8CDF3}] => (Block) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{E808BFAD-E751-4A8B-BC46-A7BC78330F2F}D:\spiele\hardcore-reloaded\bin\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{77410412-36A9-4732-866D-43C8B6404286}D:\spiele\hardcore-reloaded\bin\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{B695C78A-3A0C-467A-AF39-3491390B495A}] => (Block) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{19F76487-AFEC-4030-8E4F-B0B8C85221FD}] => (Block) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{21BD3EA0-5FED-486C-A319-CB90C9C0009C}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{85F65C49-EC35-4D59-83BB-45F89A4D85A9}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{57798561-3F23-4237-BE76-CCD83B5BFB3D}] => (Block) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{AACAA219-9E7F-4C90-9983-57A61951222A}] => (Block) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{7798D5EE-D713-4E52-A367-299D2E7F4894}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA35C1BD-E7E6-4904-8757-7AFEAB2D609B}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7AB6D364-DCB6-44B4-9CAB-9C237826F74E}] => (Allow) C:\Program Files\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{A74CA989-6BA5-43C8-9716-E70CD99D369D}] => (Allow) C:\Program Files\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{BCD73852-C201-4276-9380-EA0B7CC05FC7}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{22F263ED-E055-4351-B461-4A8A384DCE4E}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{B90A11E3-BA53-4752-BE72-A31C8690B7E5}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{7F9FD48A-8F7C-47D9-B2EA-35571895FE86}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{665794C4-E845-4477-96FC-ED56F26B2B6B}] => (Allow) C:\Program Files\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{E135BB5A-3820-4675-A89A-152D760B4990}] => (Allow) C:\Program Files\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [TCP Query User{A009FD73-383B-4DF7-817F-5190459784D9}C:\program files\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files\mkjogo\mklol\bin\mkim.exe
FirewallRules: [UDP Query User{069ACED8-4C2D-413C-8BA4-0EF11CBEB1D5}C:\program files\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files\mkjogo\mklol\bin\mkim.exe
FirewallRules: [{EB38FE61-B109-43CD-B0BB-16C6B3990F9E}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{BE505FAC-CB76-4CDB-9F89-7A7981E53271}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{5EE6484A-0197-4F58-85FA-F31EB2CFDEB2}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{286E672A-933B-430E-B919-1B96586CC8B4}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{9F3906F1-821F-438E-8F35-3C7B8758A8AC}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{1961F378-4823-4437-B7E2-7CD76F178697}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{41B29B53-5649-4AB7-B2EF-E09D093941D1}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{989D7BAE-8B4E-497E-A530-8E346F0867A6}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{E76BC232-FCCD-40FA-9FB3-E1F724FC47D9}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{99ED37BC-E966-4C13-99E6-1F77C9AF8367}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{19969117-B289-485B-8907-3A5373F548E5}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{CF43F76A-B097-46FE-855F-FF2FC49C96AE}] => (Allow) D:\spiele\Combat Arms EU\NMService.exe
FirewallRules: [{020EEADE-103A-450E-B723-7DF63505F361}] => (Allow) D:\spiele\Combat Arms EU\NMService.exe
FirewallRules: [{1AAA9CB6-3BD1-4672-AAAD-9D351F83C355}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{D598434A-D9BC-4526-A7CB-8DFEDD0705F5}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{EC1F2C18-7EA2-4340-B179-56D0F1848719}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9464B8A9-D393-4A3B-B806-5C4A6A97F2C7}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{7122BDDE-544B-4F69-A24E-56D43E441EA1}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{15C1040A-6CDA-430C-A6A4-9A94F8B6D7A8}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{CEA08321-B4AA-45E2-8D50-0106FA42CF29}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{CBAF136E-F125-41B4-9D31-D232C056BF58}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{74C28661-7880-4544-A4A7-1CC2D65BECFE}C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5AD98A09-B7C9-4C58-9DEE-849ED243BF0B}C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{A4095E85-839A-4DC6-921F-AB470A299B62}] => (Allow) LPort=5000
FirewallRules: [{168A437E-7223-4B61-9250-6E1B187D44E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C633B217-D36A-45B5-BA34-640C24376D29}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1630779-200F-4483-B521-209F2F7CE18D}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{A3D1656B-75B2-439D-BE0E-C8B12DFED30D}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{90F1D3E9-DE02-409E-ABC0-3D883134C057}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{449F888D-502E-4CF3-8D05-62C03C3FECB9}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{218F00BC-46DB-4694-8A3C-F0A9D3D3FE1A}D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{02A7D6BE-3556-495F-BE1C-0E02D531E1EE}D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{6C0B0D41-97BC-4868-B1FF-9C551B358B6B}D:\spiele\gta 2\gta sa\gta_sa.exe] => (Allow) D:\spiele\gta 2\gta sa\gta_sa.exe
FirewallRules: [UDP Query User{6A676A3D-5AF9-485C-8974-E13B25395E6C}D:\spiele\gta 2\gta sa\gta_sa.exe] => (Allow) D:\spiele\gta 2\gta sa\gta_sa.exe
FirewallRules: [TCP Query User{D359C661-7414-40AF-954B-8E09778D3DFF}C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2081E2FA-3C21-4859-8AE3-9047060160A2}C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4F07E0F8-312A-4B6B-9E3E-D89244E1FAA1}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8E730B5D-1A57-4AC8-BA0D-B26C1762C021}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DE29B77A-C6C7-4C09-8D2F-3F36BC3ECC81}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{5669AADA-80C9-47DE-B622-F62CE57B57E3}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{22E6FC7C-849A-4034-B442-5DE265D8A3D5}] => (Allow) D:\spiele\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{C33DB2C6-FA73-41E3-99C1-BDE7C640EF7C}] => (Allow) D:\spiele\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{1A1C04D0-BBE3-4E10-8C77-FF3501C61AB1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E2C16622-A8BB-427E-94B1-5CF9F8F3DF25}D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe
FirewallRules: [UDP Query User{5C9BDB07-A176-4AE3-BBBA-38B943CA117F}D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe
FirewallRules: [TCP Query User{5A2ACB00-7652-493D-9C93-0FF52EDBB8D7}C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{208DA322-77B8-44C8-A0C0-44A06EA3360F}C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{B3D06D16-BC47-4F2D-A575-EBEE804911E8}C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [UDP Query User{FB0492AF-F509-42CA-8446-18C747CBDB0C}C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [TCP Query User{D0F32DEC-E2FA-4180-BF91-E8514954DED0}C:\users\user\desktop\blur\blur.exe] => (Allow) C:\users\user\desktop\blur\blur.exe
FirewallRules: [UDP Query User{8F8BAF2A-F8DA-42B0-B125-FB367937AF1E}C:\users\user\desktop\blur\blur.exe] => (Allow) C:\users\user\desktop\blur\blur.exe
FirewallRules: [TCP Query User{57B4B083-2A93-4B3E-8232-CF30FA93B08D}C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [UDP Query User{4C2B1B87-5B21-41E6-9091-0A35A508A514}C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [TCP Query User{5500933C-8876-4DA1-BB44-F467B3FC42D4}C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe] => (Allow) C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{1CD1CF4D-7DEF-4056-9E99-FB81A1A18646}C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe] => (Allow) C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{D7C04170-C00E-43AE-A940-081F896027C1}C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe] => (Allow) C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe
FirewallRules: [UDP Query User{BA96DA12-0CA6-424A-A052-E0BE7D20C658}C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe] => (Allow) C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe
FirewallRules: [TCP Query User{5FC252D0-E228-46D3-A910-B11D881841A5}D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe
FirewallRules: [UDP Query User{0BC2AD47-17B4-409B-99EF-46AB9FCDDE73}D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe
FirewallRules: [TCP Query User{312CA0EC-877E-44F0-AD51-07853BB4FDD2}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{186326EC-1AC1-46F8-B44C-F7D536290A36}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{47375F08-2D17-494F-AF35-281DFD602012}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B148319A-6879-48DC-9FF0-4CEE878A22C2}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{741A36AC-AC58-46D4-8BCD-FC2B2F20C791}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB989E45-1F56-464C-8DD4-B16FDBA18C43}] => (Allow) LPort=2869
FirewallRules: [{A33EB819-DA9B-43A3-AA4F-5A1A689A7A75}] => (Allow) LPort=1900
FirewallRules: [{05ACEC19-AE47-4199-A11B-935DB38320B2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{124D0764-6CEF-4043-BF4A-FC9C4DB74F27}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8BF388DD-FEAA-4017-96EE-FD08D79F10DB}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{1818DA9B-9EB8-4475-98C3-0DECCFFE60EB}C:\users\user\desktop\neben programme\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\modernadmin.exe
FirewallRules: [UDP Query User{3E3E2EBC-CC62-41A5-8CE2-70828DB6A146}C:\users\user\desktop\neben programme\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\modernadmin.exe
FirewallRules: [TCP Query User{DE9EC5FB-ED96-4AAF-94EE-2640D26AF8A6}C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe
FirewallRules: [UDP Query User{FA3E80BE-0AD7-40AD-8181-1E54242CC23E}C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe
FirewallRules: [{CC6731E1-0517-4E2B-9CE7-462BBAD16FBF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/09/2015 02:52:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {55aa840d-a7df-4e2f-9881-b979a16f9e8a}
Error: (09/06/2015 11:41:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x17f8
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (08/09/2015 08:40:30 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/08/2015 07:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x5576f432
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18847, Zeitstempel: 0x554d7aff
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004f7fa
ID des fehlerhaften Prozesses: 0x1510
Startzeit der fehlerhaften Anwendung: 0xhl2.exe0
Pfad der fehlerhaften Anwendung: hl2.exe1
Pfad des fehlerhaften Moduls: hl2.exe2
Berichtskennung: hl2.exe3
Error: (08/07/2015 06:10:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {709f2eb7-d0cd-478b-a95f-8d12f658dd5a}
Error: (08/07/2015 06:09:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {709f2eb7-d0cd-478b-a95f-8d12f658dd5a}
Error: (08/07/2015 06:09:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {709f2eb7-d0cd-478b-a95f-8d12f658dd5a}
Error: (08/07/2015 06:09:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {204d68b4-e2bb-4ab1-a169-ba2520732df1}
Error: (08/07/2015 06:09:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {709f2eb7-d0cd-478b-a95f-8d12f658dd5a}
Error: (08/07/2015 06:09:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {204d68b4-e2bb-4ab1-a169-ba2520732df1}
Systemfehler:
=============
Error: (09/09/2015 04:02:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/09/2015 02:49:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/06/2015 11:34:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/05/2015 06:32:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/05/2015 06:30:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.09.2015 um 18:28:15 unerwartet heruntergefahren.
Error: (09/05/2015 05:44:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/04/2015 03:02:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/03/2015 05:16:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (09/03/2015 03:36:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/02/2015 06:47:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 3582.05 MB
Verfügbarer physikalischer RAM: 2467.71 MB
Summe virtueller Speicher: 7162.41 MB
Verfügbarer virtueller Speicher: 5210.94 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:298.73 GB) (Free:48.17 GB) NTFS
Drive d: (System) (Fixed) (Total:632.68 GB) (Free:457.25 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16712F0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=632.7 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
MFG feuerstein98 |
|
10.09.2015, 19:02
| #4 |
| /// the machine /// TB-Ausbilder | Computer seid 1 Woche ungewöhnlich langsam hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2015, 12:34
| #5 |
| | Computer seid 1 Woche ungewöhnlich langsam Guten Tag Herr Schrauber, ich habe den ersten Schritt wie von ihnen gefordert erfolgt doch leider konnte ich den zweiten Schritt, mit TDSSKiller, nicht durchführen, da die Bilder der Einstellungne des Programms bei mir nicht angezeigt werden. Hier ist die mbar txt Datei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.09.11.04
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17843
User :: USER-PC [administrator]
11.09.2015 12:29:18
mbar-log-2015-09-11 (12-29-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 468170
Time elapsed: 51 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
MFG feuerstein98 |
|
12.09.2015, 09:39
| #6 |
| /// the machine /// TB-Ausbilder | Computer seid 1 Woche ungewöhnlich langsam hi, Scan mit Combofix
__________________ --> Computer seid 1 Woche ungewöhnlich langsam |
|
12.09.2015, 11:21
| #7 |
| | Computer seid 1 Woche ungewöhnlich langsam Guten Tag Herr Schrauber, ich habe die Schritte wie gefordert erfüllt. Hier die txt Datei: Code:
ATTFilter ComboFix 15-09-07.01 - User 12.09.2015 12:00:13.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3582.2395 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-08-12 bis 2015-09-12 ))))))))))))))))))))))))))))))
.
.
2015-09-11 14:32 . 2015-09-11 14:33 -------- d-----w- c:\users\User\AppData\Roaming\Riot Games
2015-09-11 10:29 . 2015-09-11 10:29 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-11 10:27 . 2015-09-11 11:27 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-09 15:24 . 2015-09-09 15:26 -------- d-----w- C:\FRST
2015-08-19 17:27 . 2015-08-19 17:27 -------- d-----w- c:\program files\Common Files\Skype
2015-08-19 17:27 . 2015-08-19 17:27 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 13:14 . 2015-04-19 17:24 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 13:14 . 2015-04-19 17:24 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-20 08:31 . 2015-07-20 08:31 2973808 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{CA9F6B5A-2C32-4CB3-8635-390AB45A8C49}\StartMenuIcon_config.exe
2015-07-20 08:31 . 2015-07-20 08:31 15047260 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{CA9F6B5A-2C32-4CB3-8635-390AB45A8C49}\StartMenuIcon.exe
2015-07-20 08:31 . 2015-07-20 08:31 15047260 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{CA9F6B5A-2C32-4CB3-8635-390AB45A8C49}\DesktopIcon.exe
2015-07-16 18:21 . 2015-04-30 21:02 138816 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-07-16 18:20 . 2015-01-10 19:43 348360 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-07-16 18:20 . 2012-10-18 08:22 348360 ----a-w- c:\windows\system32\PnkBstrB.xtr
2015-07-16 18:20 . 2015-01-10 19:43 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2015-06-30 06:45 . 2015-06-30 06:46 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\Ruiware\WinPatrol\winpatrol.exe" [2015-02-23 1160536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-08-07 53729824]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-08-28 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-08-12 13:16 2215064 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKLOL]
2014-08-09 10:04 1076424 ----a-w- c:\program files\MKJogo\MKLOL\Bin\MKIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2013-02-05 21:05 4272624 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-25 20:40 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-08-19 20:39 2899136 ----a-w- c:\program files\Steam\Steam.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 ArcService;Arc Service;d:\arc\ArcService.exe [2015-04-09 88584]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cusbohcn;cusbohcn;c:\users\User\AppData\Local\Temp\cusbohcn.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 122752]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-08-31 2007048]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\spiele\Smite\HiPatchService.exe [2015-03-12 9216]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-04 13:47 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19 13:14]
.
2015-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-01 17:38]
.
2015-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-01 17:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
mStart Page = www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-RazerCortex - c:\program files\Razer\Razer Cortex\RazerCortex.exe
AddRemove-Blender - c:\program files\Blender Foundation\Blender\uninstall.exe
AddRemove-Uplay - d:\spiele\Neuer Ordner\Ubisoft Game Launcher\Uninstall.exe
AddRemove-Uplay Install 273 - d:\spiele\Neuer Ordner\Ubisoft Game Launcher\Uplay.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2980554796-842610410-1348767362-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:68,dc,ae,28,a1,33,1b,10,08,ec,b1,9e,15,9c,88,67,4b,fa,fe,17,f5,3b,d5,
79,8b,e4,c9,7f,1d,8d,6f,c0,de,b1,e2,31,1d,57,1f,49,4c,b5,69,93,0c,f6,e8,00,\
"??"=hex:5e,42,1a,74,74,40,a4,8c,4c,97,40,15,d3,d2,5e,94
.
[HKEY_USERS\S-1-5-21-2980554796-842610410-1348767362-1000\Software\SecuROM\License information*]
"datasecu"=hex:83,ca,0d,d9,4f,51,00,78,72,88,41,9f,9a,95,51,0b,c1,17,43,44,53,
59,9b,2c,f8,3c,7c,1f,f2,48,f1,3b,36,a4,5b,c3,7a,01,84,a2,91,50,78,9d,56,36,\
"rkeysecu"=hex:8f,b6,99,9c,82,34,5e,cf,a1,e9,48,38,31,1a,57,68
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-09-12 12:14:29
ComboFix-quarantined-files.txt 2015-09-12 10:14
.
Vor Suchlauf: 18 Verzeichnis(se), 54.211.018.752 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 54.823.444.480 Bytes frei
.
- - End Of File - - 39E0729992EFF7D2FF54ADA1B4F5F000
A36C5E4F47E84449FF07ED3517B43A31
feuerstein98 |
|
13.09.2015, 09:02
| #8 |
| /// the machine /// TB-Ausbilder | Computer seid 1 Woche ungewöhnlich langsam Jetzt entfernen wir noch bissl Adware. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2015, 13:02
| #9 |
| | Computer seid 1 Woche ungewöhnlich langsam Guten Tag Herr Schrauber, danke für Ihre bisherige Hilfe. Ich denke das Problem ist nun behoben! Hier sind die von ihnen angeforderten Dokumente. mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 13.09.2015 Suchlaufzeit: 13:21 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.13.01 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: User Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 403077 Abgelaufene Zeit: 16 Min., 1 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 PUP.Optional.QuickStart, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\prefs.js, Gut: (), Schlecht: (quick_start@gmail.com), Ersetzt,[a1c453dcd2b9ca6c59899e0ade274ab6] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.007 - Bericht erstellt am 13/09/2015 um 13:48:19
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-10.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\AdwCleaner_5.007.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[-] Ordner Gelöscht : C:\Users\User\Desktop\ftb
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{00CBB66B-1D3B-46D3-9577-323A336ACB50}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{963B125B-8B21-49A2-A3A8-E37092276531}]
[-] Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1526 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 7 Professional x86
Ran by User on 13.09.2015 at 13:56:33,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\User\Appdata\Local\crashrpt
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\3xqfoxkz.default-1421944932997\minidumps [5 files]
~~~ Chrome
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2015 at 13:58:07,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
durchgeführt von User (Administrator) auf USER-PC (13-09-2015 13:59:08)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-08-28] (Google Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D19DB10C-7A53-48DE-9229-AE6103467CAA}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-11-15] (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-23] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: YouTube Center - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-02-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Plugin: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\internal-nacl-plugin Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll Keine Datei
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll Keine Datei
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll Keine Datei
CHR Plugin: (Java(TM) Platform SE 8 U31) - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll Keine Datei
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll Keine Datei
CHR Plugin: (ArcPlugin) - D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Steam inventory helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-07-26]
CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-07]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Lounge Assistant) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2015-07-26]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ArcService; D:\Arc\ArcService.exe [88584 2015-04-09] (Perfect World Entertainment Inc)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S2 HiPatchService; D:\spiele\Smite\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2007048 2015-08-31] (Electronic Arts)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-10] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-13 13:58 - 2015-09-13 13:58 - 00001540 _____ C:\Users\User\Desktop\JRT.txt
2015-09-13 13:56 - 2015-09-13 13:56 - 01799392 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT_7600.exe
2015-09-13 13:56 - 2015-09-09 20:11 - 01800104 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT.exe
2015-09-13 13:47 - 2015-09-13 13:48 - 00000000 ____D C:\AdwCleaner
2015-09-13 13:43 - 2015-09-13 13:43 - 01660416 _____ C:\Users\User\Desktop\AdwCleaner_5.007.exe
2015-09-13 13:43 - 2015-09-13 13:43 - 00001366 _____ C:\Users\User\Desktop\mbam.txt
2015-09-13 13:20 - 2015-09-13 13:20 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-13 13:20 - 2015-09-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-13 13:20 - 2015-09-13 13:20 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-09-13 13:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-13 13:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-13 13:17 - 2015-09-13 13:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-12 18:06 - 2015-09-12 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-09-12 12:14 - 2015-09-12 12:14 - 00012237 _____ C:\ComboFix.txt
2015-09-12 11:57 - 2015-09-12 12:14 - 00000000 ____D C:\Qoobox
2015-09-12 11:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-12 11:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-12 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-12 11:53 - 2015-09-12 11:53 - 05635119 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2015-09-11 18:12 - 2015-09-11 18:12 - 00263008 _____ C:\Users\User\Downloads\ABO-MC1.7.10-BC7-release3.0.1.jar
2015-09-11 16:32 - 2015-09-12 18:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games
2015-09-11 16:29 - 2015-09-11 16:31 - 30668968 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-09-11 13:28 - 2015-09-11 13:28 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-09-11 12:29 - 2015-09-13 13:21 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 12:27 - 2015-09-11 13:21 - 00000000 ____D C:\Users\User\Desktop\mbar
2015-09-11 12:27 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-11 12:25 - 2015-09-11 12:25 - 16563304 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.09.2.1008.exe
2015-09-09 17:25 - 2015-09-13 13:59 - 00016537 _____ C:\Users\User\Desktop\FRST.txt
2015-09-09 17:25 - 2015-09-09 17:26 - 00082310 _____ C:\Users\User\Desktop\Addition.txt
2015-09-09 17:24 - 2015-09-13 13:59 - 00000000 ____D C:\FRST
2015-09-09 17:23 - 2015-09-09 17:23 - 01692160 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ___RD C:\Program Files\Skype
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-13 13:59 - 2011-11-12 20:51 - 00000000 ____D C:\Program Files\Steam
2015-09-13 13:57 - 2009-07-14 06:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-13 13:57 - 2009-07-14 06:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-13 13:56 - 2012-01-20 17:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-09-13 13:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-13 13:49 - 2015-02-01 17:01 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 13:49 - 2011-01-17 18:26 - 01210760 _____ C:\Windows\PFRO.log
2015-09-13 13:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-13 13:49 - 2009-07-14 06:39 - 00249268 _____ C:\Windows\setupact.log
2015-09-13 13:48 - 2011-01-03 17:46 - 02022590 _____ C:\Windows\WindowsUpdate.log
2015-09-13 13:43 - 2015-02-01 17:01 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 09:14 - 2015-04-19 19:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 18:57 - 2012-06-01 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-09-12 13:18 - 2013-10-31 15:21 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2015-09-12 12:11 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-09-11 18:38 - 2015-03-30 09:52 - 00000000 ____D C:\Users\User\AppData\Local\ftblauncher
2015-09-11 18:18 - 2015-08-01 18:54 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2015-09-11 18:17 - 2014-02-27 20:38 - 00000000 ____D C:\Program Files\Minecraft
2015-09-11 17:13 - 2013-10-21 10:08 - 00000000 ____D C:\Users\User\Documents\Gothic3
2015-09-11 16:29 - 2011-01-04 15:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-11 13:21 - 2015-01-08 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-09 16:22 - 2015-06-27 16:20 - 00000000 ____D C:\Users\User\Desktop\Neben Programme
2015-09-09 16:15 - 2011-05-28 10:08 - 00000000 ____D C:\Users\User\Documents\Spiele
2015-09-09 16:13 - 2011-11-29 15:19 - 00000000 ____D C:\Users\User\Bilder
2015-09-09 16:08 - 2012-12-25 13:07 - 00000000 ____D C:\Program Files\Adobe
2015-09-09 16:07 - 2011-01-16 11:23 - 00000000 ____D C:\Program Files\EA GAMES
2015-09-09 16:06 - 2011-05-03 14:16 - 00000000 ____D C:\Program Files\Electronic Arts
2015-09-09 16:05 - 2011-01-04 16:52 - 00000000 ____D C:\Program Files\LucasArts
2015-09-09 14:54 - 2015-06-23 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\GameRanger
2015-09-06 11:36 - 2014-07-19 22:43 - 00000000 ____D C:\Program Files\OBS
2015-09-04 15:00 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-31 19:08 - 2012-10-20 10:42 - 00000000 ___RD C:\Users\User\Desktop\videosmacher
2015-08-31 15:09 - 2012-04-20 18:15 - 00000000 ____D C:\Program Files\Origin
2015-08-31 15:09 - 2011-10-08 12:34 - 00000000 ____D C:\ProgramData\Origin
2015-08-28 15:02 - 2014-09-07 07:28 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-08-22 08:28 - 2011-04-28 13:04 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-08-19 19:27 - 2012-01-20 17:38 - 00000000 ____D C:\ProgramData\Skype
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2012-10-18 10:20 - 2014-10-25 22:29 - 0138056 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2012-01-12 15:36 - 2013-12-01 10:10 - 0006656 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-28 19:53
==================== Ende vom FRST.txt ============================
MFG feuerstein98 |
|
14.09.2015, 06:16
| #10 |
| /// the machine /// TB-Ausbilder | Computer seid 1 Woche ungewöhnlich langsamESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2015, 17:24
| #11 |
| | Computer seid 1 Woche ungewöhnlich langsam Guten Tag Herr Schrauber, ich danke Ihnen erneut für ihrer bisherige Hilfe. Ich habe ihre Schritte wieder verfolgt wobei ich sagen muss, dass ich SecurityCheck ein 2mal durchgeführt habe, da mir das erste Text Dokument abhanden gekommen ist. Ich hoffe damit habe ich nichts kaputt gemacht. Hier sind die von Ihnen angeforderten Dateien. ESET Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f465e6891e407c48982cc3a16d45dc1b
# end=init
# utc_time=2015-09-14 01:03:34
# local_time=2015-09-14 03:03:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# nod_component=V3 Build:0x30000000
Update Init
Update Download
Update Finalize
Updated modules version: 25750
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f465e6891e407c48982cc3a16d45dc1b
# end=updated
# utc_time=2015-09-14 01:05:17
# local_time=2015-09-14 03:05:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# nod_component=V3 Build:0x30000000
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f465e6891e407c48982cc3a16d45dc1b
# engine=25750
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-14 02:58:50
# local_time=2015-09-14 04:58:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 21438904 193873921 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 4'
# compatibility_mode=8199 16776701 100 98 65738567 160623888 0 0
# scanned=407565
# found=4
# cleaned=0
# scan_time=6812
# nod_component=V3 Build:0x30000000
sh=070C580D8404F5FE1DB095F0C77F485AD44CF133 ft=1 fh=af1927692cb41697 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"
sh=ED5461682488FBF471867062B6EB9A9B8BF11362 ft=1 fh=b083cc7fdedeadb4 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe"
sh=070C580D8404F5FE1DB095F0C77F485AD44CF133 ft=1 fh=af1927692cb41697 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe"
sh=F288ECD88E0A47706138F843EF2952FFCE05EA23 ft=1 fh=0860b751df592f0c vn="Variante von Win32/GameModding.B evtl. unerwünschte Anwendung" ac=I fn="D:\spiele\Gta 2\GTA SA\www.GameModding.net\Uninstall(Elegy)139963-nissan-240sx-monster-energy-gtasa.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.008
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 4.2
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Spybot - Search & Destroy
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232
Adobe Reader XI
Mozilla Firefox (39.0)
Google Chrome (44.0.2403.157)
Google Chrome (45.0.2454.85)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:14-09-2015
durchgeführt von User (Administrator) auf USER-PC (14-09-2015 18:05:50)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
() D:\spiele\League of Legends\RADS\system\rads_user_kernel.exe
() D:\spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe
() D:\spiele\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe
() D:\spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.159\deploy\LolClient.exe
() C:\Program Files\MKJogo\MK IM\Bin\sosfp.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-08-28] (Google Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D19DB10C-7A53-48DE-9229-AE6103467CAA}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-11-15] (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-23] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: YouTube Center - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3xqfoxkz.default-1421944932997\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-02-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.de/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll => Keine Datei
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 8 U31) - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll => Keine Datei
CHR Plugin: (ArcPlugin) - D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Steam inventory helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-07-26]
CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-07]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Lounge Assistant) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2015-07-26]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ArcService; D:\Arc\ArcService.exe [88584 2015-04-09] (Perfect World Entertainment Inc)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S2 HiPatchService; D:\spiele\Smite\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2007048 2015-08-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-10] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R3 eapihdrv; C:\Users\User\AppData\Local\Temp\ehdrv.sys [135760 2015-09-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-14 18:05 - 2015-09-14 18:05 - 00000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2015-09-14 17:13 - 2015-09-14 17:13 - 00852704 _____ C:\Users\User\Desktop\SecurityCheck.exe
2015-09-14 15:02 - 2015-09-14 15:02 - 02870984 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2015-09-13 13:58 - 2015-09-13 13:58 - 00001540 _____ C:\Users\User\Desktop\JRT.txt
2015-09-13 13:56 - 2015-09-13 13:56 - 01799392 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT_7600.exe
2015-09-13 13:56 - 2015-09-09 20:11 - 01800104 _____ (Malwarebytes Corporation) C:\Users\User\Desktop\JRT.exe
2015-09-13 13:47 - 2015-09-13 13:48 - 00000000 ____D C:\AdwCleaner
2015-09-13 13:43 - 2015-09-13 13:43 - 01660416 _____ C:\Users\User\Desktop\AdwCleaner_5.007.exe
2015-09-13 13:43 - 2015-09-13 13:43 - 00001366 _____ C:\Users\User\Desktop\mbam.txt
2015-09-13 13:20 - 2015-09-13 13:20 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-13 13:20 - 2015-09-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-13 13:20 - 2015-09-13 13:20 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-09-13 13:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-13 13:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-13 13:17 - 2015-09-13 13:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-12 18:06 - 2015-09-12 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-09-12 12:14 - 2015-09-12 12:14 - 00012237 _____ C:\ComboFix.txt
2015-09-12 11:57 - 2015-09-12 12:14 - 00000000 ____D C:\Qoobox
2015-09-12 11:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-12 11:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-12 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-12 11:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-12 11:53 - 2015-09-12 11:53 - 05635119 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2015-09-11 18:12 - 2015-09-11 18:12 - 00263008 _____ C:\Users\User\Downloads\ABO-MC1.7.10-BC7-release3.0.1.jar
2015-09-11 16:32 - 2015-09-12 18:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games
2015-09-11 16:29 - 2015-09-11 16:31 - 30668968 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-09-11 13:28 - 2015-09-11 13:28 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-09-11 12:29 - 2015-09-13 13:21 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 12:27 - 2015-09-11 13:21 - 00000000 ____D C:\Users\User\Desktop\mbar
2015-09-11 12:27 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-11 12:25 - 2015-09-11 12:25 - 16563304 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.09.2.1008.exe
2015-09-09 17:25 - 2015-09-14 18:06 - 00017688 _____ C:\Users\User\Desktop\FRST.txt
2015-09-09 17:24 - 2015-09-14 18:05 - 00000000 ____D C:\FRST
2015-09-09 17:23 - 2015-09-14 18:05 - 01694208 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ___RD C:\Program Files\Skype
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-19 19:27 - 2015-08-19 19:27 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-14 18:01 - 2012-01-20 17:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-09-14 17:43 - 2015-02-01 17:01 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 17:43 - 2013-10-31 15:21 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2015-09-14 17:14 - 2015-04-19 19:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 17:12 - 2011-01-03 18:26 - 00000000 ____D C:\Program Files\ESET
2015-09-14 15:30 - 2011-01-03 17:46 - 02063058 _____ C:\Windows\WindowsUpdate.log
2015-09-14 15:09 - 2011-11-12 20:51 - 00000000 ____D C:\Program Files\Steam
2015-09-14 15:06 - 2009-07-14 06:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-14 15:06 - 2009-07-14 06:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-14 15:00 - 2015-02-01 17:01 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 15:00 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-14 15:00 - 2009-07-14 06:39 - 00249436 _____ C:\Windows\setupact.log
2015-09-13 20:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-13 13:49 - 2011-01-17 18:26 - 01210760 _____ C:\Windows\PFRO.log
2015-09-12 18:57 - 2012-06-01 14:11 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-09-12 12:11 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-09-11 18:38 - 2015-03-30 09:52 - 00000000 ____D C:\Users\User\AppData\Local\ftblauncher
2015-09-11 18:18 - 2015-08-01 18:54 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2015-09-11 18:17 - 2014-02-27 20:38 - 00000000 ____D C:\Program Files\Minecraft
2015-09-11 17:13 - 2013-10-21 10:08 - 00000000 ____D C:\Users\User\Documents\Gothic3
2015-09-11 16:29 - 2011-01-04 15:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-11 13:21 - 2015-01-08 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-09 16:22 - 2015-06-27 16:20 - 00000000 ____D C:\Users\User\Desktop\Neben Programme
2015-09-09 16:15 - 2011-05-28 10:08 - 00000000 ____D C:\Users\User\Documents\Spiele
2015-09-09 16:13 - 2011-11-29 15:19 - 00000000 ____D C:\Users\User\Bilder
2015-09-09 16:08 - 2012-12-25 13:07 - 00000000 ____D C:\Program Files\Adobe
2015-09-09 16:07 - 2011-01-16 11:23 - 00000000 ____D C:\Program Files\EA GAMES
2015-09-09 16:06 - 2011-05-03 14:16 - 00000000 ____D C:\Program Files\Electronic Arts
2015-09-09 16:05 - 2011-01-04 16:52 - 00000000 ____D C:\Program Files\LucasArts
2015-09-09 14:54 - 2015-06-23 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\GameRanger
2015-09-06 11:36 - 2014-07-19 22:43 - 00000000 ____D C:\Program Files\OBS
2015-09-04 15:00 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-31 19:08 - 2012-10-20 10:42 - 00000000 ___RD C:\Users\User\Desktop\videosmacher
2015-08-31 15:09 - 2012-04-20 18:15 - 00000000 ____D C:\Program Files\Origin
2015-08-31 15:09 - 2011-10-08 12:34 - 00000000 ____D C:\ProgramData\Origin
2015-08-28 15:02 - 2014-09-07 07:28 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-08-22 08:28 - 2011-04-28 13:04 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-08-19 19:27 - 2012-01-20 17:38 - 00000000 ____D C:\ProgramData\Skype
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2012-10-18 10:20 - 2014-10-25 22:29 - 0138056 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2012-01-12 15:36 - 2013-12-01 10:10 - 0006656 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-28 19:53
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:14-09-2015
durchgeführt von User (2015-09-14 18:06:33)
Gestartet von C:\Users\User\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-01-03 15:48:49)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2980554796-842610410-1348767362-500 - Administrator - Disabled)
Gast (S-1-5-21-2980554796-842610410-1348767362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2980554796-842610410-1348767362-1003 - Limited - Enabled)
Schule (S-1-5-21-2980554796-842610410-1348767362-1001 - Limited - Enabled)
User (S-1-5-21-2980554796-842610410-1348767362-1000 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: ESET NOD32 Antivirus 4.2 (Disabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Disabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Alliance of Valiant Arms (HKLM\...\Steam App 102700) (Version: - )
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version: - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
Combat Arms EU (HKLM\...\Combat Arms EU) (Version: - )
COMPUTERBILD Vorteil-Center (HKLM\...\{B7E68A6D-1C9B-4F18-B021-949115021714}) (Version: 1.1.23 - J3S)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CSS FULL DZ [Oct 15 2007] v18.1 (HKLM\...\CSS FULL DZ [Oct 15 2007]) (Version: v18.1 - GrCs2Ek~)
Cyperia (HKLM\...\{CA9F6B5A-2C32-4CB3-8635-390AB45A8C49}) (Version: 2.0 - Cyperia)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Der Herr der Ringe® - Die Eroberung™ (HKLM\...\{628C3D50-F524-4C49-A958-672CE7953756}) (Version: 1.0.0.1 - Electronic Arts)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
EA SPORTS online 2008 (HKLM\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{17DBC9A6-D723-45E7-8D4C-7C00478B06AB}) (Version: 4.2.64.12 - ESET, spol. s r.o.)
FIFA 08 (HKLM\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
FIFA 12 (HKLM\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 12 DEMO (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.7.0.0 - Electronic Arts)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Gothic 1 (HKLM\...\Gothic 1_is1) (Version: - piranha bytes / Pluto 13 GmbH)
Gothic 3 - Götterdämmerung (HKLM\...\{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}) (Version: 1.0.0 - JoWooD)
Gothic 3 Enhanced Edition (HKLM\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version: - Nordic Games GmbH)
Gothic II (HKLM\...\Gothic II) (Version: - JoWooD Productions Software AG)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MK LOL (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MK LOL) (Version: - )
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.4.0 (HKLM\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Need for Speed™ Most Wanted (HKLM\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - )
Nero 9 Essentials (HKLM\...\{c7d5c462-67fb-4dbf-bbed-5d3a6782ab53}) (Version: - Nero AG)
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Pflanzen gegen Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pokémon Trading Card Game Online (HKLM\...\{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}) (Version: 1.0.0 - The Pokémon Company International)
Prince of Persia T2T (HKLM\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: - )
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.1.2598.3 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Wars Battlefront II (HKLM\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll Keine Datei
==================== Wiederherstellungspunkte =========================
03-07-2015 00:49:19 Windows Update
03-07-2015 11:37:29 Windows Update
04-07-2015 16:21:16 Windows Update
05-07-2015 00:48:09 Windows Update
06-07-2015 00:27:07 Windows Update
06-07-2015 13:37:33 Windows Update
07-07-2015 16:42:58 Windows Update
08-07-2015 00:02:05 Windows Update
08-07-2015 14:30:42 Windows Update
09-07-2015 00:00:48 Windows Update
18-07-2015 19:59:54 Geplanter Prüfpunkt
20-07-2015 10:30:49 Installed Cyperia
21-07-2015 10:51:06 DirectX wurde installiert
01-08-2015 16:22:26 Geplanter Prüfpunkt
07-08-2015 18:06:24 Windows Live Essentials
07-08-2015 18:08:21 DirectX wurde installiert
07-08-2015 18:09:19 DirectX wurde installiert
07-08-2015 18:09:51 DirectX wurde installiert
07-08-2015 18:10:39 WLSetup
09-09-2015 14:52:12 Removed Cyperia
11-09-2015 16:28:43 Entfernt League of Legends
12-09-2015 18:04:23 Removed League of Legends
12-09-2015 18:06:19 Installed League of Legends
12-09-2015 18:06:45 DirectX wurde installiert
13-09-2015 13:56:39 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2015-04-22 10:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05120B8B-C9DE-45FC-9414-DBA168ED6D8B} - System32\Tasks\{E508EDB1-1B6A-4EA8-830D-D44E42906B27} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {1421F044-ADF3-4C7C-A191-C8CACD873A48} - System32\Tasks\{FEF0A5D1-6CDF-47BC-81E0-1C25A73A5752} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM
Task: {15B5DF3F-4AFE-4472-B571-45896165BF35} - System32\Tasks\{8809A844-0BD9-45AC-A222-EC9108A254D6} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads
Task: {259AD77B-4EC5-4251-A982-D02CBD004402} - System32\Tasks\{A0505260-AA58-4B75-B1FB-87B2A2D6ADF5} => pcalua.exe -a C:\Users\User\Downloads\forge-1.7.10-10.13.4.1481-1.7.10-installer-win.exe -d C:\Users\User\Downloads
Task: {322E0348-EBBF-45B1-9FA6-0C973E67FE94} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2980554796-842610410-1348767362-1000
Task: {3549C950-29F9-46B9-A936-3A458947605E} - System32\Tasks\{F5EDFF58-A2BC-474B-AC45-0E5F420215B4} => pcalua.exe -a E:\GameData\Setup.exe -d E:\GameData
Task: {3D4039EC-0416-4BEF-8D9E-B6B9DC060277} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {4027F474-BEE3-4DE0-B6A2-F26EFF3CD23F} - System32\Tasks\{F20100F3-14DB-4979-A131-4C12A05FD21E} => pcalua.exe -a C:\Users\User\Downloads\forge-1.8-11.14.1.1334-installer-win.exe -d C:\Users\User\Downloads
Task: {475E2569-8439-4132-B16B-0E44BF32D308} - System32\Tasks\{838FC016-6ACC-4D83-B395-F7493C30349F} => pcalua.exe -a "C:\Program Files\FreePDF_XP\fpsetup.exe" -c /r
Task: {68EF275A-B886-4DF1-A8F8-BB779E5FC566} - System32\Tasks\{6D88BA9D-A75C-442D-8EE9-D17B3A113591} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {7EE6D388-C5F4-494B-9232-E96182BA6C53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {8731A314-35C5-4C9A-A99E-5AA06433A6AB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {880C4242-24EC-4920-BD4A-E3C79724E728} - System32\Tasks\{C3F92471-0511-49E0-B693-2A386AEB2999} => C:\Program Files\LucasArts\SWKotOR\launcher.exe
Task: {893855DB-7DF0-4DA0-87D7-73123A1BD8AA} - System32\Tasks\{2D6C65C4-2C0B-4F21-8248-58EA50F02A36} => pcalua.exe -a C:\Users\User\Downloads\forge-1.8-11.14.3.1446-installer-win.exe -d C:\Users\User\Downloads
Task: {9231CDF8-2D54-4ED5-951C-996F2DA5FF5F} - System32\Tasks\{8F5D5210-C65D-4549-805A-6DE25EE1229B} => C:\Program Files\LucasArts\SWKotOR\launcher.exe
Task: {929BA8E8-38E7-4D33-BA7D-C2064ED92D48} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {BA00065C-B03F-4E96-A41D-9E59C114DCE1} - System32\Tasks\{97E13E45-1F1A-4D12-9331-83F64BD28E6F} => C:\Users\User\Desktop\Counter Strike\Counter Strike 1.6 Reloaded\cstrike.exe
Task: {BFFC4BD8-2106-4769-B998-C0A704442B42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {C53BF50B-E714-4703-BDD5-224FBB68E2C3} - System32\Tasks\{C28A8C08-CCD2-48B3-A136-ED1FB78A4741} => Firefox.exe hxxp://ui.skype.com/ui/0/7.3.0.101/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {CF8CD24A-A2F2-4605-B3ED-1E4E52EC3783} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {E7B89EAC-0E88-4443-BF15-92AA2629C65B} - System32\Tasks\{6DC09059-B610-42C9-967D-A0B334A4A10A} => C:\Program Files\LucasArts\SWKotOR\launcher.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2011-01-03 18:23 - 2005-01-06 19:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-10-25 08:39 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-10 19:39 - 2015-01-10 21:45 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-09-04 15:49 - 2015-08-28 02:17 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 15:49 - 2015-08-28 02:17 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libegl.dll
2013-03-12 18:10 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-20 18:10 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-01-20 18:10 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-20 18:10 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-23 14:58 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files\Steam\video.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 19:48 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2011-11-12 20:52 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-07-22 18:44 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files\Steam\bin\openvr_api.dll
2011-11-12 20:52 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-01-21 16:54 - 2015-09-12 18:07 - 01294336 _____ () D:\spiele\League of Legends\RADS\system\rads_user_kernel.exe
2015-09-12 18:07 - 2015-09-12 18:07 - 02371064 _____ () D:\spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe
2014-10-31 21:52 - 2015-02-14 21:25 - 00108744 _____ () C:\Program Files\MKJogo\MK IM\LOL\LauncherTransit.dll
2015-09-12 18:08 - 2015-09-12 18:08 - 04322808 _____ () D:\spiele\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe
2015-09-12 18:08 - 2015-09-12 18:08 - 01721336 _____ () D:\spiele\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\RiotLauncher.dll
2015-09-12 18:32 - 2015-09-12 18:32 - 00074752 _____ () D:\spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.159\deploy\LolClient.exe
2014-10-31 21:52 - 2015-08-21 15:41 - 00460488 _____ () C:\Program Files\MKJogo\MK IM\LOL\AirTransit.dll
2015-09-12 18:17 - 2015-09-12 18:17 - 04774248 _____ () D:\spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.159\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-09-14 16:08 - 2015-02-14 21:25 - 01092296 _____ () C:\Program Files\MKJogo\MK IM\Bin\sosfp.exe
2014-10-31 21:52 - 2015-02-14 21:25 - 00799232 _____ () C:\Program Files\MKJogo\MK IM\Bin\sqlite3.dll
2014-10-31 21:52 - 2015-02-14 21:25 - 01721856 _____ () C:\Program Files\MKJogo\MK IM\Bin\RLib.dll
2014-10-31 21:52 - 2015-02-14 21:25 - 01191936 _____ () C:\Program Files\MKJogo\MK IM\Bin\ACE.dll
2014-10-31 21:52 - 2015-08-06 19:04 - 01017544 _____ () C:\Program Files\MKJogo\MK IM\LOL\AddonSkin-LOL.dll
2014-03-21 20:08 - 2015-08-05 16:29 - 00153576 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2013-10-23 14:15 - 2015-08-05 16:29 - 00090088 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2013-10-23 14:15 - 2015-08-05 16:29 - 00103400 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2013-10-23 14:15 - 2015-08-05 16:29 - 00260072 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-23 14:15 - 2015-08-05 16:29 - 00369640 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-21 20:08 - 2015-08-05 16:29 - 00271360 _____ () C:\Program Files\TeamSpeak 3 Client\ssleay32.dll
2014-03-21 20:08 - 2015-08-05 16:29 - 01300992 _____ () C:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files\Notepad++\plugins\NppExport.dll
2011-09-21 22:46 - 2011-09-21 22:46 - 01673728 _____ () C:\Program Files\Notepad++\plugins\NppFTP.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT2
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 11202 mehr eingeschränkte Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: EhttpSrv => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MKLOL => "C:\Program Files\MKJogo\MKLOL\Bin\MKIM.exe" -auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5C89F710-4ABC-4FD3-9196-DEED5D6530D2}] => (Allow) C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [{63BCB089-0826-4392-9FB6-58690C572F2B}] => (Allow) C:\Program Files\GameSpy Arcade\Aphex.exe
FirewallRules: [TCP Query User{C7E8BE54-08BE-4CCC-89BF-B8C5B4CA257A}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe] => (Block) C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [UDP Query User{F8235707-D525-4B1C-A117-5A066D1FD049}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe] => (Block) C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe
FirewallRules: [TCP Query User{F9AC659B-470C-4810-A92C-B70138EB1D52}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{69D77CC3-C9B5-4862-81E0-4DE6559115A1}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [TCP Query User{84FD5F19-A5CB-4398-BF40-E8D01F689502}C:\users\user\documents\battlefield 2\bf2_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2_w32ded.exe
FirewallRules: [UDP Query User{0F51D291-94EA-44C7-B6DF-8C27C59B9687}C:\users\user\documents\battlefield 2\bf2_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2_w32ded.exe
FirewallRules: [TCP Query User{408B0663-90D9-4882-88BB-D3C45C1D4BEA}C:\users\user\documents\cod 4 mw\iw3mp.exe] => (Allow) C:\users\user\documents\cod 4 mw\iw3mp.exe
FirewallRules: [UDP Query User{0A741A9F-622D-42E0-93AB-B732A66B179A}C:\users\user\documents\cod 4 mw\iw3mp.exe] => (Allow) C:\users\user\documents\cod 4 mw\iw3mp.exe
FirewallRules: [TCP Query User{0F37C278-9645-4012-901A-A8A1C1BC21F1}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [UDP Query User{0DEA594D-2D43-49E2-9901-EB4A170674A8}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe] => (Allow) C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [TCP Query User{507B2A52-BA10-4CA3-8422-A109746604DB}C:\program files\valve\counter-strike source\hl2.exe] => (Block) C:\program files\valve\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{4F0C312B-FBA8-432A-BE31-DAE339AB39F6}C:\program files\valve\counter-strike source\hl2.exe] => (Block) C:\program files\valve\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{02A9D0DA-9CD4-4210-A756-6A81DF65DDDE}C:\users\user\documents\battlefield 2\bf2voipserver.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver.exe
FirewallRules: [UDP Query User{6ABC7435-D48A-4A9A-BF1E-A705EC84F72A}C:\users\user\documents\battlefield 2\bf2voipserver.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver.exe
FirewallRules: [TCP Query User{4AFCEFDE-E935-462F-8EDD-62FE0FF3708F}C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe
FirewallRules: [UDP Query User{31FCE11E-46A3-4FF0-B1BC-C40964A5C3FE}C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe] => (Allow) C:\users\user\documents\battlefield 2\bf2voipserver_w32ded.exe
FirewallRules: [{9B6FA295-CED4-4EE9-A541-4E0D4AB1DB89}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{1A0CB137-B936-4D62-8AFF-2C7388EA1086}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [TCP Query User{E9C1DC0A-30CF-478D-8317-38324553AC4D}D:\gp3.exe] => (Allow) D:\gp3.exe
FirewallRules: [UDP Query User{FA85D081-3590-4540-B9BE-7AE9EB2DB1CF}D:\gp3.exe] => (Allow) D:\gp3.exe
FirewallRules: [{4820DBEE-C665-443F-A65A-83055CE61E52}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{C9849DCC-0038-4854-A704-7375FB2BEB8B}] => (Allow) C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{426471A7-CE4B-4B84-9FBE-AE0F90B9AD89}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{9E591538-2838-471C-8854-41E8E7EC3418}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [TCP Query User{1FEECFE1-4BA1-4161-9114-74DBC1C96D88}D:\spiele\counter-strike source\hl2.exe] => (Block) D:\spiele\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{2CA2FE3B-FD52-47EB-B373-B6A7E87D829A}D:\spiele\counter-strike source\hl2.exe] => (Block) D:\spiele\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{53D4DF15-9487-490A-BCA0-85D0264F4076}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{46C05F57-B740-41B7-AF50-B3C6628F5ABA}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{7D2EAE6B-D4D6-4E29-8AB3-537D951A0402}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe] => (Allow) C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe
FirewallRules: [UDP Query User{0D5D7AD0-A48B-409B-B753-4441C9908112}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe] => (Allow) C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe
FirewallRules: [TCP Query User{B4559D05-28E2-4AE6-ACB7-D752EFB6868E}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe] => (Allow) C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe
FirewallRules: [UDP Query User{21C5E3B3-6C11-4E7F-B826-EFC0ACB80AC1}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe] => (Allow) C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe
FirewallRules: [TCP Query User{F76F144E-1F0F-411A-9489-322BD18535BD}C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe
FirewallRules: [UDP Query User{A6D15716-31B3-4484-A5C0-02ED188AE3D0}C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\ec1da36553354b1f93efd5e522e74969\relicdownloader.exe
FirewallRules: [TCP Query User{0321EA23-E509-4C47-BE82-654F8F314948}C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe
FirewallRules: [UDP Query User{D04090BF-4118-4F6E-8287-795CCFF9A56C}C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\f69e8bdb5ad04adb9d3bd3141e77de9e\relicdownloader.exe
FirewallRules: [{070A0BA6-DE24-4259-90A5-040FD7FD1EBD}] => (Allow) D:\Company OF Heros\RelicCOH.exe
FirewallRules: [{CCABCA9E-18ED-4863-9D61-6498F39E11A6}] => (Allow) D:\Company OF Heros\RelicCOH.exe
FirewallRules: [{52E65720-45D1-4AFB-86F2-2125245961C3}] => (Allow) D:\Company OF Heros\RelicDownloader\RelicDownloader.exe
FirewallRules: [{BAB15634-D13F-49D0-91AF-694BD8543116}] => (Allow) D:\Company OF Heros\RelicDownloader\RelicDownloader.exe
FirewallRules: [TCP Query User{4E2E0AE9-1958-454B-87EE-2BE275DFD217}D:\spiele\battlefront 2\gamedata\battlefrontii.exe] => (Allow) D:\spiele\battlefront 2\gamedata\battlefrontii.exe
FirewallRules: [UDP Query User{5CE0C6DC-B44C-4916-9838-748F9E0725EC}D:\spiele\battlefront 2\gamedata\battlefrontii.exe] => (Allow) D:\spiele\battlefront 2\gamedata\battlefrontii.exe
FirewallRules: [TCP Query User{162681B4-C80E-4123-B50D-D280700D37A5}C:\users\user\desktop\longdong2\metin2client.bin] => (Allow) C:\users\user\desktop\longdong2\metin2client.bin
FirewallRules: [UDP Query User{6A0C7431-900B-464B-A682-BED1A88BDB8F}C:\users\user\desktop\longdong2\metin2client.bin] => (Allow) C:\users\user\desktop\longdong2\metin2client.bin
FirewallRules: [{017B6D88-E24B-46F2-93BA-90EF6B0F3994}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{91F27B67-5AB4-4420-A7F0-65D5CBBC3704}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{C1555A24-B404-4322-B40F-B20508830C95}] => (Allow) C:\Program Files\Origin Games\FIFA 12\Game\fifa.exe
FirewallRules: [{E97BF41B-4392-4FAE-99EB-8E19C937A45D}] => (Allow) C:\Program Files\Origin Games\FIFA 12\Game\fifa.exe
FirewallRules: [TCP Query User{99561F90-8709-4B1E-BCDE-9BFC227F7588}D:\spiele\stronghold crusader + extrem\stronghold crusader.exe] => (Allow) D:\spiele\stronghold crusader + extrem\stronghold crusader.exe
FirewallRules: [UDP Query User{17355C09-78BC-46DA-8CD1-BA45B6004EE4}D:\spiele\stronghold crusader + extrem\stronghold crusader.exe] => (Allow) D:\spiele\stronghold crusader + extrem\stronghold crusader.exe
FirewallRules: [{8801DFD3-C9F7-47F4-A173-BE1519C9382B}] => (Allow) C:\Program Files\UBISOFT\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{343DEB72-8136-41B9-87A4-A7797BC2D036}] => (Allow) C:\Program Files\UBISOFT\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{929A7AC9-1BE2-4562-942E-21E86374F8DC}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E435C717-0E83-4B7B-90E2-5BCBC48D62C8}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E7DB0140-0B54-4821-AB67-C8D3B8ECD717}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{F32BC4EC-F3E5-4AC7-94E4-7763ED4954E9}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{851B3CA1-30FD-4D44-995E-4503963C6A0A}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{03B6B1C8-9143-4ED6-9522-F8380C90AB9E}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{6C8DEFE3-E2CB-498F-BC9A-BEFCF701F017}C:\users\user\desktop\metin2client.bin] => (Allow) C:\users\user\desktop\metin2client.bin
FirewallRules: [UDP Query User{8351C05D-22D1-4253-BB0C-DF34F897710E}C:\users\user\desktop\metin2client.bin] => (Allow) C:\users\user\desktop\metin2client.bin
FirewallRules: [TCP Query User{41AF933C-444F-4F87-AB8F-6347B171C8CE}D:\spiele\metin 2\metin2\metin2.exe] => (Allow) D:\spiele\metin 2\metin2\metin2.exe
FirewallRules: [UDP Query User{46DB4B1B-9286-433F-B38B-CC0C05AF3AA0}D:\spiele\metin 2\metin2\metin2.exe] => (Allow) D:\spiele\metin 2\metin2\metin2.exe
FirewallRules: [{E7E503DF-262F-4845-BB60-25CE158D37E6}] => (Allow) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{E27791E2-679D-48EB-A308-E873E9C88AE0}] => (Allow) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{1A5FC6AD-185F-4CB1-B0FF-38A99BCC50E5}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{F26D2A68-B682-47BC-9D50-9A891332060D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [TCP Query User{03C79E2B-00C0-43DF-8EBB-14E76079FABC}C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe
FirewallRules: [UDP Query User{1A243A86-D76E-447C-AE74-4FAE9F371694}C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe] => (Allow) C:\users\user\appdata\local\temp\a823978d835f4cae8dda719a74b3c713\relicdownloader.exe
FirewallRules: [{A53C128C-0397-4FA3-89C2-B08ABB4AA97E}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{1BB48E5E-F6FB-4B11-9146-4814A4BAEFF6}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [TCP Query User{B1A8DAE5-3348-48DE-8577-A5C70CF7D1CC}D:\spiele\gp 3\gp3.exe] => (Allow) D:\spiele\gp 3\gp3.exe
FirewallRules: [UDP Query User{E62E8BDB-9A44-4E1E-8334-C6F6A626C07E}D:\spiele\gp 3\gp3.exe] => (Allow) D:\spiele\gp 3\gp3.exe
FirewallRules: [TCP Query User{AA66586B-B033-40CA-B603-6BDECB6CFF4E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{579F13DA-07CA-4E91-B13D-C90FD23BEFBD}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{C448D492-FC2C-4502-83D6-93E633467E6B}C:\users\user\desktop\cs 1.6\hlds.exe] => (Allow) C:\users\user\desktop\cs 1.6\hlds.exe
FirewallRules: [UDP Query User{BEF59458-7D32-463F-9E91-83E2CA996CA4}C:\users\user\desktop\cs 1.6\hlds.exe] => (Allow) C:\users\user\desktop\cs 1.6\hlds.exe
FirewallRules: [TCP Query User{FBFCB620-630F-43A4-B3F5-825F94F8F52A}C:\users\user\desktop\cs 1.6\hl.exe] => (Allow) C:\users\user\desktop\cs 1.6\hl.exe
FirewallRules: [UDP Query User{A6B1CDB0-DBA7-468D-AF06-C4490DD56727}C:\users\user\desktop\cs 1.6\hl.exe] => (Allow) C:\users\user\desktop\cs 1.6\hl.exe
FirewallRules: [TCP Query User{A704E406-989F-4F30-BC47-9605B17823D8}C:\users\user\desktop\pandora2 reloadet\metin2client.exe] => (Allow) C:\users\user\desktop\pandora2 reloadet\metin2client.exe
FirewallRules: [UDP Query User{D13ED2E8-5A9F-4663-BD09-7FA005D332CE}C:\users\user\desktop\pandora2 reloadet\metin2client.exe] => (Allow) C:\users\user\desktop\pandora2 reloadet\metin2client.exe
FirewallRules: [TCP Query User{C13E44B7-A89F-43B0-A0EA-EA79B29AA239}C:\users\user\desktop\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.bin
FirewallRules: [UDP Query User{D24FCCF9-982F-4E81-A619-3A131F772D8D}C:\users\user\desktop\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.bin
FirewallRules: [TCP Query User{41963AFE-5ECD-48A0-944E-FF245DC43B9D}C:\users\user\desktop\xtrememt2-2012\metin2client.exe] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.exe
FirewallRules: [UDP Query User{DEB4DD0A-0B53-4DA2-A86F-3ADB12FE7DDE}C:\users\user\desktop\xtrememt2-2012\metin2client.exe] => (Allow) C:\users\user\desktop\xtrememt2-2012\metin2client.exe
FirewallRules: [TCP Query User{818ADF39-BE57-48F5-8BE1-A0B19CAA5CE2}C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin
FirewallRules: [UDP Query User{F53FF6FA-01E5-4021-84AB-094B9F913B9E}C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin] => (Allow) C:\users\user\desktop\programme\xtrememt2-2012\metin2client.bin
FirewallRules: [TCP Query User{7A9B1570-CC3F-4A45-A099-7DBA68CE88BC}C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [UDP Query User{27B2AF27-3D26-4F67-A574-FED32DA84DF5}C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\desktop\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [TCP Query User{67736FA7-2C6C-4C53-9EC7-E1171E4BB80B}C:\users\user\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [UDP Query User{4C78E1DE-BF4B-4224-B3C0-73AC5D1C2ED9}C:\users\user\hardcore reloaded\.hardcore reloaded.exe] => (Allow) C:\users\user\hardcore reloaded\.hardcore reloaded.exe
FirewallRules: [TCP Query User{A49A8FCE-C4FD-4FE0-B5F1-AF37FCDA7487}C:\users\user\hardcore reloaded\metin2client.bin] => (Allow) C:\users\user\hardcore reloaded\metin2client.bin
FirewallRules: [UDP Query User{5975999C-C1C4-4607-B609-F8BC61C01803}C:\users\user\hardcore reloaded\metin2client.bin] => (Allow) C:\users\user\hardcore reloaded\metin2client.bin
FirewallRules: [TCP Query User{E082394A-25B8-47B8-A922-DE609008AC51}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{F33BBAE8-5A81-4BA7-9900-897CFFD11FAB}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{9DCF453E-1AC8-46F6-83B4-2033B6B35D61}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{C19E4895-B3C9-4887-B21D-E1B49E44A0AF}] => (Allow) C:\Program Files\EA GAMES\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{2AB2654B-7972-45AC-A240-1B32D2D2A7F2}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{6E84B1E9-5E7D-4707-BEAD-8F5DC0547DB6}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8E9F19B8-DE9E-4C6C-94FD-34B923D1E76C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{E0E43190-7BC1-4774-B2B5-D19F7B4C240C}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [TCP Query User{E221BBA6-5ABA-4F12-9A2F-FD20D293322A}D:\call of duty v world at war\codwaw.exe] => (Allow) D:\call of duty v world at war\codwaw.exe
FirewallRules: [UDP Query User{1FB4ABA9-2651-4480-A32E-8F4FBD6A84A5}D:\call of duty v world at war\codwaw.exe] => (Allow) D:\call of duty v world at war\codwaw.exe
FirewallRules: [{A7D0700F-665F-4136-A0E4-99B6005C3816}] => (Block) D:\call of duty v world at war\codwaw.exe
FirewallRules: [{6F50C6ED-0C77-4C47-B5FD-8E19146BBBEC}] => (Block) D:\call of duty v world at war\codwaw.exe
FirewallRules: [TCP Query User{4C5A49A4-48EF-47BA-A3D7-CDB1BC1433DA}D:\call of duty v world at war\codwawmp.exe] => (Allow) D:\call of duty v world at war\codwawmp.exe
FirewallRules: [UDP Query User{C96D29AE-DEAC-4209-B7F7-981C6E14FA1E}D:\call of duty v world at war\codwawmp.exe] => (Allow) D:\call of duty v world at war\codwawmp.exe
FirewallRules: [TCP Query User{5EBB8A61-770B-4FF4-AE25-BBA1F9735574}D:\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [UDP Query User{7F831C66-F591-4ABE-9A05-4AD7FAC5BB9A}D:\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [{34927CAA-3A7E-45B9-A20F-A735B468CA42}] => (Block) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [{816BC67B-C62B-4B86-B3B1-040F745B3633}] => (Block) D:\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [TCP Query User{C01E5FFE-B5CA-47CF-A3DB-8B078B7DF220}C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [UDP Query User{6DE07D49-6478-4BF8-B6FB-62EB37CBD344}C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [TCP Query User{A44621D6-C404-4935-AC9B-3CF2DA559FC6}C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [UDP Query User{CFBBAF91-8FC6-4DCE-9BF6-19C3DEE96C95}C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [TCP Query User{2CD02FEC-F681-4F1D-9CD6-BFEA4FEBF211}C:\users\user\documents\call of duty v world at war\codwaw.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw.exe
FirewallRules: [UDP Query User{F2A70A44-DC48-44F7-AF40-32C4D8105C6C}C:\users\user\documents\call of duty v world at war\codwaw.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwaw.exe
FirewallRules: [TCP Query User{7598DB2F-E399-424D-A3E4-8EE74ED58182}C:\users\user\documents\call of duty v world at war\codwawmp.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwawmp.exe
FirewallRules: [UDP Query User{A07BC4C7-E7A5-4A5A-9A4A-DACE567EE419}C:\users\user\documents\call of duty v world at war\codwawmp.exe] => (Allow) C:\users\user\documents\call of duty v world at war\codwawmp.exe
FirewallRules: [TCP Query User{2685C0EE-08B4-4DC5-BF05-096BD6D9C9A7}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{31A664C6-A385-4E74-93F4-E2A263C98836}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{6CB5FB7C-AB1B-4389-BB87-58D878441190}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{942C8FC2-E213-4858-AFAF-168F60FF1A3A}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [TCP Query User{C7F5D76E-594B-4DBA-A6A7-AC84EBD99B17}C:\program files\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{2B8E0844-72B7-4F90-97E3-126A8753B460}C:\program files\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [TCP Query User{6C58738E-57C5-4EED-998D-DAF1CC1F8D8B}D:\spiele\need for speed most wanted\speed.exe] => (Allow) D:\spiele\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{D6455C1C-4AF8-4AEC-B857-B5463A4712D6}D:\spiele\need for speed most wanted\speed.exe] => (Allow) D:\spiele\need for speed most wanted\speed.exe
FirewallRules: [TCP Query User{7E48864F-3324-434D-9D51-386C24DDC6D0}D:\spiele\gta san andreas\gta_sa.exe] => (Allow) D:\spiele\gta san andreas\gta_sa.exe
FirewallRules: [UDP Query User{CE29F317-A5DC-4E62-959B-9989D86723D2}D:\spiele\gta san andreas\gta_sa.exe] => (Allow) D:\spiele\gta san andreas\gta_sa.exe
FirewallRules: [TCP Query User{991BD337-F0D3-4ABB-AAF2-895A0A42AAEE}C:\program files\lolreplay\lolreplay.exe] => (Allow) C:\program files\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{617CDD58-62E1-4D10-AB2F-61484A8FF377}C:\program files\lolreplay\lolreplay.exe] => (Allow) C:\program files\lolreplay\lolreplay.exe
FirewallRules: [{C0343FAF-3D17-4F5E-8248-DDCF9C5E0467}] => (Allow) LPort=25565
FirewallRules: [{DC793143-5952-4F04-837B-0BED97A9AD65}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{C9A6DFE3-658E-4D91-BB04-1F8B5E3D8B4A}D:\spiele\hardcore-reloaded\.hardcore reloaded.exe] => (Allow) D:\spiele\hardcore-reloaded\.hardcore reloaded.exe
FirewallRules: [UDP Query User{25914DD8-D9BB-4E75-AFB8-EDC272519CAA}D:\spiele\hardcore-reloaded\.hardcore reloaded.exe] => (Allow) D:\spiele\hardcore-reloaded\.hardcore reloaded.exe
FirewallRules: [{21E5A1B0-6144-4315-9724-A2E471F4875C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{9BCFE08D-93F0-47AB-9AE1-3A4754018E95}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{C8F4B8D5-B0DA-443E-8D43-1F56045B696C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{35D5D4FC-AF3B-410E-A4E0-B1550C73ADF8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{0D292151-DA4D-43A2-B99B-F00839BFBFF7}D:\spiele\hardcore-reloaded\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\metin2client.bin
FirewallRules: [UDP Query User{1148E299-586E-410B-8E26-C2DD79D45423}D:\spiele\hardcore-reloaded\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\metin2client.bin
FirewallRules: [{0A0D712B-FF30-4FDE-BFDF-0E3EE6E30064}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{1880D8B8-115E-42F8-8E1D-9DD46BAA8F1D}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{FEA536F1-9342-4FF1-BFD1-BD21E57C5E27}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe
FirewallRules: [{7109BD34-991B-4523-B8A8-BE1DDB93E77C}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe
FirewallRules: [TCP Query User{74249E81-D89D-47D5-8CF7-ECC4ECD2CC4F}D:\spiele\gta san andreas\server\mta server.exe] => (Allow) D:\spiele\gta san andreas\server\mta server.exe
FirewallRules: [UDP Query User{805EA52D-3EC0-4E37-B207-1FE69B5DFE78}D:\spiele\gta san andreas\server\mta server.exe] => (Allow) D:\spiele\gta san andreas\server\mta server.exe
FirewallRules: [{2C00857D-1F06-49E2-BCC6-D2C80C5A2AB3}] => (Allow) C:\Program Files\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{3B9E72E8-1BE7-4D7B-AE59-873D29A9A2D4}] => (Allow) C:\Program Files\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{D8DF0F83-A832-436E-9B99-83306B93165F}] => (Allow) C:\Program Files\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{AFAB371D-6366-4397-944B-EF7F537CFEE1}] => (Allow) C:\Program Files\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{EE113D59-C44E-4E01-B602-3CC5E110BB37}D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe] => (Allow) D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe
FirewallRules: [UDP Query User{608C08E0-9482-4475-B106-1608AC361C72}D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe] => (Allow) D:\spiele\allianz of army\steamapps\common\ava\binaries\ava.exe
FirewallRules: [{BA7485F6-A6F1-41B4-BAA5-DBEAD4F6EB3B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{89A607A8-E276-45B9-92C1-40B16E19B9A8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{2D9491CC-7FF7-4ADC-A769-9D9C72DDC154}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{FFDBEAB1-DA9B-49D5-BC75-1E601477E685}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{79FBD39C-6190-4E33-A844-A1A3E7B369F5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{A5AF03E6-5D0F-4F38-9626-93BFAD574D0B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [TCP Query User{D676F570-74F5-4609-8CDC-56C62C9CE4CE}D:\spiele\world of warfighters\wowplauncher.exe] => (Allow) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [UDP Query User{FFA7D318-A5FC-4E1E-BF82-51DA9D498304}D:\spiele\world of warfighters\wowplauncher.exe] => (Allow) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [{65BE3436-7D41-438B-9795-9C7065F57CDA}] => (Block) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [{E49586F6-73F6-48CE-979D-AD6CE1FA7ED3}] => (Block) D:\spiele\world of warfighters\wowplauncher.exe
FirewallRules: [{3720E0E3-F559-4024-8A56-932F5643F8A5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4D57AC82-01E9-46A7-AFB5-79893E8463EF}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{39787381-1464-46BC-AE10-AAB098072800}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{FB61183A-7DE9-4414-9DFB-722916C57AFA}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{71DD81FF-0BB0-4757-A893-8F81BACCAEFA}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{BD44D8F5-91DF-4992-A361-49A6872093C8}] => (Allow) C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{B9B0F6B7-49B0-4BFD-B0BF-F39A2173FD6E}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F1056B6C-7FAF-4551-B091-9837037652B5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{1A203B36-0F1A-47E6-90B3-2EA2106CCF1D}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [UDP Query User{2131890F-0712-4974-9489-8DDFA3B8F767}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [{3AABF05B-7E4A-4D41-B6E3-F8CA4C2C913F}] => (Allow) C:\Users\User\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
FirewallRules: [{C47BF929-F56E-42F4-858B-7CB15341C847}] => (Allow) C:\Users\User\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
FirewallRules: [{E3966037-DA0D-40E7-8A34-D16191A19FDA}] => (Allow) LPort=9091
FirewallRules: [{07A9678D-D431-423E-9182-65F4960C91A7}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0D5886CE-B300-446C-B3FF-DE0BC41BE28A}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4BBFBCBE-1AE5-4A3E-A29B-BFCA6B1A5428}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B30E22E2-0987-4053-B52E-4F0A5249CE44}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E9545908-177C-44D6-A537-95F81D1977B9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{DC48B77B-91A6-462D-8227-AD95A53780E1}C:\program files\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{5A73BDF2-D5D9-4FD4-9A47-C68CBAE389F5}C:\program files\steam\steamapps\common\planetside 2\planetside2.exe] => (Allow) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{DCBDCFA1-7B2B-4F73-A6F6-30F216CCDAED}] => (Block) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [{0E5FB942-DEAC-477C-A6D5-AC1FE1D8CDF3}] => (Block) C:\program files\steam\steamapps\common\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{E808BFAD-E751-4A8B-BC46-A7BC78330F2F}D:\spiele\hardcore-reloaded\bin\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{77410412-36A9-4732-866D-43C8B6404286}D:\spiele\hardcore-reloaded\bin\metin2client.bin] => (Allow) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{B695C78A-3A0C-467A-AF39-3491390B495A}] => (Block) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{19F76487-AFEC-4030-8E4F-B0B8C85221FD}] => (Block) D:\spiele\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{21BD3EA0-5FED-486C-A319-CB90C9C0009C}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{85F65C49-EC35-4D59-83BB-45F89A4D85A9}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{57798561-3F23-4237-BE76-CCD83B5BFB3D}] => (Block) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{AACAA219-9E7F-4C90-9983-57A61951222A}] => (Block) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{7798D5EE-D713-4E52-A367-299D2E7F4894}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA35C1BD-E7E6-4904-8757-7AFEAB2D609B}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7AB6D364-DCB6-44B4-9CAB-9C237826F74E}] => (Allow) C:\Program Files\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{A74CA989-6BA5-43C8-9716-E70CD99D369D}] => (Allow) C:\Program Files\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{BCD73852-C201-4276-9380-EA0B7CC05FC7}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{22F263ED-E055-4351-B461-4A8A384DCE4E}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{B90A11E3-BA53-4752-BE72-A31C8690B7E5}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{7F9FD48A-8F7C-47D9-B2EA-35571895FE86}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{665794C4-E845-4477-96FC-ED56F26B2B6B}] => (Allow) C:\Program Files\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{E135BB5A-3820-4675-A89A-152D760B4990}] => (Allow) C:\Program Files\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [TCP Query User{A009FD73-383B-4DF7-817F-5190459784D9}C:\program files\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files\mkjogo\mklol\bin\mkim.exe
FirewallRules: [UDP Query User{069ACED8-4C2D-413C-8BA4-0EF11CBEB1D5}C:\program files\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files\mkjogo\mklol\bin\mkim.exe
FirewallRules: [{EB38FE61-B109-43CD-B0BB-16C6B3990F9E}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{BE505FAC-CB76-4CDB-9F89-7A7981E53271}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{5EE6484A-0197-4F58-85FA-F31EB2CFDEB2}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{286E672A-933B-430E-B919-1B96586CC8B4}] => (Allow) D:\spiele\Uplay\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{9F3906F1-821F-438E-8F35-3C7B8758A8AC}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{1961F378-4823-4437-B7E2-7CD76F178697}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{41B29B53-5649-4AB7-B2EF-E09D093941D1}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{989D7BAE-8B4E-497E-A530-8E346F0867A6}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{E76BC232-FCCD-40FA-9FB3-E1F724FC47D9}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{99ED37BC-E966-4C13-99E6-1F77C9AF8367}] => (Allow) D:\spiele\Gothic1\system\GOTHIC.EXE
FirewallRules: [{19969117-B289-485B-8907-3A5373F548E5}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{CF43F76A-B097-46FE-855F-FF2FC49C96AE}] => (Allow) D:\spiele\Combat Arms EU\NMService.exe
FirewallRules: [{020EEADE-103A-450E-B723-7DF63505F361}] => (Allow) D:\spiele\Combat Arms EU\NMService.exe
FirewallRules: [{1AAA9CB6-3BD1-4672-AAAD-9D351F83C355}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{D598434A-D9BC-4526-A7CB-8DFEDD0705F5}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\AVA\NWZLauncher.exe
FirewallRules: [{EC1F2C18-7EA2-4340-B179-56D0F1848719}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9464B8A9-D393-4A3B-B806-5C4A6A97F2C7}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{7122BDDE-544B-4F69-A24E-56D43E441EA1}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{15C1040A-6CDA-430C-A6A4-9A94F8B6D7A8}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{CEA08321-B4AA-45E2-8D50-0106FA42CF29}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{CBAF136E-F125-41B4-9D31-D232C056BF58}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{74C28661-7880-4544-A4A7-1CC2D65BECFE}C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5AD98A09-B7C9-4C58-9DEE-849ED243BF0B}C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\user\downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{A4095E85-839A-4DC6-921F-AB470A299B62}] => (Allow) LPort=5000
FirewallRules: [{168A437E-7223-4B61-9250-6E1B187D44E9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C633B217-D36A-45B5-BA34-640C24376D29}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1630779-200F-4483-B521-209F2F7CE18D}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{A3D1656B-75B2-439D-BE0E-C8B12DFED30D}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{90F1D3E9-DE02-409E-ABC0-3D883134C057}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{449F888D-502E-4CF3-8D05-62C03C3FECB9}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{218F00BC-46DB-4694-8A3C-F0A9D3D3FE1A}D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{02A7D6BE-3556-495F-BE1C-0E02D531E1EE}D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\spiele\smite\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{6C0B0D41-97BC-4868-B1FF-9C551B358B6B}D:\spiele\gta 2\gta sa\gta_sa.exe] => (Allow) D:\spiele\gta 2\gta sa\gta_sa.exe
FirewallRules: [UDP Query User{6A676A3D-5AF9-485C-8974-E13B25395E6C}D:\spiele\gta 2\gta sa\gta_sa.exe] => (Allow) D:\spiele\gta 2\gta sa\gta_sa.exe
FirewallRules: [TCP Query User{D359C661-7414-40AF-954B-8E09778D3DFF}C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2081E2FA-3C21-4859-8AE3-9047060160A2}C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\temp.user-pc\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4F07E0F8-312A-4B6B-9E3E-D89244E1FAA1}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8E730B5D-1A57-4AC8-BA0D-B26C1762C021}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DE29B77A-C6C7-4C09-8D2F-3F36BC3ECC81}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{5669AADA-80C9-47DE-B622-F62CE57B57E3}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{22E6FC7C-849A-4034-B442-5DE265D8A3D5}] => (Allow) D:\spiele\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{C33DB2C6-FA73-41E3-99C1-BDE7C640EF7C}] => (Allow) D:\spiele\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{1A1C04D0-BBE3-4E10-8C77-FF3501C61AB1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E2C16622-A8BB-427E-94B1-5CF9F8F3DF25}D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe
FirewallRules: [UDP Query User{5C9BDB07-A176-4AE3-BBBA-38B943CA117F}D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base35634\heroesofthestorm.exe
FirewallRules: [TCP Query User{5A2ACB00-7652-493D-9C93-0FF52EDBB8D7}C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{208DA322-77B8-44C8-A0C0-44A06EA3360F}C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\user\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{B3D06D16-BC47-4F2D-A575-EBEE804911E8}C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [UDP Query User{FB0492AF-F509-42CA-8446-18C747CBDB0C}C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw einzelspieler.exe
FirewallRules: [TCP Query User{D0F32DEC-E2FA-4180-BF91-E8514954DED0}C:\users\user\desktop\blur\blur.exe] => (Allow) C:\users\user\desktop\blur\blur.exe
FirewallRules: [UDP Query User{8F8BAF2A-F8DA-42B0-B125-FB367937AF1E}C:\users\user\desktop\blur\blur.exe] => (Allow) C:\users\user\desktop\blur\blur.exe
FirewallRules: [TCP Query User{57B4B083-2A93-4B3E-8232-CF30FA93B08D}C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [UDP Query User{4C2B1B87-5B21-41E6-9091-0A35A508A514}C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe] => (Allow) C:\users\user\desktop\call of duty v world at war\codwaw multiplayer.exe
FirewallRules: [TCP Query User{5500933C-8876-4DA1-BB44-F467B3FC42D4}C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe] => (Allow) C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{1CD1CF4D-7DEF-4056-9E99-FB81A1A18646}C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe] => (Allow) C:\users\user\desktop\call of duty iv modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{D7C04170-C00E-43AE-A940-081F896027C1}C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe] => (Allow) C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe
FirewallRules: [UDP Query User{BA96DA12-0CA6-424A-A052-E0BE7D20C658}C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe] => (Allow) C:\users\user\desktop\counter strike\counter strike 1.6 reloaded\hl.exe
FirewallRules: [TCP Query User{5FC252D0-E228-46D3-A910-B11D881841A5}D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe
FirewallRules: [UDP Query User{0BC2AD47-17B4-409B-99EF-46AB9FCDDE73}D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe] => (Allow) D:\spiele\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm.exe
FirewallRules: [TCP Query User{312CA0EC-877E-44F0-AD51-07853BB4FDD2}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{186326EC-1AC1-46F8-B44C-F7D536290A36}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{47375F08-2D17-494F-AF35-281DFD602012}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B148319A-6879-48DC-9FF0-4CEE878A22C2}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{741A36AC-AC58-46D4-8BCD-FC2B2F20C791}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB989E45-1F56-464C-8DD4-B16FDBA18C43}] => (Allow) LPort=2869
FirewallRules: [{A33EB819-DA9B-43A3-AA4F-5A1A689A7A75}] => (Allow) LPort=1900
FirewallRules: [{05ACEC19-AE47-4199-A11B-935DB38320B2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{1818DA9B-9EB8-4475-98C3-0DECCFFE60EB}C:\users\user\desktop\neben programme\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\modernadmin.exe
FirewallRules: [UDP Query User{3E3E2EBC-CC62-41A5-8CE2-70828DB6A146}C:\users\user\desktop\neben programme\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\modernadmin.exe
FirewallRules: [TCP Query User{DE9EC5FB-ED96-4AAF-94EE-2640D26AF8A6}C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe
FirewallRules: [UDP Query User{FA3E80BE-0AD7-40AD-8181-1E54242CC23E}C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe] => (Allow) C:\users\user\desktop\neben programme\kicktool mw3\modernadmin.exe
FirewallRules: [{CC6731E1-0517-4E2B-9CE7-462BBAD16FBF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8CB68DC3-A84F-465C-AF07-44C56D81E860}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{86A30029-EDD2-4C52-9D50-D9525FC867E5}] => (Allow) D:\spiele\Allianz of Army\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/13/2015 01:56:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {bad57e65-2f2a-4312-9e33-0d26cda3d07f}
Error: (09/12/2015 06:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x1604
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (09/12/2015 06:06:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {21bd745c-b421-49da-a80c-4f732c9b40cc}
Error: (09/12/2015 06:06:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6787d9a6-92ed-423f-be1a-f85fdeaba38f}
Error: (09/12/2015 06:06:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {21bd745c-b421-49da-a80c-4f732c9b40cc}
Error: (09/12/2015 06:06:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {21bd745c-b421-49da-a80c-4f732c9b40cc}
Error: (09/12/2015 06:04:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {21bd745c-b421-49da-a80c-4f732c9b40cc}
Error: (09/11/2015 04:28:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {5e270441-3e19-4d54-823a-ba74dfabc570}
Error: (09/09/2015 02:52:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {55aa840d-a7df-4e2f-9881-b979a16f9e8a}
Error: (09/06/2015 11:41:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x17f8
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Systemfehler:
=============
Error: (09/14/2015 03:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/14/2015 03:01:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Hi-Rez Studios Authenticate and Update Service erreicht.
Error: (09/13/2015 08:17:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/13/2015 08:09:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/13/2015 02:44:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (09/13/2015 01:57:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/13/2015 01:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/13/2015 01:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/13/2015 01:57:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/13/2015 01:57:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 3582.05 MB
Verfügbarer physikalischer RAM: 1781.7 MB
Summe virtueller Speicher: 7162.41 MB
Verfügbarer virtueller Speicher: 3913.91 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:298.73 GB) (Free:45.75 GB) NTFS
Drive d: (System) (Fixed) (Total:632.68 GB) (Free:451.07 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16712F0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=632.7 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
MFG feuerstein98 |
|
15.09.2015, 16:32
| #12 |
| /// the machine /// TB-Ausbilder | Computer seid 1 Woche ungewöhnlich langsam Java udpaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\User\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe
C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe
D:\spiele\Gta 2\GTA SA\www.GameModding.net\Uninstall(Elegy)139963-nissan-240sx-monster-energy-gtasa.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2015, 19:36
| #13 |
| | Computer seid 1 Woche ungewöhnlich langsam Guten Abend, danke für Ihre große Hilfsbereitschaft und Mithilfe. Mein Computer ist nun so schnell wie früher! Hier die Fixlog Datei: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:14-09-2015
durchgeführt von User (2015-09-15 17:37:42) Run:1
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\User\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe
C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe
D:\spiele\Gta 2\GTA SA\www.GameModding.net\Uninstall(Elegy)139963-nissan-240sx-monster-energy-gtasa.exe
Emptytemp:
*****************
C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe => erfolgreich verschoben
C:\Users\User\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe => erfolgreich verschoben
C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe => erfolgreich verschoben
D:\spiele\Gta 2\GTA SA\www.GameModding.net\Uninstall(Elegy)139963-nissan-240sx-monster-energy-gtasa.exe => erfolgreich verschoben
EmptyTemp: => 1.3 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende vom Fixlog 17:40:30 ====
feuerstein98 |
|
16.09.2015, 16:40
| #14 |
| /// the machine /// TB-Ausbilder | Computer seid 1 Woche ungewöhnlich langsam Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Computer seid 1 Woche ungewöhnlich langsam |
| arten, compu, computer, dauert, guten, hoffe, lange, langsam, problem, sobald, starte, starten, troja, trojaner, trojaner-board, ungewöhnlich, webseite, webseiten, woche |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
