|
Plagegeister aller Art und deren Bekämpfung: Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.09.2015, 13:42 | #1 |
| Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen Hallo liebes Trojaner Board, Ich habe heute einen Malwarescan mit Malwarebytes Anti-Malware 2.1.8 durchgeführt und es gab einen Fund: Trojan.Siredef.C. Nach dem was ich im Internet lesen konnte, ist diese Malware nicht gerade harmlos. Ich frage mich deshalb, ob das Problem durch das Verschieben in die Quarantäne erledigt ist, oder ob die Malware weiterhin ihr Unwesen auf meinem Rechner treiben kann. Ich denke es ist nicht verkehrt, wenn ich schonmal das Logfile meines MBAM Scans hier poste. Ich würde mich sehr freuen, wenn sich jemand mein Problem anschauen könnte. Ich kenne mich hobbymäßig auch mit Programmieren/PCs etwas aus und bin deshalb auch nicht beruhigt, nur weil mein Malwarescanner beim zweiten Durchgang "0 Funde" anzeigt. Leider bin ich aber nicht in der Lage, meinen PC auf eigene Faust zu bereinigen (es sei denn MBAM hat dies erledigt). Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 18.09.2015 Suchlaufzeit: 13:26 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.18.04 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Administrator Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 446994 Abgelaufene Zeit: 25 Min., 7 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 Trojan.Siredef.C, C:\$RECYCLE.BIN\S-1-5-21-1176592850-2972094272-1075556021-1002\$RUDUJEG\l, , [b3a9fd343457a591e346be4339c79070], Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) SoftDrive P.S.: Ich bin mir nicht sicher, ob ich schon mit den anderen Tools, die in dem "Lesen bevor man postet" Thread genannt werden, logfiles erstellen soll und posten oder nicht. Ich werde dies aber falls gewollt gerne erledigen. |
18.09.2015, 13:45 | #2 |
/// the machine /// TB-Ausbilder | Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
18.09.2015, 14:34 | #3 |
| FRST Hallo schrauber,
__________________vielen Dank für deine Antwort. Das ging ja fix Anmerkung: - Die Dateien hatte ich zu FRST_1 und Addition_1 unbenannt, da ich nach dem ersten Scan sah, dass bei einigen Prozessen im Log etwas Stand wie "Kein Zugriff" und habe mir gedacht, dass der Scan eventuell mit Admin-Berechtigungen besser funktioniert (auch wenn dies nicht explizit in der Anleitung erwähnt war). Umbenannt habe ich dann, da ich die Logs des ersten Scans in ihrer Form beibehalten wollte. Habe dann bemerkt, dass die neue FRST.txt praktisch leer ist, und keine neue Addition.txt erstellt wurde. Ich kann nur spekulieren, weshalb dies so ist. Wollte das auf jeden Fall klarstellen. Falls ich durch diese Handlung den Prozess unnötig erschwert habe, möchte ich mich schonmal dafür entschuldigen. Hier die Logs: FRST (1st scan, keine Admin Berechtigung; eventuell nach zweitem Scan automatisch angepasst): FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von Administrator (Administrator) auf TOSHIBA (18-09-2015 15:13:41) Gestartet von C:\Users\Matthias\Desktop Geladene Profile: Matthias & Administrator & (Verfügbare Profile: Matthias & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Windows\SysWOW64\SMITSC.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe (Spotify Ltd) C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-12] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-10] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [Syncios device service] => C:\Users\Matthias\Syncios\SynciosDeviceService.exe HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-08] (Spotify Ltd) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-08] (Spotify Ltd) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-08] (Spotify Ltd) HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.) HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.) HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-03-17] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5F0A2998-F66B-4FBF-9B8D-22285F4278F5}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{D94BEBDA-8147-4AB4-B78B-7B2CBA10ED73}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yaivfozv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin HKU\S-1-5-21-1176592850-2972094272-1075556021-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Keine Datei FF Plugin HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Keine Datei FF Plugin HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Keine Datei Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-10] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-10] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2015-01-08] () [Datei ist nicht signiert] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH) S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation) S3 iscFlash; C:\Windows\Temp\ArchesP10SP10SG_BIOS_V150_WIN\x64\iscflashx64.sys [60680 2013-02-25] (Insyde Software) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 mpfilt; C:\Windows\SysWOW64\drivers\mpfilt.sys [10588 2013-05-21] () [Datei ist nicht signiert] R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3497240 2015-03-23] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-18 15:11 - 2015-09-18 15:11 - 00054471 _____ C:\Users\Matthias\Desktop\Addition_1.txt 2015-09-18 15:10 - 2015-09-18 15:13 - 00025600 _____ C:\Users\Matthias\Desktop\FRST_1.txt 2015-09-18 15:10 - 2015-09-18 15:13 - 00000000 ____D C:\FRST 2015-09-18 15:10 - 2015-09-18 15:10 - 02191360 _____ (Farbar) C:\Users\Matthias\Desktop\FRST64.exe 2015-09-18 14:11 - 2015-09-18 14:11 - 01662976 _____ C:\Users\Matthias\Desktop\AdwCleaner.exe 2015-09-18 14:06 - 2015-09-18 14:06 - 00001298 _____ C:\Users\Administrator\Desktop\mbam.txt 2015-09-18 13:24 - 2015-09-18 14:07 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-18 13:24 - 2015-09-18 13:25 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-18 13:24 - 2015-09-18 13:24 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-18 13:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-18 13:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-18 13:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-18 13:18 - 2015-09-18 13:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Downloads\mbam-setup-2.1.8.1057(1).exe 2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Python35 2015-09-18 12:58 - 2015-09-18 12:58 - 29495840 _____ (Python Software Foundation) C:\Users\Matthias\Downloads\python-3.5.0-amd64.exe 2015-09-18 12:56 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5 2015-09-18 12:55 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Matthias\AppData\Local\Package Cache 2015-09-18 12:55 - 2015-06-04 15:28 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-09-18 12:48 - 2015-09-18 12:48 - 00483100 _____ C:\Users\Matthias\Downloads\Console-1.5.zip 2015-09-18 12:28 - 2015-09-18 12:30 - 00001944 _____ C:\Users\Matthias\Desktop\Flights.txt 2015-09-17 20:43 - 2015-09-17 20:43 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\TDM-GCC 2015-09-17 20:42 - 2015-09-17 20:43 - 00000000 ____D C:\TDM-GCC-32 2015-09-17 20:21 - 2015-09-17 20:21 - 00002642 _____ C:\Users\Matthias\Downloads\FctParser-Sources.zip 2015-09-17 17:11 - 2015-09-17 17:11 - 00028567 _____ C:\Users\Matthias\Downloads\source.zip 2015-09-17 16:00 - 2015-09-17 16:00 - 00044163 _____ C:\Users\Matthias\Downloads\rapidxml-1.13.zip 2015-09-17 14:59 - 2015-09-17 14:59 - 00039997 _____ C:\Users\Matthias\Downloads\bigint-2010.04.30.zip 2015-09-17 14:59 - 2015-09-17 14:59 - 00014088 _____ C:\Users\Matthias\Downloads\bigint-6-0-src.7z 2015-09-17 14:58 - 2015-09-17 14:58 - 02319400 _____ C:\Users\Matthias\Downloads\gmp-6.0.0a.tar.bz2 2015-09-17 13:46 - 2015-09-17 15:05 - 00016950 _____ C:\Users\Matthias\Desktop\bigint.txt 2015-09-17 13:38 - 2015-09-17 13:38 - 00008492 _____ C:\Users\Matthias\Downloads\sercantutar-infint-6af5513.zip 2015-09-17 13:20 - 2015-09-17 13:20 - 00655252 _____ C:\Users\Matthias\Downloads\tidy.tar.gz 2015-09-17 13:19 - 2015-09-17 13:19 - 00109149 _____ C:\Users\Matthias\Downloads\tidy.zip 2015-09-17 13:19 - 2015-09-17 13:19 - 00079219 _____ C:\Users\Matthias\Downloads\libtidy.7z 2015-09-17 13:10 - 2015-09-17 13:10 - 62070761 _____ C:\Users\Matthias\Downloads\gtkmm-win32-devel-2.22.0-2.exe 2015-09-17 13:05 - 2015-09-17 13:05 - 00959900 _____ C:\Users\Matthias\Downloads\libxml++-2.39.2.tar.xz 2015-09-17 13:04 - 2015-09-17 13:05 - 00313290 _____ C:\Users\Matthias\Downloads\curlpp-master.zip 2015-09-17 00:06 - 2015-09-17 00:06 - 36802006 _____ C:\Users\Matthias\Downloads\tdm-gcc-5.1.0-3.exe 2015-09-16 23:33 - 2015-09-16 23:33 - 01764120 _____ C:\Users\Matthias\Downloads\facebook-<name>2.zip 2015-09-16 22:12 - 2015-09-16 22:12 - 00003484 _____ C:\Users\Matthias\Downloads\qtcreator-cmake-0.1.tar.xz 2015-09-16 21:00 - 2015-09-16 22:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 2015-09-16 20:32 - 2015-09-16 23:02 - 00000000 ____D C:\Qt 2015-09-16 20:22 - 2015-09-16 20:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Matthias\Downloads\HijackThis.exe 2015-09-16 20:22 - 2015-09-16 20:22 - 00012280 _____ C:\Users\Matthias\Downloads\hijackthis.log 2015-09-16 20:10 - 2015-09-16 20:13 - 17144128 _____ C:\Users\Matthias\Downloads\qt-unified-windows-x86-2.0.2-2-online.exe 2015-09-16 18:19 - 2015-09-16 18:19 - 09286720 _____ (Cadence Design Systems, Inc.) C:\Users\Matthias\Downloads\OrCAD_PSpice_Schematics_16.6.exe 2015-09-15 20:26 - 2015-09-15 20:27 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\ghc 2015-09-15 20:21 - 2015-09-15 20:21 - 00000000 ____D C:\Program Files\Haskell Platform 2015-09-15 20:11 - 2015-09-15 20:12 - 202351400 _____ C:\Users\Matthias\Downloads\HaskellPlatform-7.10.2-a-x86_64-setup.exe 2015-09-15 18:33 - 2015-09-15 18:33 - 00004707 _____ C:\Users\Matthias\AppData\Local\recently-used.xbel 2015-09-14 19:20 - 2015-09-14 19:21 - 195200088 _____ (Oracle Corporation) C:\Users\Matthias\Downloads\jdk-8u60-windows-x64.exe 2015-09-14 19:18 - 2015-09-14 19:20 - 204446272 _____ C:\Users\Matthias\Downloads\ideaIC-14.1.4.exe 2015-09-14 19:17 - 2015-09-14 19:20 - 362135497 _____ C:\Users\Matthias\Downloads\ideaIC-14.1.4-src.tar.bz2 2015-09-14 18:59 - 2015-09-14 19:00 - 78888007 _____ C:\Users\Matthias\Downloads\M.A.R.S.-master.zip 2015-09-14 08:45 - 2015-09-14 08:45 - 06988622 _____ C:\Users\Matthias\Downloads\PEW.ZIP 2015-09-14 08:45 - 2015-09-14 08:45 - 00000000 ____D C:\Users\Matthias\Downloads\PEW 2015-09-14 08:43 - 2015-09-14 08:44 - 00000000 ____D C:\Users\Matthias\Downloads\Pew-master 2015-09-14 08:31 - 2015-09-14 08:31 - 05462418 _____ C:\Users\Matthias\Downloads\Pew-master.zip 2015-09-14 08:30 - 2015-09-14 08:30 - 07015361 _____ C:\Users\Matthias\Downloads\sfml-spaceshooter-1.0alpha3.tar.gz 2015-09-13 21:14 - 2015-09-13 21:14 - 29202490 _____ C:\Users\Matthias\Downloads\wireshark-1.12.7.tar.bz2 2015-09-13 20:21 - 2015-09-13 20:21 - 00000000 ____D C:\ProgramData\SeriousBit 2015-09-13 20:20 - 2015-02-05 19:47 - 00042128 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys 2015-09-13 20:19 - 2015-09-13 20:19 - 04119400 _____ (SeriousBit ) C:\Users\Matthias\Downloads\NetBalancerSetup.exe 2015-09-13 19:49 - 2015-09-13 19:49 - 06688913 _____ C:\Users\Matthias\Downloads\gvim74.exe 2015-09-13 14:44 - 2015-09-13 14:44 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7 2015-09-13 14:40 - 2015-09-13 14:41 - 18423808 _____ C:\Users\Matthias\Downloads\python-2.7.10.msi 2015-09-13 14:25 - 2015-09-13 14:26 - 04363893 _____ C:\Users\Matthias\Downloads\chat-part-one.zip 2015-09-13 13:32 - 2015-09-13 15:32 - 00000000 ____D C:\Users\Matthias\Documents\gescannte Dokumente 2015-09-13 13:03 - 2015-09-13 13:03 - 05463571 _____ C:\Users\Matthias\Downloads\gegl-0.3.0.tar.bz2 2015-09-13 13:03 - 2015-09-13 13:03 - 00471664 _____ C:\Users\Matthias\Downloads\babl-0.1.8.tar.bz2 2015-09-12 18:48 - 2015-09-12 18:48 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\LolClient 2015-09-12 17:35 - 2015-09-12 17:38 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Riot Games 2015-09-12 17:20 - 2015-09-12 17:20 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-09-12 17:19 - 2015-09-12 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-12 17:16 - 2015-09-12 17:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2015-09-12 17:16 - 2015-09-12 17:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skype 2015-09-11 19:35 - 2015-09-11 19:37 - 387491700 _____ C:\Users\Matthias\Downloads\cocos2d-x-3.8.zip 2015-09-11 15:32 - 2015-09-11 15:32 - 00000000 ____D C:\Users\Matthias\Downloads\PhoneGap-Desktop-Beta-0.1.9-win 2015-09-11 15:31 - 2015-09-11 15:32 - 45993589 _____ C:\Users\Matthias\Downloads\PhoneGap-Desktop-Beta-0.1.9-win.zip 2015-09-11 15:30 - 2015-09-11 15:30 - 00000000 ____D C:\Users\Matthias\Downloads\phonegap-2.9.1 2015-09-11 15:29 - 2015-09-11 15:29 - 20277866 _____ C:\Users\Matthias\Downloads\phonegap-2.9.1.zip 2015-09-11 15:20 - 2015-09-13 21:10 - 00000000 ____D C:\Users\Matthias\AppData\Local\PhoneGap 2015-09-11 15:20 - 2015-09-11 15:20 - 00001295 _____ C:\Users\Matthias\Desktop\PhoneGap.lnk 2015-09-11 13:58 - 2015-09-11 13:58 - 00000000 ____D C:\Users\Matthias\Tracing 2015-09-11 13:48 - 2015-09-11 14:06 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\Users\Matthias\AppData\Local\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\ProgramData\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-11 13:46 - 2015-09-11 13:46 - 01506832 _____ (Skype Technologies S.A.) C:\Users\Matthias\Downloads\SkypeSetup.exe 2015-09-11 13:46 - 2015-09-11 13:46 - 00003134 _____ C:\Windows\System32\Tasks\{1188AA77-BFC2-4A18-8D83-F5EE801B4915} 2015-09-11 13:46 - 2015-09-11 13:46 - 00003084 _____ C:\Windows\System32\Tasks\{BCE9E01B-220F-4804-B5FF-A8A077EF2703} 2015-09-10 21:58 - 2015-09-15 20:13 - 00000000 ____D C:\Users\Matthias\Documents\Bewerbung DH-Studium 2015 (2016) 2015-09-10 20:35 - 2015-09-10 20:35 - 00000000 ____D C:\Users\Matthias\.plugman 2015-09-10 20:34 - 2015-09-10 20:34 - 00000000 ____D C:\Users\Matthias\.cordova 2015-09-10 20:31 - 2015-09-10 20:31 - 26686992 _____ (Adobe Inc. ) C:\Users\Matthias\Downloads\PhoneGapSetup.exe 2015-09-10 20:30 - 2015-09-17 22:33 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\npm-cache 2015-09-10 19:45 - 2015-09-10 19:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-09-10 17:17 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-10 17:17 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-10 17:17 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-10 17:17 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-10 17:17 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-10 17:17 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-10 17:16 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-10 17:16 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-10 17:16 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-10 17:16 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-10 17:16 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-10 17:16 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-10 17:16 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-10 17:16 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-10 17:16 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-10 17:16 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-10 17:16 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-10 17:16 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-10 17:16 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-10 17:16 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-10 17:16 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-10 17:16 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-10 17:16 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-10 17:16 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-10 17:16 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-10 17:16 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-10 17:16 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-10 17:16 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-10 17:16 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-10 17:16 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-10 17:16 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-10 17:16 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-10 17:16 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-10 17:16 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-10 17:15 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-10 17:15 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-10 17:15 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-10 17:15 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-10 17:15 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-10 17:15 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-10 17:15 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-10 17:15 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-10 17:15 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-10 17:15 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-10 17:15 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-10 17:15 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-10 17:15 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-10 17:15 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-10 17:15 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-10 17:15 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-10 17:15 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-10 17:15 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-10 17:15 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-10 17:15 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-10 17:15 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-10 17:15 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-09-10 17:12 - 2015-09-10 17:12 - 00000000 ____D C:\Windows\SysWOW64\NV 2015-09-10 17:12 - 2015-09-10 17:12 - 00000000 ____D C:\Windows\system32\NV 2015-09-10 17:11 - 2015-08-25 20:46 - 42840368 _____ C:\Windows\system32\nvcompiler.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 37819184 _____ C:\Windows\SysWOW64\nvcompiler.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 17082392 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 16637336 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 15512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 14635792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 13661160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 12185152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 11089200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-09-10 17:11 - 2015-08-25 20:46 - 02940720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 02627704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01075320 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01064752 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00945456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00364336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00031352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2015-09-10 17:07 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-09-10 17:07 - 2015-08-11 06:52 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-18 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-18 14:46 - 2014-03-01 15:08 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1176592850-2972094272-1075556021-1002 2015-09-18 14:44 - 2014-03-02 19:25 - 00000000 ____D C:\Users\Matthias\Documents\Outlook-Dateien 2015-09-18 14:17 - 2014-01-09 15:00 - 01494377 _____ C:\Windows\WindowsUpdate.log 2015-09-18 14:16 - 2014-03-01 22:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-18 13:24 - 2014-03-01 23:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\QtProject 2015-09-18 13:03 - 2014-01-09 15:12 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-18 13:03 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-18 12:58 - 2014-03-28 18:34 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4 2015-09-18 12:53 - 2015-07-28 15:28 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\MediaMonkey 2015-09-18 12:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-09-18 12:19 - 2013-08-22 16:46 - 00208958 _____ C:\Windows\setupact.log 2015-09-18 12:18 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-18 00:21 - 2014-01-09 15:29 - 17149154 _____ C:\Users\Public\CAFADEBUG.log 2015-09-18 00:16 - 2014-11-25 23:10 - 00000000 ____D C:\Users\Matthias\Desktop\txt 2015-09-17 22:31 - 2015-08-05 12:51 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\npm 2015-09-17 22:24 - 2014-11-22 12:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\CodeBlocks 2015-09-17 12:27 - 2014-03-05 23:22 - 00000000 ____D C:\Users\Matthias\Documents\Excel 2015-09-16 22:08 - 2014-03-01 15:02 - 00000000 ____D C:\Users\Matthias 2015-09-16 22:07 - 2014-07-11 12:31 - 00000000 ____D C:\Users\Matthias\Spiele 2015-09-16 22:06 - 2015-07-31 22:05 - 00000000 ____D C:\Users\Matthias\eBooks 2015-09-16 21:05 - 2014-03-02 12:51 - 00000000 ___RD C:\Users\Matthias\Programming 2015-09-16 06:28 - 2015-07-31 16:00 - 00000671 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2015-09-15 21:05 - 2013-11-24 18:53 - 03702232 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-15 21:05 - 2013-08-28 12:25 - 00800316 _____ C:\Windows\system32\perfh013.dat 2015-09-15 21:05 - 2013-08-28 12:25 - 00162836 _____ C:\Windows\system32\perfc013.dat 2015-09-15 21:05 - 2013-08-28 12:16 - 00796064 _____ C:\Windows\system32\perfh010.dat 2015-09-15 21:05 - 2013-08-28 12:16 - 00156926 _____ C:\Windows\system32\perfc010.dat 2015-09-15 21:05 - 2013-08-28 11:59 - 00769092 _____ C:\Windows\system32\perfh007.dat 2015-09-15 21:05 - 2013-08-28 11:59 - 00160376 _____ C:\Windows\system32\perfc007.dat 2015-09-15 18:42 - 2014-03-02 11:42 - 00000000 ____D C:\Users\Matthias\.gimp-2.8 2015-09-15 18:33 - 2014-03-02 11:55 - 00000000 ____D C:\Users\Matthias\AppData\Local\gtk-2.0 2015-09-15 14:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-09-14 06:36 - 2014-03-01 15:02 - 00000000 ____D C:\Users\Matthias\AppData\Local\Packages 2015-09-13 19:54 - 2014-03-04 18:29 - 00026401 ____H C:\Users\Matthias\_viminfo 2015-09-12 21:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-09-12 17:24 - 2014-03-01 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-12 17:24 - 2013-11-25 03:39 - 00370738 _____ C:\Windows\PFRO.log 2015-09-12 17:20 - 2014-03-01 18:14 - 00000000 ____D C:\Users\Administrator 2015-09-12 17:18 - 2015-08-09 19:09 - 00000000 ____D C:\Program Files (x86)\JetBrains 2015-09-11 15:19 - 2014-05-03 12:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-09-11 13:46 - 2014-12-13 00:20 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieBrowserModeList 2015-09-11 13:46 - 2014-05-23 17:11 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieUserList 2015-09-11 13:46 - 2014-05-23 17:11 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieSiteList 2015-09-11 11:21 - 2013-08-22 16:44 - 00416032 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-11 00:56 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 20:52 - 2015-08-05 09:36 - 00002195 _____ C:\Users\Matthias\Desktop\Atom.lnk 2015-09-10 20:52 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2015-09-10 20:52 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Local\atom 2015-09-10 20:51 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Local\SquirrelTemp 2015-09-10 18:23 - 2014-03-02 18:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-10 18:21 - 2013-08-22 21:11 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-10 18:21 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini 2015-09-10 18:19 - 2014-03-01 15:38 - 00000000 ____D C:\Windows\system32\MRT 2015-09-10 17:12 - 2014-01-09 15:01 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-10 17:07 - 2014-01-09 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-09-10 17:06 - 2014-03-01 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-08-27 02:37 - 2014-06-02 18:53 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-08-27 02:37 - 2014-03-02 19:08 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-08-27 02:36 - 2014-06-02 18:53 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-08-27 02:36 - 2014-03-02 19:08 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-08-26 18:37 - 2014-03-01 15:38 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-25 20:46 - 2015-06-13 14:46 - 03112904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-08-25 20:46 - 2014-03-02 19:13 - 00944736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 03527696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 01106672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 00033025 _____ C:\Windows\system32\nvinfo.pb 2015-08-25 20:46 - 2013-12-23 13:33 - 12515016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-08-25 20:46 - 2013-12-23 13:33 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 03496752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 01062520 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-08-25 16:24 - 2014-01-09 15:01 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-08-25 14:35 - 2014-01-09 15:01 - 05165808 _____ C:\Windows\system32\nvcoproc.bin ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-07-19 17:07 - 2015-07-19 17:07 - 0000001 _____ () C:\Users\Administrator\AppData\Local\llftool.4.40.agreement 2014-11-10 23:25 - 2014-11-10 23:25 - 0000870 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\Matthias\QTCreator.bat Einige Dateien in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\avgnt.exe C:\Users\Administrator\AppData\Local\Temp\borlndlm.dll C:\Users\Administrator\AppData\Local\Temp\genteert.dll C:\Users\Administrator\AppData\Local\Temp\ose00000.exe C:\Users\Administrator\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Administrator\AppData\Local\Temp\ubi1221.tmp.exe C:\Users\Administrator\AppData\Local\Temp\_isEE00.exe C:\Users\Matthias\AppData\Local\Temp\avgnt.exe C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9hjucf.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert Code:
ATTFilter LastRegBack: 2015-09-10 17:32 ==================== Ende von FRST.txt ============================ Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015 durchgeführt von Matthias (2015-09-18 15:11:27) Gestartet von C:\Users\Matthias\Desktop Windows 8.1 (X64) (2014-03-01 13:02:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1176592850-2972094272-1075556021-500 - Administrator - Enabled) => C:\Users\Administrator Gast (S-1-5-21-1176592850-2972094272-1075556021-501 - Limited - Disabled) Matthias (S-1-5-21-1176592850-2972094272-1075556021-1002 - Limited - Enabled) => C:\Users\Matthias ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Atom (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\atom) (Version: 1.0.11 - GitHub Inc.) Atom (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\atom) (Version: 1.0.11 - GitHub Inc.) Atom (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\atom) (Version: 1.0.11 - GitHub Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION) Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation) Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) CMake 3.3.0-rc2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.3.0-rc2) (Version: 3.3.0-rc2 - Kitware) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant) DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.) Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) FileZilla Client 3.10.0.2 (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) FileZilla Client 3.10.0.2 (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) FileZilla Client 3.10.0.2 (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Haskell Platform 7.10.2-a (HKLM\...\HaskellPlatform-7.10.2-a) (Version: - Haskell.org) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Node.js (HKLM-x32\...\{B716A4B0-5096-4132-A741-2D99CFF53207}) (Version: 0.12.7 - Joyent, Inc. and other Node contributors) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation) OpenTeacher (HKLM-x32\...\{07E3B694-5C5C-4971-AEE6-F3B4CDB09C43}) (Version: 3.0.0.1 - OpenTeacher Maintainers) Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) Python 3.5.0 (64-bit) (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.0 (64-bit) (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.0 (64-bit) (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.0 Add to Path (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Launcher (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 pip Bootstrap (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Tcl/Tk Support (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qt (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\{73031b0c-42e3-4fb8-8356-e265b46115f6}) (Version: 2.0.1 - The Qt Company Ltd) Qt (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{73031b0c-42e3-4fb8-8356-e265b46115f6}) (Version: 2.0.1 - The Qt Company Ltd) Qt (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{73031b0c-42e3-4fb8-8356-e265b46115f6}) (Version: 2.0.1 - The Qt Company Ltd) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games) Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.30.0 - 2BrightSparks) TDM-GCC (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\TDM-GCC) (Version: 1.1309.0 - TDM) TDM-GCC (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TDM-GCC) (Version: 1.1309.0 - TDM) TDM-GCC (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\TDM-GCC) (Version: 1.1309.0 - TDM) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA) TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.214 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation) TOSHIBA Gesture Controller (HKLM-x32\...\{8C5B4504-3996-4F30-8F01-DA7A8455430B}) (Version: 4.0.110.2 - Toshiba Corporation) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH) TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version: - ) Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation) VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Users\Matthias\FileZilla FTP Client\fzshellext_64.dll 2014-01-09 15:00 - 2015-08-25 20:46 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2013-08-02 00:24 - 2013-08-02 00:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthias\Pictures\Fertig\Wallpapers\Wallpaper2.png HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthias\Pictures\Fertig\Wallpapers\Wallpaper2.png HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthias\Pictures\Fertig\Wallpapers\Wallpaper2.png DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-1176592850-2972094272-1075556021-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2CD07E91-45BA-4E3F-A259-C895FCE18E87}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{34BE7119-A0FC-4FE4-86DF-363A4CECB88F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{AF34F286-D165-4CF3-9D93-EDBDC2DFA5E4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{0CAA4BEA-7B40-4551-938E-6094F6A62B0E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{A51F5C99-C64D-4B09-BD8D-380090600945}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{CF9D0B2E-BBAD-49C4-B595-9049EEBD6E85}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{17CA0496-AC76-4280-8AF3-69DC7D0612F9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{F9C992D8-4EDD-4A56-8F54-CA9F48445E25}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [TCP Query User{3D342DC3-E7A7-43F5-9F48-93F975E8B8DE}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{4EB400F6-8A87-4CC5-9DD1-0C53A6192DC4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{585945A1-F00D-4203-95EB-5E22B1E52EB1}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{F0176762-6462-4697-BAB9-9E6650733BB2}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{D93C50F8-A977-4D50-95C9-1B3710EC537D}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe FirewallRules: [UDP Query User{B03D5EE2-F33C-41AD-9EC5-7B4CD074B9BC}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe FirewallRules: [TCP Query User{37EE1BAF-FE3D-4878-A219-FE3405B7D05E}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A4110CD2-6B4F-4DCB-B272-B55B86B993B7}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{650ABB4B-C1E9-42B3-B893-B029DE7BE56A}C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{584DC96D-29C7-4F25-ABC1-A6CA6AEC390B}C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{E2D4FA44-E739-4489-BAD7-789F641484A1}C:\users\matthias\programming\xampp\apache\bin\httpd.exe] => (Allow) C:\users\matthias\programming\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{005BE7CA-EFD8-4984-89BA-CABC41473287}C:\users\matthias\programming\xampp\apache\bin\httpd.exe] => (Allow) C:\users\matthias\programming\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{AD93162D-7C2B-4642-A868-7F8A24DF06A7}C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe] => (Allow) C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{AA09C223-7CD4-41AA-8236-1479E07961A9}C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe] => (Allow) C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe FirewallRules: [{B8F816F8-11E3-4087-B939-E674A9A744B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D1852A83-0A47-4C33-A2F3-A7F073B9DE55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B4BB364D-2905-425D-80D6-F0204B26EF91}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{67428DD1-0C9A-4293-AF6E-87620CC7C070}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EF928F60-9C6F-4D75-9BD1-2842F7F0D47A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{247A38B7-251D-4D94-93BC-9BDC5AFC5E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{1C0FCEA9-CADA-4E67-95EB-217D0616135E}E:\xampplite\apache\bin\apache.exe] => (Block) E:\xampplite\apache\bin\apache.exe FirewallRules: [UDP Query User{80359055-CEA0-42EB-9E96-9F244A155CE1}E:\xampplite\apache\bin\apache.exe] => (Block) E:\xampplite\apache\bin\apache.exe FirewallRules: [TCP Query User{4248F06B-3FBC-4244-97DD-8BB449B81E2E}E:\xampplite\mysql\bin\mysqld.exe] => (Block) E:\xampplite\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{DE679317-B26C-4949-BA21-7FCBB11E6FD0}E:\xampplite\mysql\bin\mysqld.exe] => (Block) E:\xampplite\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{93B031D5-93A3-49B3-8445-FFF33EE99550}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{441D5BA9-6959-48FB-806F-82DA1CF45AAF}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E0E55DE1-71E4-4E5C-A896-6B2A9FDF308E}C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe] => (Block) C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe FirewallRules: [UDP Query User{CFB5745B-B1E2-4B7A-9359-722D03C63376}C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe] => (Block) C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe FirewallRules: [TCP Query User{9DFEC015-54C5-4316-93DB-C1450B9FA2A7}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{F834D38E-ED3D-4284-917D-CE05A4A65FDC}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{AA84B6F9-E22E-4771-AB22-4D2E81EB41FA}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{9C185C5F-F249-4107-A81E-9462BFBA7C91}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{B4D16CBB-EEB8-469D-A4CE-F45351481312}F:\xampplite\apache\bin\apache.exe] => (Allow) F:\xampplite\apache\bin\apache.exe FirewallRules: [UDP Query User{EB716B6B-5800-474B-B21A-1E944A96ADEA}F:\xampplite\apache\bin\apache.exe] => (Allow) F:\xampplite\apache\bin\apache.exe FirewallRules: [TCP Query User{706A6D8C-2EC2-47AC-BFEB-6081E5392661}F:\xampplite\mysql\bin\mysqld.exe] => (Allow) F:\xampplite\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{C2129F97-09CC-42F0-AD05-FAE4B8F84243}F:\xampplite\mysql\bin\mysqld.exe] => (Allow) F:\xampplite\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{D028E132-B9DE-45B1-A3C5-21515894C6D8}E:\portable python 2.7.6.1\app\python.exe] => (Block) E:\portable python 2.7.6.1\app\python.exe FirewallRules: [UDP Query User{80E03E5C-B774-4550-BFD3-74A8EF394625}E:\portable python 2.7.6.1\app\python.exe] => (Block) E:\portable python 2.7.6.1\app\python.exe FirewallRules: [TCP Query User{424F3512-5004-45C3-8C87-D3F05256F10D}E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe] => (Block) E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe FirewallRules: [UDP Query User{A97078E1-2344-4D79-BBEE-0E1D2971ADA9}E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe] => (Block) E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe FirewallRules: [TCP Query User{A03958F4-8EB8-4F89-B6F9-88DAC4D796CD}C:\python34\python.exe] => (Block) C:\python34\python.exe FirewallRules: [UDP Query User{AA72A32E-7EA6-47A6-B61C-C6F6232FA049}C:\python34\python.exe] => (Block) C:\python34\python.exe FirewallRules: [{4D6A918A-222C-4A32-AA74-6A91F094CEA5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe FirewallRules: [TCP Query User{D5A9BB6D-58F1-4F6B-945C-C6C9902737E1}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{2C64E8C0-694D-458B-AF5F-AD89CDBC9C97}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{2BA7EA32-CD36-493C-A930-50F9BB4B7F33}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{46611372-DD68-4F8D-B88F-0BDAA271ABD8}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [TCP Query User{8520A711-438C-454E-A39A-F360401C1ECF}C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{5B42A3DE-677F-49F0-A77B-190345E49C61}C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{DBAA0C5E-A25D-485A-90D8-4B2E91769A30}C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe] => (Allow) C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe FirewallRules: [UDP Query User{D2567B9A-3965-47D9-A60B-2955A7A159FA}C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe] => (Allow) C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe FirewallRules: [TCP Query User{A9627B1F-85F1-48F1-9AC6-9F3A419A3BE7}C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [UDP Query User{9938E502-7241-4134-A9EA-7E908BDE37AE}C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{322D17CE-5C13-470E-AEAA-F17D2B61721D}] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{C6DF6284-9667-419A-919A-8572D9D0CEE2}] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{E9556089-9CA1-43BB-8C71-304D0F144A14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{656D703C-C7F2-43BF-B1BA-5E10D0CCB67D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{E127E3C0-87D6-4071-A40C-9222448CE333}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Block) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{0F98269C-832C-4D13-B731-027C413FE845}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Block) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{3C83BD9E-1994-4045-8F00-98800A68E2B5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{D1042054-23CF-451F-9CD1-EA0AEF5E33FF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{65FF9328-E93C-47A4-AE56-FB2902BBBFBB}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\Hearthstone\Battle.net\Battle.net.exe FirewallRules: [{8BD63C85-44E2-4B00-A864-0413D8DB9EB3}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\Hearthstone\Battle.net\Battle.net.exe FirewallRules: [{38B0F747-8AF6-45DE-8164-3A038C2E5D36}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{4F9B221B-1BFB-4871-98E5-B96B1422DFDA}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{AE631DB4-FA7D-46F4-B1B2-3E1034FE734F}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{8BE7F6F5-A5FD-4B51-9D38-1C3D891D5880}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{270A14F5-28E7-40FF-9C59-C2AFA74227D5}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{E381EC0E-871E-4C09-822C-DB51B7CBAA19}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{34AFF7EB-191F-43E9-9DCB-EF192FDDE84A}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{32562A2B-F702-496A-B43D-EC0064541018}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{4CD54D25-A91A-4CC1-A7CB-CF91CBD4CD34}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{06AA4278-E574-40B6-8DE2-E6220D782F9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0D74D6B5-5214-4C16-ABAF-2A2DB940A12A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0BA1FADE-A7AC-473F-8391-A3DDFF0F4694}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{3CEA4925-F886-49D5-A84E-00B7667F6F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3CA3BE4D-5082-411D-8CEE-CF899F671506}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{62C1D468-17BF-433B-B271-6C50BA2CFE5A}C:\users\matthias\webdev\nodejs\node.exe] => (Allow) C:\users\matthias\webdev\nodejs\node.exe FirewallRules: [UDP Query User{464B0FFF-4DB5-4410-B163-A4D85CDEB02D}C:\users\matthias\webdev\nodejs\node.exe] => (Allow) C:\users\matthias\webdev\nodejs\node.exe FirewallRules: [TCP Query User{DD179B08-5C70-4B82-869A-7C41326F09B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3391D3C5-384A-44BA-9131-7F655F8CD964}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{4A567E09-2434-4E8C-9F3F-E4100A0A3BA1}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe FirewallRules: [UDP Query User{A5594166-7133-46FA-943C-9B68351C65D9}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe FirewallRules: [TCP Query User{E469B88B-A355-4B77-8005-FCB3D2E72F3F}C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe] => (Allow) C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe FirewallRules: [UDP Query User{A41D7CC6-A56D-4DEE-B023-38132C0F0748}C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe] => (Allow) C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Intel(R) 8 Series/C220 Series USB EHCI #1 - 8C26 Description: Intel(R) 8 Series/C220 Series USB EHCI #1 - 8C26 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/18/2015 01:13:38 PM) (Source: NetBalancer Toolbar) (EventID: 0) (User: ) Description: Deskband exception: System.ArgumentException: Eine Unterschlüsselstruktur kann nicht gelöscht werden, da der Unterschlüssel nicht vorhanden ist. bei Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey, Boolean throwOnMissingSubKey) bei SeriousBit.NetBalancer.DeskBand.DeskBand.Unregister(Type t) Error: (09/17/2015 10:27:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vector_add.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x1bc Startzeit der fehlerhaften Anwendung: 0xvector_add.exe0 Pfad der fehlerhaften Anwendung: vector_add.exe1 Pfad des fehlerhaften Moduls: vector_add.exe2 Berichtskennung: vector_add.exe3 Vollständiger Name des fehlerhaften Pakets: vector_add.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vector_add.exe5 Error: (09/17/2015 10:27:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vector_add.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x11ec Startzeit der fehlerhaften Anwendung: 0xvector_add.exe0 Pfad der fehlerhaften Anwendung: vector_add.exe1 Pfad des fehlerhaften Moduls: vector_add.exe2 Berichtskennung: vector_add.exe3 Vollständiger Name des fehlerhaften Pakets: vector_add.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vector_add.exe5 Error: (09/17/2015 09:18:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe, Version: 0.0.0.0, Zeitstempel: 0x00050000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0xfb4 Startzeit der fehlerhaften Anwendung: 0xFacebook_Data_Analyzer.exe0 Pfad der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe1 Pfad des fehlerhaften Moduls: Facebook_Data_Analyzer.exe2 Berichtskennung: Facebook_Data_Analyzer.exe3 Vollständiger Name des fehlerhaften Pakets: Facebook_Data_Analyzer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Facebook_Data_Analyzer.exe5 Error: (09/17/2015 08:33:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe, Version: 0.0.0.0, Zeitstempel: 0x00050000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x1ac0 Startzeit der fehlerhaften Anwendung: 0xFacebook_Data_Analyzer.exe0 Pfad der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe1 Pfad des fehlerhaften Moduls: Facebook_Data_Analyzer.exe2 Berichtskennung: Facebook_Data_Analyzer.exe3 Vollständiger Name des fehlerhaften Pakets: Facebook_Data_Analyzer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Facebook_Data_Analyzer.exe5 Error: (09/17/2015 06:37:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: qtcreator.exe, Version: 0.0.0.0, Zeitstempel: 0x55d305d7 Name des fehlerhaften Moduls: Qt5Gui.dll, Version: 5.5.0.0, Zeitstempel: 0x55911d00 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ca15a ID des fehlerhaften Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0xqtcreator.exe0 Pfad der fehlerhaften Anwendung: qtcreator.exe1 Pfad des fehlerhaften Moduls: qtcreator.exe2 Berichtskennung: qtcreator.exe3 Vollständiger Name des fehlerhaften Pakets: qtcreator.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: qtcreator.exe5 Error: (09/15/2015 08:59:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Memory.exe, Version: 0.0.0.0, Zeitstempel: 0x55b0cebe Name des fehlerhaften Moduls: OpenAL32.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x1418 Startzeit der fehlerhaften Anwendung: 0xMemory.exe0 Pfad der fehlerhaften Anwendung: Memory.exe1 Pfad des fehlerhaften Moduls: Memory.exe2 Berichtskennung: Memory.exe3 Vollständiger Name des fehlerhaften Pakets: Memory.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Memory.exe5 Error: (09/15/2015 03:07:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: app.exe, Version: 0.0.0.0, Zeitstempel: 0x55f8181c Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.17415, Zeitstempel: 0x545055fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000003ecc ID des fehlerhaften Prozesses: 0x147c Startzeit der fehlerhaften Anwendung: 0xapp.exe0 Pfad der fehlerhaften Anwendung: app.exe1 Pfad des fehlerhaften Moduls: app.exe2 Berichtskennung: app.exe3 Vollständiger Name des fehlerhaften Pakets: app.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: app.exe5 Error: (09/14/2015 11:33:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mfpmp.exe, Version: 12.0.9600.17415, Zeitstempel: 0x54503be7 Name des fehlerhaften Moduls: TosBDITA64.dll, Version: 1.0.0.55, Zeitstempel: 0x5200e45e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004f670 ID des fehlerhaften Prozesses: 0x181c Startzeit der fehlerhaften Anwendung: 0xmfpmp.exe0 Pfad der fehlerhaften Anwendung: mfpmp.exe1 Pfad des fehlerhaften Moduls: mfpmp.exe2 Berichtskennung: mfpmp.exe3 Vollständiger Name des fehlerhaften Pakets: mfpmp.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mfpmp.exe5 Error: (09/13/2015 07:14:15 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Systemfehler: ============= Error: (09/18/2015 12:17:58 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/18/2015 12:17:58 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/18/2015 12:17:57 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/18/2015 12:17:56 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/18/2015 12:17:56 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys Error: (09/18/2015 12:17:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/18/2015 12:17:53 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/18/2015 12:17:51 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/17/2015 06:51:09 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/17/2015 01:30:36 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} CodeIntegrity: =================================== Date: 2015-09-14 21:37:15.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:14.831 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:14.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:06.314 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:06.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:05.970 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:03.236 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:02.907 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:02.642 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:02.204 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Prozentuale Nutzung des RAM: 17% Installierter physikalischer RAM: 16308.09 MB Verfügbarer physikalischer RAM: 13376.46 MB Summe virtueller Speicher: 18740.09 MB Verfügbarer virtueller Speicher: 15250.57 MB ==================== Laufwerke ================================ Drive c: (TI31250700A) (Fixed) (Total:695.07 GB) (Free:488.94 GB) NTFS Drive d: (TQGOLD) (CDROM) (Total:4.39 GB) (Free:0 GB) UDF ==================== MBR & Partitionstabelle ================== ==================== Ende von Addition.txt ============================ SoftDrive |
19.09.2015, 15:59 | #4 |
/// the machine /// TB-Ausbilder | Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen hi, MBAM updaten, scannen, Funde löschen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2015, 18:49 | #5 |
| Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen MBAM: update durchgeführt, scan durchgeführt, keine Funde AdwCleaner: Code:
ATTFilter # AdwCleaner v5.008 - Bericht erstellt am 19/09/2015 um 19:26:31 # Aktualisiert am 18/09/2015 von Xplode # Datenbank : 2015-09-17.3 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Administrator - TOSHIBA # Gestartet von : C:\Users\Matthias\Desktop\AdwCleaner_5.008.exe # Option : L�schen # Unterst�tzung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ Verkn�pfungen ] ***** ***** [ Geplante Tasks ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** ************************* :: Proxy Einstellungen zur�ckgesetzt :: Winsock Einstellungen zur�ckgesetzt :: Chrome Richtlinien gel�scht ########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [736 Bytes] ########## JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.2 (09.14.2015:1) OS: Windows 8.1 x64 Ran by Administrator on 19.09.2015 at 19:35:39,72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\TOSHIBA ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.09.2015 at 19:37:40,70 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von Administrator (Administrator) auf TOSHIBA (19-09-2015 19:38:34) Gestartet von C:\Users\Matthias\Desktop Geladene Profile: Matthias & Administrator (Verfügbare Profile: Matthias & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-12] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-10] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [Syncios device service] => C:\Users\Matthias\Syncios\SynciosDeviceService.exe HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-08] (Spotify Ltd) HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.) HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C1].txt [812 2015-09-19] () AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-08-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-08-25] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-03-17] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5F0A2998-F66B-4FBF-9B8D-22285F4278F5}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{D94BEBDA-8147-4AB4-B78B-7B2CBA10ED73}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yaivfozv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin HKU\S-1-5-21-1176592850-2972094272-1075556021-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Keine Datei Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-10] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-10] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG) S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] () S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) S2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2015-01-08] () [Datei ist nicht signiert] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH) S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 mpfilt; C:\Windows\SysWOW64\drivers\mpfilt.sys [10588 2013-05-21] () [Datei ist nicht signiert] R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3497240 2015-03-23] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 iscFlash; \??\C:\Windows\Temp\ArchesP10SP10SG_BIOS_V150_WIN\x64\iscflashx64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-19 19:38 - 2015-09-19 19:38 - 00016542 _____ C:\Users\Matthias\Desktop\FRST.txt 2015-09-19 19:37 - 2015-09-19 19:37 - 00000745 _____ C:\Users\Administrator\Desktop\JRT.txt 2015-09-19 19:26 - 2015-09-19 19:26 - 00000672 _____ C:\Users\Administrator\Desktop\AdwCleaner[S2].txt 2015-09-19 17:32 - 2015-09-19 17:32 - 01798976 _____ (Malwarebytes) C:\Users\Matthias\Desktop\JRT.exe 2015-09-19 17:32 - 2015-09-19 17:32 - 01662976 _____ C:\Users\Matthias\Desktop\AdwCleaner_5.008.exe 2015-09-19 12:40 - 2015-09-19 12:40 - 00005331 _____ C:\Users\Matthias\AppData\Local\recently-used.xbel 2015-09-18 17:51 - 2015-09-18 17:51 - 00448512 _____ (OldTimer Tools) C:\Users\Matthias\Desktop\TFC.exe 2015-09-18 17:21 - 2015-09-19 19:26 - 00000000 ____D C:\AdwCleaner 2015-09-18 15:10 - 2015-09-19 19:38 - 00000000 ____D C:\FRST 2015-09-18 15:10 - 2015-09-18 15:10 - 02191360 _____ (Farbar) C:\Users\Matthias\Desktop\FRST64.exe 2015-09-18 14:06 - 2015-09-18 14:06 - 00001298 _____ C:\Users\Administrator\Desktop\mbam.txt 2015-09-18 13:24 - 2015-09-18 14:07 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-18 13:24 - 2015-09-18 13:25 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-18 13:24 - 2015-09-18 13:24 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-18 13:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-18 13:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-18 13:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-18 13:18 - 2015-09-18 13:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Downloads\mbam-setup-2.1.8.1057(1).exe 2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Python35 2015-09-18 12:58 - 2015-09-18 12:58 - 29495840 _____ (Python Software Foundation) C:\Users\Matthias\Downloads\python-3.5.0-amd64.exe 2015-09-18 12:56 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5 2015-09-18 12:55 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Matthias\AppData\Local\Package Cache 2015-09-18 12:55 - 2015-06-04 15:28 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-09-18 12:48 - 2015-09-18 12:48 - 00483100 _____ C:\Users\Matthias\Downloads\Console-1.5.zip 2015-09-18 12:28 - 2015-09-18 12:30 - 00001944 _____ C:\Users\Matthias\Desktop\Flights.txt 2015-09-17 20:43 - 2015-09-17 20:43 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\TDM-GCC 2015-09-17 20:42 - 2015-09-17 20:43 - 00000000 ____D C:\TDM-GCC-32 2015-09-17 20:21 - 2015-09-17 20:21 - 00002642 _____ C:\Users\Matthias\Downloads\FctParser-Sources.zip 2015-09-17 17:11 - 2015-09-17 17:11 - 00028567 _____ C:\Users\Matthias\Downloads\source.zip 2015-09-17 16:00 - 2015-09-17 16:00 - 00044163 _____ C:\Users\Matthias\Downloads\rapidxml-1.13.zip 2015-09-17 14:59 - 2015-09-17 14:59 - 00039997 _____ C:\Users\Matthias\Downloads\bigint-2010.04.30.zip 2015-09-17 14:59 - 2015-09-17 14:59 - 00014088 _____ C:\Users\Matthias\Downloads\bigint-6-0-src.7z 2015-09-17 14:58 - 2015-09-17 14:58 - 02319400 _____ C:\Users\Matthias\Downloads\gmp-6.0.0a.tar.bz2 2015-09-17 13:46 - 2015-09-17 15:05 - 00016950 _____ C:\Users\Matthias\Desktop\bigint.txt 2015-09-17 13:38 - 2015-09-17 13:38 - 00008492 _____ C:\Users\Matthias\Downloads\sercantutar-infint-6af5513.zip 2015-09-17 13:20 - 2015-09-17 13:20 - 00655252 _____ C:\Users\Matthias\Downloads\tidy.tar.gz 2015-09-17 13:19 - 2015-09-17 13:19 - 00109149 _____ C:\Users\Matthias\Downloads\tidy.zip 2015-09-17 13:19 - 2015-09-17 13:19 - 00079219 _____ C:\Users\Matthias\Downloads\libtidy.7z 2015-09-17 13:10 - 2015-09-17 13:10 - 62070761 _____ C:\Users\Matthias\Downloads\gtkmm-win32-devel-2.22.0-2.exe 2015-09-17 13:05 - 2015-09-17 13:05 - 00959900 _____ C:\Users\Matthias\Downloads\libxml++-2.39.2.tar.xz 2015-09-17 13:04 - 2015-09-17 13:05 - 00313290 _____ C:\Users\Matthias\Downloads\curlpp-master.zip 2015-09-17 00:06 - 2015-09-17 00:06 - 36802006 _____ C:\Users\Matthias\Downloads\tdm-gcc-5.1.0-3.exe 2015-09-16 23:33 - 2015-09-16 23:33 - 01764120 _____ C:\Users\Matthias\Downloads\facebook-<name>2.zip 2015-09-16 22:12 - 2015-09-16 22:12 - 00003484 _____ C:\Users\Matthias\Downloads\qtcreator-cmake-0.1.tar.xz 2015-09-16 21:00 - 2015-09-16 22:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 2015-09-16 20:32 - 2015-09-16 23:02 - 00000000 ____D C:\Qt 2015-09-16 20:22 - 2015-09-16 20:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Matthias\Downloads\HijackThis.exe 2015-09-16 20:22 - 2015-09-16 20:22 - 00012280 _____ C:\Users\Matthias\Downloads\hijackthis.log 2015-09-16 20:10 - 2015-09-16 20:13 - 17144128 _____ C:\Users\Matthias\Downloads\qt-unified-windows-x86-2.0.2-2-online.exe 2015-09-16 18:19 - 2015-09-16 18:19 - 09286720 _____ (Cadence Design Systems, Inc.) C:\Users\Matthias\Downloads\OrCAD_PSpice_Schematics_16.6.exe 2015-09-15 20:26 - 2015-09-15 20:27 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\ghc 2015-09-15 20:21 - 2015-09-15 20:21 - 00000000 ____D C:\Program Files\Haskell Platform 2015-09-15 20:11 - 2015-09-15 20:12 - 202351400 _____ C:\Users\Matthias\Downloads\HaskellPlatform-7.10.2-a-x86_64-setup.exe 2015-09-14 19:20 - 2015-09-14 19:21 - 195200088 _____ (Oracle Corporation) C:\Users\Matthias\Downloads\jdk-8u60-windows-x64.exe 2015-09-14 19:18 - 2015-09-14 19:20 - 204446272 _____ C:\Users\Matthias\Downloads\ideaIC-14.1.4.exe 2015-09-14 19:17 - 2015-09-14 19:20 - 362135497 _____ C:\Users\Matthias\Downloads\ideaIC-14.1.4-src.tar.bz2 2015-09-14 18:59 - 2015-09-14 19:00 - 78888007 _____ C:\Users\Matthias\Downloads\M.A.R.S.-master.zip 2015-09-14 08:45 - 2015-09-14 08:45 - 06988622 _____ C:\Users\Matthias\Downloads\PEW.ZIP 2015-09-14 08:45 - 2015-09-14 08:45 - 00000000 ____D C:\Users\Matthias\Downloads\PEW 2015-09-14 08:43 - 2015-09-14 08:44 - 00000000 ____D C:\Users\Matthias\Downloads\Pew-master 2015-09-14 08:31 - 2015-09-14 08:31 - 05462418 _____ C:\Users\Matthias\Downloads\Pew-master.zip 2015-09-14 08:30 - 2015-09-14 08:30 - 07015361 _____ C:\Users\Matthias\Downloads\sfml-spaceshooter-1.0alpha3.tar.gz 2015-09-13 21:14 - 2015-09-13 21:14 - 29202490 _____ C:\Users\Matthias\Downloads\wireshark-1.12.7.tar.bz2 2015-09-13 20:21 - 2015-09-13 20:21 - 00000000 ____D C:\ProgramData\SeriousBit 2015-09-13 20:20 - 2015-02-05 19:47 - 00042128 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys 2015-09-13 20:19 - 2015-09-13 20:19 - 04119400 _____ (SeriousBit ) C:\Users\Matthias\Downloads\NetBalancerSetup.exe 2015-09-13 19:49 - 2015-09-13 19:49 - 06688913 _____ C:\Users\Matthias\Downloads\gvim74.exe 2015-09-13 14:44 - 2015-09-13 14:44 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7 2015-09-13 14:40 - 2015-09-13 14:41 - 18423808 _____ C:\Users\Matthias\Downloads\python-2.7.10.msi 2015-09-13 14:25 - 2015-09-13 14:26 - 04363893 _____ C:\Users\Matthias\Downloads\chat-part-one.zip 2015-09-13 13:32 - 2015-09-13 15:32 - 00000000 ____D C:\Users\Matthias\Documents\gescannte Dokumente 2015-09-13 13:03 - 2015-09-13 13:03 - 05463571 _____ C:\Users\Matthias\Downloads\gegl-0.3.0.tar.bz2 2015-09-13 13:03 - 2015-09-13 13:03 - 00471664 _____ C:\Users\Matthias\Downloads\babl-0.1.8.tar.bz2 2015-09-12 18:48 - 2015-09-12 18:48 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\LolClient 2015-09-12 17:35 - 2015-09-12 17:38 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Riot Games 2015-09-12 17:20 - 2015-09-12 17:20 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-09-12 17:19 - 2015-09-12 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-12 17:16 - 2015-09-12 17:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2015-09-12 17:16 - 2015-09-12 17:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skype 2015-09-11 19:35 - 2015-09-11 19:37 - 387491700 _____ C:\Users\Matthias\Downloads\cocos2d-x-3.8.zip 2015-09-11 15:32 - 2015-09-11 15:32 - 00000000 ____D C:\Users\Matthias\Downloads\PhoneGap-Desktop-Beta-0.1.9-win 2015-09-11 15:31 - 2015-09-11 15:32 - 45993589 _____ C:\Users\Matthias\Downloads\PhoneGap-Desktop-Beta-0.1.9-win.zip 2015-09-11 15:30 - 2015-09-11 15:30 - 00000000 ____D C:\Users\Matthias\Downloads\phonegap-2.9.1 2015-09-11 15:29 - 2015-09-11 15:29 - 20277866 _____ C:\Users\Matthias\Downloads\phonegap-2.9.1.zip 2015-09-11 15:20 - 2015-09-13 21:10 - 00000000 ____D C:\Users\Matthias\AppData\Local\PhoneGap 2015-09-11 15:20 - 2015-09-11 15:20 - 00001295 _____ C:\Users\Matthias\Desktop\PhoneGap.lnk 2015-09-11 13:58 - 2015-09-11 13:58 - 00000000 ____D C:\Users\Matthias\Tracing 2015-09-11 13:48 - 2015-09-11 14:06 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\Users\Matthias\AppData\Local\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\ProgramData\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-11 13:46 - 2015-09-11 13:46 - 01506832 _____ (Skype Technologies S.A.) C:\Users\Matthias\Downloads\SkypeSetup.exe 2015-09-11 13:46 - 2015-09-11 13:46 - 00003134 _____ C:\Windows\System32\Tasks\{1188AA77-BFC2-4A18-8D83-F5EE801B4915} 2015-09-11 13:46 - 2015-09-11 13:46 - 00003084 _____ C:\Windows\System32\Tasks\{BCE9E01B-220F-4804-B5FF-A8A077EF2703} 2015-09-10 21:58 - 2015-09-15 20:13 - 00000000 ____D C:\Users\Matthias\Documents\Bewerbung DH-Studium 2015 (2016) 2015-09-10 20:35 - 2015-09-10 20:35 - 00000000 ____D C:\Users\Matthias\.plugman 2015-09-10 20:34 - 2015-09-10 20:34 - 00000000 ____D C:\Users\Matthias\.cordova 2015-09-10 20:31 - 2015-09-10 20:31 - 26686992 _____ (Adobe Inc. ) C:\Users\Matthias\Downloads\PhoneGapSetup.exe 2015-09-10 20:30 - 2015-09-17 22:33 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\npm-cache 2015-09-10 19:45 - 2015-09-10 19:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-09-10 17:17 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-10 17:17 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-10 17:17 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-10 17:17 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-10 17:17 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-10 17:17 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-10 17:16 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-10 17:16 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-10 17:16 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-10 17:16 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-10 17:16 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-10 17:16 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-10 17:16 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-10 17:16 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-10 17:16 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-10 17:16 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-10 17:16 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-10 17:16 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-10 17:16 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-10 17:16 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-10 17:16 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-10 17:16 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-10 17:16 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-10 17:16 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-10 17:16 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-10 17:16 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-10 17:16 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-10 17:16 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-10 17:16 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-10 17:16 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-10 17:16 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-10 17:16 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-10 17:16 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-10 17:16 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-10 17:15 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-10 17:15 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-10 17:15 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-10 17:15 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-10 17:15 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-10 17:15 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-10 17:15 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-10 17:15 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-10 17:15 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-10 17:15 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-10 17:15 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-10 17:15 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-10 17:15 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-10 17:15 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-10 17:15 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-10 17:15 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-10 17:15 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-10 17:15 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-10 17:15 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-10 17:15 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-10 17:15 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-10 17:15 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-09-10 17:12 - 2015-09-19 00:51 - 00000000 ____D C:\Windows\SysWOW64\NV 2015-09-10 17:12 - 2015-09-19 00:51 - 00000000 ____D C:\Windows\system32\NV 2015-09-10 17:11 - 2015-08-25 20:46 - 42840368 _____ C:\Windows\system32\nvcompiler.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 37819184 _____ C:\Windows\SysWOW64\nvcompiler.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 17082392 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 16637336 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 15512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 14635792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 13661160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 12185152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 11089200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-09-10 17:11 - 2015-08-25 20:46 - 02940720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 02627704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01075320 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01064752 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00945456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00364336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00031352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2015-09-10 17:07 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-09-10 17:07 - 2015-08-11 06:52 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-19 19:36 - 2014-01-09 15:29 - 17204472 _____ C:\Users\Public\CAFADEBUG.log 2015-09-19 19:30 - 2013-08-22 16:46 - 00210350 _____ C:\Windows\setupact.log 2015-09-19 19:27 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-19 19:24 - 2014-03-02 01:14 - 00000000 ____D C:\Users\Matthias\AppData\Local\Spotify 2015-09-19 19:16 - 2014-03-01 22:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-19 19:15 - 2014-01-09 15:00 - 01246214 _____ C:\Windows\WindowsUpdate.log 2015-09-19 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-19 17:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-09-19 17:39 - 2014-03-02 01:14 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Spotify 2015-09-19 17:33 - 2014-03-02 19:25 - 00000000 ____D C:\Users\Matthias\Documents\Outlook-Dateien 2015-09-19 14:14 - 2014-03-01 15:08 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1176592850-2972094272-1075556021-1002 2015-09-19 12:41 - 2014-03-02 11:42 - 00000000 ____D C:\Users\Matthias\.gimp-2.8 2015-09-19 12:40 - 2014-03-02 11:55 - 00000000 ____D C:\Users\Matthias\AppData\Local\gtk-2.0 2015-09-19 12:39 - 2014-11-25 23:10 - 00000000 ____D C:\Users\Matthias\Desktop\txt 2015-09-19 01:03 - 2015-08-05 09:36 - 00002195 _____ C:\Users\Matthias\Desktop\Atom.lnk 2015-09-19 01:03 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2015-09-19 01:02 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Local\SquirrelTemp 2015-09-19 01:02 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Local\atom 2015-09-19 00:51 - 2013-11-25 03:39 - 00371616 _____ C:\Windows\PFRO.log 2015-09-18 19:11 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-09-18 13:24 - 2014-03-01 23:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\QtProject 2015-09-18 13:03 - 2014-01-09 15:12 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-18 13:03 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-18 12:58 - 2014-03-28 18:34 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4 2015-09-18 12:53 - 2015-07-28 15:28 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\MediaMonkey 2015-09-17 22:31 - 2015-08-05 12:51 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\npm 2015-09-17 22:24 - 2014-11-22 12:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\CodeBlocks 2015-09-17 12:27 - 2014-03-05 23:22 - 00000000 ____D C:\Users\Matthias\Documents\Excel 2015-09-16 22:08 - 2014-03-01 15:02 - 00000000 ____D C:\Users\Matthias 2015-09-16 22:07 - 2014-07-11 12:31 - 00000000 ____D C:\Users\Matthias\Spiele 2015-09-16 22:06 - 2015-07-31 22:05 - 00000000 ____D C:\Users\Matthias\eBooks 2015-09-16 21:05 - 2014-03-02 12:51 - 00000000 ___RD C:\Users\Matthias\Programming 2015-09-16 06:28 - 2015-07-31 16:00 - 00000671 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2015-09-15 21:05 - 2013-11-24 18:53 - 03702232 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-15 21:05 - 2013-08-28 12:25 - 00800316 _____ C:\Windows\system32\perfh013.dat 2015-09-15 21:05 - 2013-08-28 12:25 - 00162836 _____ C:\Windows\system32\perfc013.dat 2015-09-15 21:05 - 2013-08-28 12:16 - 00796064 _____ C:\Windows\system32\perfh010.dat 2015-09-15 21:05 - 2013-08-28 12:16 - 00156926 _____ C:\Windows\system32\perfc010.dat 2015-09-15 21:05 - 2013-08-28 11:59 - 00769092 _____ C:\Windows\system32\perfh007.dat 2015-09-15 21:05 - 2013-08-28 11:59 - 00160376 _____ C:\Windows\system32\perfc007.dat 2015-09-15 14:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-09-14 06:36 - 2014-03-01 15:02 - 00000000 ____D C:\Users\Matthias\AppData\Local\Packages 2015-09-13 19:54 - 2014-03-04 18:29 - 00026401 ____H C:\Users\Matthias\_viminfo 2015-09-12 17:24 - 2014-03-01 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-12 17:20 - 2014-03-01 18:14 - 00000000 ____D C:\Users\Administrator 2015-09-12 17:18 - 2015-08-09 19:09 - 00000000 ____D C:\Program Files (x86)\JetBrains 2015-09-11 15:19 - 2014-05-03 12:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-09-11 13:46 - 2014-12-13 00:20 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieBrowserModeList 2015-09-11 13:46 - 2014-05-23 17:11 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieUserList 2015-09-11 13:46 - 2014-05-23 17:11 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieSiteList 2015-09-11 11:21 - 2013-08-22 16:44 - 00416032 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-11 00:56 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 18:23 - 2014-03-02 18:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-10 18:21 - 2013-08-22 21:11 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-10 18:21 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini 2015-09-10 18:19 - 2014-03-01 15:38 - 00000000 ____D C:\Windows\system32\MRT 2015-09-10 17:12 - 2014-01-09 15:01 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-10 17:07 - 2014-01-09 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-09-10 17:06 - 2014-03-01 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-08-27 02:37 - 2014-06-02 18:53 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-08-27 02:37 - 2014-03-02 19:08 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-08-27 02:36 - 2014-06-02 18:53 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-08-27 02:36 - 2014-03-02 19:08 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-08-26 18:37 - 2014-03-01 15:38 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-25 20:46 - 2015-06-13 14:46 - 03112904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-08-25 20:46 - 2014-03-02 19:13 - 00944736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 03527696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 01106672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 00033025 _____ C:\Windows\system32\nvinfo.pb 2015-08-25 20:46 - 2013-12-23 13:33 - 12515016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-08-25 20:46 - 2013-12-23 13:33 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 03496752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 01062520 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-08-25 16:24 - 2014-01-09 15:01 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-08-25 14:35 - 2014-01-09 15:01 - 05165808 _____ C:\Windows\system32\nvcoproc.bin ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-07-19 17:07 - 2015-07-19 17:07 - 0000001 _____ () C:\Users\Administrator\AppData\Local\llftool.4.40.agreement 2014-11-10 23:25 - 2014-11-10 23:25 - 0000870 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\Matthias\QTCreator.bat Einige Dateien in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll C:\Users\Matthias\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-10 17:32 ==================== Ende von FRST.txt ============================ Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015 durchgeführt von Administrator (2015-09-19 19:39:22) Gestartet von C:\Users\Matthias\Desktop Windows 8.1 (X64) (2014-03-01 13:02:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1176592850-2972094272-1075556021-500 - Administrator - Enabled) => C:\Users\Administrator Gast (S-1-5-21-1176592850-2972094272-1075556021-501 - Limited - Disabled) Matthias (S-1-5-21-1176592850-2972094272-1075556021-1002 - Limited - Enabled) => C:\Users\Matthias ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Atom (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\atom) (Version: 1.0.15 - GitHub Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION) Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation) Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) CMake 3.3.0-rc2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.3.0-rc2) (Version: 3.3.0-rc2 - Kitware) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant) DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.) Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) FileZilla Client 3.10.0.2 (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) FileZilla Client 3.10.3 (HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Haskell Platform 7.10.2-a (HKLM\...\HaskellPlatform-7.10.2-a) (Version: - Haskell.org) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Node.js (HKLM-x32\...\{B716A4B0-5096-4132-A741-2D99CFF53207}) (Version: 0.12.7 - Joyent, Inc. and other Node contributors) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation) OpenTeacher (HKLM-x32\...\{07E3B694-5C5C-4971-AEE6-F3B4CDB09C43}) (Version: 3.0.0.1 - OpenTeacher Maintainers) Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) Python 3.5.0 (64-bit) (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.0 Add to Path (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Launcher (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 pip Bootstrap (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Tcl/Tk Support (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qt (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\{73031b0c-42e3-4fb8-8356-e265b46115f6}) (Version: 2.0.1 - The Qt Company Ltd) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games) Sid Meier's Civilization 4 Complete (HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games) Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.30.0 - 2BrightSparks) TDM-GCC (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\TDM-GCC) (Version: 1.1309.0 - TDM) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA) TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.214 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation) TOSHIBA Gesture Controller (HKLM-x32\...\{8C5B4504-3996-4F30-8F01-DA7A8455430B}) (Version: 4.0.110.2 - Toshiba Corporation) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH) TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version: - ) Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation) VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay Keine Datei CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002_Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InprocServer32 -> C:\Users\Matthias\FileZilla FTP Client\fzshellext_64.dll () CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay Keine Datei CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-500_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA) ==================== Wiederherstellungspunkte ========================= 13-09-2015 20:20:21 System Restore Point created by NetBalancer Setup 16-09-2015 21:02:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 18-09-2015 12:54:49 Python 3.5.0 (32-bit) 19-09-2015 19:35:45 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {ADA72936-D056-4D5C-BD34-44B996A255BC} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-09] (TOSHIBA Corporation) Task: {B659F18F-C189-4759-8F87-B270B6DDCAFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {BC4A3D7E-FB7B-42E8-8088-1AF02F0C1726} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-19] (Toshiba Europe GmbH) Task: {BFD120F6-3218-48F8-BBE0-C7DBB6ADA391} - System32\Tasks\{BCE9E01B-220F-4804-B5FF-A8A077EF2703} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.0.101/de/privacy?source=lightinstaller Task: {C6373104-30E9-4073-8BA8-1E537DBF0A12} - System32\Tasks\{1188AA77-BFC2-4A18-8D83-F5EE801B4915} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.0.101/de/abandoninstall?source=lightinstaller&page=tsPlugin Task: {CA5EC46A-B074-448E-A8D9-B47848B0CF75} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {F624F99B-5FD2-4801-8460-B8588CBBBD5F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2014-01-09 14:54 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthias\Pictures\Fertig\Wallpapers\Wallpaper2.png HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Toshiba\standard.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2CD07E91-45BA-4E3F-A259-C895FCE18E87}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{34BE7119-A0FC-4FE4-86DF-363A4CECB88F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{AF34F286-D165-4CF3-9D93-EDBDC2DFA5E4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{0CAA4BEA-7B40-4551-938E-6094F6A62B0E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{A51F5C99-C64D-4B09-BD8D-380090600945}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{CF9D0B2E-BBAD-49C4-B595-9049EEBD6E85}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{17CA0496-AC76-4280-8AF3-69DC7D0612F9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{F9C992D8-4EDD-4A56-8F54-CA9F48445E25}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [TCP Query User{3D342DC3-E7A7-43F5-9F48-93F975E8B8DE}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{4EB400F6-8A87-4CC5-9DD1-0C53A6192DC4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{585945A1-F00D-4203-95EB-5E22B1E52EB1}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{F0176762-6462-4697-BAB9-9E6650733BB2}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{D93C50F8-A977-4D50-95C9-1B3710EC537D}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe FirewallRules: [UDP Query User{B03D5EE2-F33C-41AD-9EC5-7B4CD074B9BC}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe FirewallRules: [TCP Query User{37EE1BAF-FE3D-4878-A219-FE3405B7D05E}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A4110CD2-6B4F-4DCB-B272-B55B86B993B7}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{650ABB4B-C1E9-42B3-B893-B029DE7BE56A}C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{584DC96D-29C7-4F25-ABC1-A6CA6AEC390B}C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{E2D4FA44-E739-4489-BAD7-789F641484A1}C:\users\matthias\programming\xampp\apache\bin\httpd.exe] => (Allow) C:\users\matthias\programming\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{005BE7CA-EFD8-4984-89BA-CABC41473287}C:\users\matthias\programming\xampp\apache\bin\httpd.exe] => (Allow) C:\users\matthias\programming\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{AD93162D-7C2B-4642-A868-7F8A24DF06A7}C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe] => (Allow) C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{AA09C223-7CD4-41AA-8236-1479E07961A9}C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe] => (Allow) C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe FirewallRules: [{B8F816F8-11E3-4087-B939-E674A9A744B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D1852A83-0A47-4C33-A2F3-A7F073B9DE55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B4BB364D-2905-425D-80D6-F0204B26EF91}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{67428DD1-0C9A-4293-AF6E-87620CC7C070}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EF928F60-9C6F-4D75-9BD1-2842F7F0D47A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{247A38B7-251D-4D94-93BC-9BDC5AFC5E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{1C0FCEA9-CADA-4E67-95EB-217D0616135E}E:\xampplite\apache\bin\apache.exe] => (Block) E:\xampplite\apache\bin\apache.exe FirewallRules: [UDP Query User{80359055-CEA0-42EB-9E96-9F244A155CE1}E:\xampplite\apache\bin\apache.exe] => (Block) E:\xampplite\apache\bin\apache.exe FirewallRules: [TCP Query User{4248F06B-3FBC-4244-97DD-8BB449B81E2E}E:\xampplite\mysql\bin\mysqld.exe] => (Block) E:\xampplite\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{DE679317-B26C-4949-BA21-7FCBB11E6FD0}E:\xampplite\mysql\bin\mysqld.exe] => (Block) E:\xampplite\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{93B031D5-93A3-49B3-8445-FFF33EE99550}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{441D5BA9-6959-48FB-806F-82DA1CF45AAF}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E0E55DE1-71E4-4E5C-A896-6B2A9FDF308E}C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe] => (Block) C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe FirewallRules: [UDP Query User{CFB5745B-B1E2-4B7A-9359-722D03C63376}C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe] => (Block) C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe FirewallRules: [TCP Query User{9DFEC015-54C5-4316-93DB-C1450B9FA2A7}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{F834D38E-ED3D-4284-917D-CE05A4A65FDC}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{AA84B6F9-E22E-4771-AB22-4D2E81EB41FA}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{9C185C5F-F249-4107-A81E-9462BFBA7C91}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{B4D16CBB-EEB8-469D-A4CE-F45351481312}F:\xampplite\apache\bin\apache.exe] => (Allow) F:\xampplite\apache\bin\apache.exe FirewallRules: [UDP Query User{EB716B6B-5800-474B-B21A-1E944A96ADEA}F:\xampplite\apache\bin\apache.exe] => (Allow) F:\xampplite\apache\bin\apache.exe FirewallRules: [TCP Query User{706A6D8C-2EC2-47AC-BFEB-6081E5392661}F:\xampplite\mysql\bin\mysqld.exe] => (Allow) F:\xampplite\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{C2129F97-09CC-42F0-AD05-FAE4B8F84243}F:\xampplite\mysql\bin\mysqld.exe] => (Allow) F:\xampplite\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{D028E132-B9DE-45B1-A3C5-21515894C6D8}E:\portable python 2.7.6.1\app\python.exe] => (Block) E:\portable python 2.7.6.1\app\python.exe FirewallRules: [UDP Query User{80E03E5C-B774-4550-BFD3-74A8EF394625}E:\portable python 2.7.6.1\app\python.exe] => (Block) E:\portable python 2.7.6.1\app\python.exe FirewallRules: [TCP Query User{424F3512-5004-45C3-8C87-D3F05256F10D}E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe] => (Block) E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe FirewallRules: [UDP Query User{A97078E1-2344-4D79-BBEE-0E1D2971ADA9}E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe] => (Block) E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe FirewallRules: [TCP Query User{A03958F4-8EB8-4F89-B6F9-88DAC4D796CD}C:\python34\python.exe] => (Block) C:\python34\python.exe FirewallRules: [UDP Query User{AA72A32E-7EA6-47A6-B61C-C6F6232FA049}C:\python34\python.exe] => (Block) C:\python34\python.exe FirewallRules: [{4D6A918A-222C-4A32-AA74-6A91F094CEA5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe FirewallRules: [TCP Query User{D5A9BB6D-58F1-4F6B-945C-C6C9902737E1}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{2C64E8C0-694D-458B-AF5F-AD89CDBC9C97}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{2BA7EA32-CD36-493C-A930-50F9BB4B7F33}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{46611372-DD68-4F8D-B88F-0BDAA271ABD8}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [TCP Query User{8520A711-438C-454E-A39A-F360401C1ECF}C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{5B42A3DE-677F-49F0-A77B-190345E49C61}C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{DBAA0C5E-A25D-485A-90D8-4B2E91769A30}C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe] => (Allow) C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe FirewallRules: [UDP Query User{D2567B9A-3965-47D9-A60B-2955A7A159FA}C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe] => (Allow) C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe FirewallRules: [TCP Query User{A9627B1F-85F1-48F1-9AC6-9F3A419A3BE7}C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [UDP Query User{9938E502-7241-4134-A9EA-7E908BDE37AE}C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{322D17CE-5C13-470E-AEAA-F17D2B61721D}] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{C6DF6284-9667-419A-919A-8572D9D0CEE2}] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{E9556089-9CA1-43BB-8C71-304D0F144A14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{656D703C-C7F2-43BF-B1BA-5E10D0CCB67D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{E127E3C0-87D6-4071-A40C-9222448CE333}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Block) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{0F98269C-832C-4D13-B731-027C413FE845}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Block) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{3C83BD9E-1994-4045-8F00-98800A68E2B5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{D1042054-23CF-451F-9CD1-EA0AEF5E33FF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{65FF9328-E93C-47A4-AE56-FB2902BBBFBB}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\Hearthstone\Battle.net\Battle.net.exe FirewallRules: [{8BD63C85-44E2-4B00-A864-0413D8DB9EB3}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\Hearthstone\Battle.net\Battle.net.exe FirewallRules: [{38B0F747-8AF6-45DE-8164-3A038C2E5D36}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{4F9B221B-1BFB-4871-98E5-B96B1422DFDA}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{AE631DB4-FA7D-46F4-B1B2-3E1034FE734F}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{8BE7F6F5-A5FD-4B51-9D38-1C3D891D5880}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{270A14F5-28E7-40FF-9C59-C2AFA74227D5}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{E381EC0E-871E-4C09-822C-DB51B7CBAA19}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{34AFF7EB-191F-43E9-9DCB-EF192FDDE84A}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{32562A2B-F702-496A-B43D-EC0064541018}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{4CD54D25-A91A-4CC1-A7CB-CF91CBD4CD34}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{06AA4278-E574-40B6-8DE2-E6220D782F9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0D74D6B5-5214-4C16-ABAF-2A2DB940A12A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0BA1FADE-A7AC-473F-8391-A3DDFF0F4694}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{3CEA4925-F886-49D5-A84E-00B7667F6F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3CA3BE4D-5082-411D-8CEE-CF899F671506}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{62C1D468-17BF-433B-B271-6C50BA2CFE5A}C:\users\matthias\webdev\nodejs\node.exe] => (Allow) C:\users\matthias\webdev\nodejs\node.exe FirewallRules: [UDP Query User{464B0FFF-4DB5-4410-B163-A4D85CDEB02D}C:\users\matthias\webdev\nodejs\node.exe] => (Allow) C:\users\matthias\webdev\nodejs\node.exe FirewallRules: [TCP Query User{DD179B08-5C70-4B82-869A-7C41326F09B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3391D3C5-384A-44BA-9131-7F655F8CD964}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{4A567E09-2434-4E8C-9F3F-E4100A0A3BA1}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe FirewallRules: [UDP Query User{A5594166-7133-46FA-943C-9B68351C65D9}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe FirewallRules: [TCP Query User{E469B88B-A355-4B77-8005-FCB3D2E72F3F}C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe] => (Allow) C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe FirewallRules: [UDP Query User{A41D7CC6-A56D-4DEE-B023-38132C0F0748}C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe] => (Allow) C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Intel(R) 8 Series/C220 Series USB EHCI #1 - 8C26 Description: Intel(R) 8 Series/C220 Series USB EHCI #1 - 8C26 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/19/2015 07:29:08 PM) (Source: Service1) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.Runtime.InteropServices.COMException (0x80010002): Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementEventWatcher.Initialize() bei System.Management.ManagementEventWatcher.Start() bei dts_apo_service.Service1.StartRegistryWatcher() bei dts_apo_service.Service1.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/19/2015 07:27:05 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen. Error: (09/19/2015 05:24:37 PM) (Source: Service1) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.Runtime.InteropServices.COMException (0x80010002): Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementEventWatcher.Initialize() bei System.Management.ManagementEventWatcher.Start() bei dts_apo_service.Service1.StartRegistryWatcher() bei dts_apo_service.Service1.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/19/2015 12:28:15 PM) (Source: Service1) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.Runtime.InteropServices.COMException (0x80010002): Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementEventWatcher.Initialize() bei System.Management.ManagementEventWatcher.Start() bei dts_apo_service.Service1.StartRegistryWatcher() bei dts_apo_service.Service1.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/19/2015 12:53:06 AM) (Source: Service1) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.Runtime.InteropServices.COMException (0x80010002): Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementEventWatcher.Initialize() bei System.Management.ManagementEventWatcher.Start() bei dts_apo_service.Service1.StartRegistryWatcher() bei dts_apo_service.Service1.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/18/2015 01:13:38 PM) (Source: NetBalancer Toolbar) (EventID: 0) (User: ) Description: Deskband exception: System.ArgumentException: Eine Unterschlüsselstruktur kann nicht gelöscht werden, da der Unterschlüssel nicht vorhanden ist. bei Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey, Boolean throwOnMissingSubKey) bei SeriousBit.NetBalancer.DeskBand.DeskBand.Unregister(Type t) Error: (09/17/2015 10:27:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vector_add.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x1bc Startzeit der fehlerhaften Anwendung: 0xvector_add.exe0 Pfad der fehlerhaften Anwendung: vector_add.exe1 Pfad des fehlerhaften Moduls: vector_add.exe2 Berichtskennung: vector_add.exe3 Vollständiger Name des fehlerhaften Pakets: vector_add.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vector_add.exe5 Error: (09/17/2015 10:27:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vector_add.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x11ec Startzeit der fehlerhaften Anwendung: 0xvector_add.exe0 Pfad der fehlerhaften Anwendung: vector_add.exe1 Pfad des fehlerhaften Moduls: vector_add.exe2 Berichtskennung: vector_add.exe3 Vollständiger Name des fehlerhaften Pakets: vector_add.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vector_add.exe5 Error: (09/17/2015 09:18:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe, Version: 0.0.0.0, Zeitstempel: 0x00050000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0xfb4 Startzeit der fehlerhaften Anwendung: 0xFacebook_Data_Analyzer.exe0 Pfad der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe1 Pfad des fehlerhaften Moduls: Facebook_Data_Analyzer.exe2 Berichtskennung: Facebook_Data_Analyzer.exe3 Vollständiger Name des fehlerhaften Pakets: Facebook_Data_Analyzer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Facebook_Data_Analyzer.exe5 Error: (09/17/2015 08:33:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe, Version: 0.0.0.0, Zeitstempel: 0x00050000 Name des fehlerhaften Moduls: libgcc_s_dw2-1.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68dd1 Ausnahmecode: 0xc0000135 Fehleroffset: 0x0009d4f2 ID des fehlerhaften Prozesses: 0x1ac0 Startzeit der fehlerhaften Anwendung: 0xFacebook_Data_Analyzer.exe0 Pfad der fehlerhaften Anwendung: Facebook_Data_Analyzer.exe1 Pfad des fehlerhaften Moduls: Facebook_Data_Analyzer.exe2 Berichtskennung: Facebook_Data_Analyzer.exe3 Vollständiger Name des fehlerhaften Pakets: Facebook_Data_Analyzer.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Facebook_Data_Analyzer.exe5 Systemfehler: ============= Error: (09/19/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TPCH Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TMachInfo" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/19/2015 07:36:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA eco Utility Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA Optical Disc Drive Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/19/2015 07:36:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TOSHIBA HDD Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2015-09-19 19:30:30.743 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 17:25:52.566 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 12:29:25.873 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 00:54:10.422 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-14 21:37:15.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:14.831 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:14.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:06.314 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:06.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:05.970 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Prozentuale Nutzung des RAM: 10% Installierter physikalischer RAM: 16308.09 MB Verfügbarer physikalischer RAM: 14533.6 MB Summe virtueller Speicher: 18740.09 MB Verfügbarer virtueller Speicher: 16741.01 MB ==================== Laufwerke ================================ Drive c: (TI31250700A) (Fixed) (Total:695.07 GB) (Free:492.26 GB) NTFS Drive d: (TQGOLD) (CDROM) (Total:4.39 GB) (Free:0 GB) UDF ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================ LG SoftDrive |
20.09.2015, 12:11 | #6 |
/// the machine /// TB-Ausbilder | Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen |
20.09.2015, 18:48 | #7 |
| Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen Hallo schrauber, ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b649d42c5923934fba016ce81be7a3d8 # end=init # utc_time=2015-09-20 12:52:36 # local_time=2015-09-20 02:52:36 (+0100, Mitteleurop�ische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 25853 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b649d42c5923934fba016ce81be7a3d8 # end=updated # utc_time=2015-09-20 01:11:25 # local_time=2015-09-20 03:11:25 (+0100, Mitteleurop�ische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b649d42c5923934fba016ce81be7a3d8 # engine=25853 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-09-20 05:24:29 # local_time=2015-09-20 07:24:29 (+0100, Mitteleurop�ische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 3448728 67651162 0 0 # scanned=1347025 # found=2 # cleaned=0 # scan_time=15183 sh=9637A867CBA4BF695E3E64F3985CA5EF16DC543E ft=0 fh=0000000000000000 vn="Win32/Exploit.CVE-2014-0322.A Trojaner" ac=I fn="C:\Users\Matthias\eBooks\Programming\Python\ghp_project_files.zip" sh=9637A867CBA4BF695E3E64F3985CA5EF16DC543E ft=0 fh=0000000000000000 vn="Win32/Exploit.CVE-2014-0322.A Trojaner" ac=I fn="E:\eBooks\Programming\Python\ghp_project_files.zip" "Probleme" aka Symptome an sich habe ich keine, die Malware versucht ja unentdeckt zu bleiben. checkup: Code:
ATTFilter Results of screen317's Security Check version 1.008 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Visual Studio Extensions for Windows Library for JavaScript Java version 32-bit out of Date! Adobe Flash Player 18.0.0.232 Mozilla Firefox (40.0.3) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` [CODE] FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von Administrator (Administrator) auf TOSHIBA (20-09-2015 19:38:07) Gestartet von C:\Users\Matthias\Desktop Geladene Profile: Matthias & Administrator (Verfügbare Profile: Matthias & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Windows\SysWOW64\SMITSC.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe () C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\system\rads_user_kernel.exe () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_launcher\releases\0.0.0.255\deploy\LoLLauncher.exe () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\LoLPatcher.exe () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\LolClient.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe (GitHub, Inc.) C:\Users\Matthias\AppData\Local\atom\app-1.0.15\atom.exe () C:\MinGWold\msys\1.0\bin\sh.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\solutions\lol_game_client_sln\releases\0.0.1.105\deploy\League of Legends.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-12] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-09-10] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [Syncios device service] => C:\Users\Matthias\Syncios\SynciosDeviceService.exe HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-08] (Spotify Ltd) HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.) HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C1].txt [812 2015-09-19] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-03-17] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5F0A2998-F66B-4FBF-9B8D-22285F4278F5}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{D94BEBDA-8147-4AB4-B78B-7B2CBA10ED73}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500 -> DefaultScope {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = SearchScopes: HKU\S-1-5-21-1176592850-2972094272-1075556021-500 -> {E117E4B1-0379-46B7-B1A7-1D7FC590EBEE} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yaivfozv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin HKU\S-1-5-21-1176592850-2972094272-1075556021-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Keine Datei Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-10] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-09-10] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG) S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2015-01-08] () [Datei ist nicht signiert] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH) S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 mpfilt; C:\Windows\SysWOW64\drivers\mpfilt.sys [10588 2013-05-21] () [Datei ist nicht signiert] R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3497240 2015-03-23] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 iscFlash; \??\C:\Windows\Temp\ArchesP10SP10SG_BIOS_V150_WIN\x64\iscflashx64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-20 19:35 - 2015-09-20 19:35 - 00000787 _____ C:\Users\Administrator\Desktop\checkup.txt 2015-09-20 19:30 - 2015-09-20 19:30 - 00852704 _____ C:\Users\Matthias\Desktop\SecurityCheck.exe 2015-09-20 14:52 - 2015-09-20 14:52 - 00000000 ____D C:\Program Files (x86)\ESET 2015-09-20 14:51 - 2015-09-20 14:51 - 02870984 _____ (ESET) C:\Users\Matthias\Desktop\esetsmartinstaller_deu.exe 2015-09-20 11:45 - 2015-09-20 11:48 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Apple Computer 2015-09-20 11:45 - 2015-09-20 11:45 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-09-20 11:45 - 2015-09-20 11:45 - 00000000 ____D C:\Users\Matthias\AppData\Local\Apple Computer 2015-09-20 11:45 - 2015-09-20 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-20 11:44 - 2015-09-20 11:45 - 00000000 ____D C:\Program Files\iTunes 2015-09-20 11:44 - 2015-09-20 11:44 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-20 11:44 - 2015-09-20 11:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2015-09-20 11:44 - 2015-09-20 11:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple 2015-09-20 11:44 - 2015-09-20 11:44 - 00000000 ____D C:\ProgramData\Apple Computer 2015-09-20 11:44 - 2015-09-20 11:44 - 00000000 ____D C:\Program Files\iPod 2015-09-20 11:44 - 2015-09-20 11:44 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-20 11:44 - 2015-09-20 11:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-09-20 11:43 - 2015-09-20 11:44 - 00000000 ____D C:\ProgramData\Apple 2015-09-20 11:43 - 2015-09-20 11:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-20 11:43 - 2015-09-20 11:43 - 00000000 ____D C:\Program Files\Bonjour 2015-09-20 11:43 - 2015-09-20 11:43 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-09-20 11:40 - 2015-09-20 11:40 - 167601944 _____ (Apple Inc.) C:\Users\Matthias\Downloads\iTunes6464Setup.exe 2015-09-19 19:38 - 2015-09-20 19:38 - 00022289 _____ C:\Users\Matthias\Desktop\FRST.txt 2015-09-19 19:37 - 2015-09-19 19:37 - 00000745 _____ C:\Users\Administrator\Desktop\JRT.txt 2015-09-19 19:26 - 2015-09-19 19:26 - 00000672 _____ C:\Users\Administrator\Desktop\AdwCleaner[S2].txt 2015-09-19 17:32 - 2015-09-19 17:32 - 01798976 _____ (Malwarebytes) C:\Users\Matthias\Desktop\JRT.exe 2015-09-19 17:32 - 2015-09-19 17:32 - 01662976 _____ C:\Users\Matthias\Desktop\AdwCleaner_5.008.exe 2015-09-19 12:40 - 2015-09-19 12:40 - 00005331 _____ C:\Users\Matthias\AppData\Local\recently-used.xbel 2015-09-18 17:51 - 2015-09-18 17:51 - 00448512 _____ (OldTimer Tools) C:\Users\Matthias\Desktop\TFC.exe 2015-09-18 17:21 - 2015-09-19 19:26 - 00000000 ____D C:\AdwCleaner 2015-09-18 15:10 - 2015-09-20 19:38 - 00000000 ____D C:\FRST 2015-09-18 15:10 - 2015-09-18 15:10 - 02191360 _____ (Farbar) C:\Users\Matthias\Desktop\FRST64.exe 2015-09-18 14:06 - 2015-09-18 14:06 - 00001298 _____ C:\Users\Administrator\Desktop\mbam.txt 2015-09-18 13:24 - 2015-09-18 14:07 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-18 13:24 - 2015-09-18 13:25 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-18 13:24 - 2015-09-18 13:24 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-18 13:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-18 13:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-18 13:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-18 13:18 - 2015-09-18 13:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Downloads\mbam-setup-2.1.8.1057(1).exe 2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Python35 2015-09-18 12:58 - 2015-09-18 12:58 - 29495840 _____ (Python Software Foundation) C:\Users\Matthias\Downloads\python-3.5.0-amd64.exe 2015-09-18 12:56 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5 2015-09-18 12:55 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Matthias\AppData\Local\Package Cache 2015-09-18 12:55 - 2015-06-04 15:28 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-09-18 12:55 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-09-18 12:48 - 2015-09-18 12:48 - 00483100 _____ C:\Users\Matthias\Downloads\Console-1.5.zip 2015-09-18 12:28 - 2015-09-18 12:30 - 00001944 _____ C:\Users\Matthias\Desktop\Flights.txt 2015-09-17 20:43 - 2015-09-17 20:43 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\TDM-GCC 2015-09-17 20:42 - 2015-09-17 20:43 - 00000000 ____D C:\TDM-GCC-32 2015-09-17 20:21 - 2015-09-17 20:21 - 00002642 _____ C:\Users\Matthias\Downloads\FctParser-Sources.zip 2015-09-17 17:11 - 2015-09-17 17:11 - 00028567 _____ C:\Users\Matthias\Downloads\source.zip 2015-09-17 16:00 - 2015-09-17 16:00 - 00044163 _____ C:\Users\Matthias\Downloads\rapidxml-1.13.zip 2015-09-17 14:59 - 2015-09-17 14:59 - 00039997 _____ C:\Users\Matthias\Downloads\bigint-2010.04.30.zip 2015-09-17 14:59 - 2015-09-17 14:59 - 00014088 _____ C:\Users\Matthias\Downloads\bigint-6-0-src.7z 2015-09-17 14:58 - 2015-09-17 14:58 - 02319400 _____ C:\Users\Matthias\Downloads\gmp-6.0.0a.tar.bz2 2015-09-17 13:46 - 2015-09-17 15:05 - 00016950 _____ C:\Users\Matthias\Desktop\bigint.txt 2015-09-17 13:38 - 2015-09-17 13:38 - 00008492 _____ C:\Users\Matthias\Downloads\sercantutar-infint-6af5513.zip 2015-09-17 13:20 - 2015-09-17 13:20 - 00655252 _____ C:\Users\Matthias\Downloads\tidy.tar.gz 2015-09-17 13:19 - 2015-09-17 13:19 - 00109149 _____ C:\Users\Matthias\Downloads\tidy.zip 2015-09-17 13:19 - 2015-09-17 13:19 - 00079219 _____ C:\Users\Matthias\Downloads\libtidy.7z 2015-09-17 13:10 - 2015-09-17 13:10 - 62070761 _____ C:\Users\Matthias\Downloads\gtkmm-win32-devel-2.22.0-2.exe 2015-09-17 13:05 - 2015-09-17 13:05 - 00959900 _____ C:\Users\Matthias\Downloads\libxml++-2.39.2.tar.xz 2015-09-17 13:04 - 2015-09-17 13:05 - 00313290 _____ C:\Users\Matthias\Downloads\curlpp-master.zip 2015-09-17 00:06 - 2015-09-17 00:06 - 36802006 _____ C:\Users\Matthias\Downloads\tdm-gcc-5.1.0-3.exe 2015-09-16 23:33 - 2015-09-16 23:33 - 01764120 _____ C:\Users\Matthias\Downloads\facebook-<name>2.zip 2015-09-16 22:12 - 2015-09-16 22:12 - 00003484 _____ C:\Users\Matthias\Downloads\qtcreator-cmake-0.1.tar.xz 2015-09-16 21:00 - 2015-09-16 22:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 2015-09-16 20:32 - 2015-09-16 23:02 - 00000000 ____D C:\Qt 2015-09-16 20:22 - 2015-09-16 20:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Matthias\Downloads\HijackThis.exe 2015-09-16 20:22 - 2015-09-16 20:22 - 00012280 _____ C:\Users\Matthias\Downloads\hijackthis.log 2015-09-16 20:10 - 2015-09-16 20:13 - 17144128 _____ C:\Users\Matthias\Downloads\qt-unified-windows-x86-2.0.2-2-online.exe 2015-09-16 18:19 - 2015-09-16 18:19 - 09286720 _____ (Cadence Design Systems, Inc.) C:\Users\Matthias\Downloads\OrCAD_PSpice_Schematics_16.6.exe 2015-09-15 20:26 - 2015-09-15 20:27 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\ghc 2015-09-15 20:21 - 2015-09-15 20:21 - 00000000 ____D C:\Program Files\Haskell Platform 2015-09-15 20:11 - 2015-09-15 20:12 - 202351400 _____ C:\Users\Matthias\Downloads\HaskellPlatform-7.10.2-a-x86_64-setup.exe 2015-09-14 19:20 - 2015-09-14 19:21 - 195200088 _____ (Oracle Corporation) C:\Users\Matthias\Downloads\jdk-8u60-windows-x64.exe 2015-09-14 19:18 - 2015-09-14 19:20 - 204446272 _____ C:\Users\Matthias\Downloads\ideaIC-14.1.4.exe 2015-09-14 19:17 - 2015-09-14 19:20 - 362135497 _____ C:\Users\Matthias\Downloads\ideaIC-14.1.4-src.tar.bz2 2015-09-14 18:59 - 2015-09-14 19:00 - 78888007 _____ C:\Users\Matthias\Downloads\M.A.R.S.-master.zip 2015-09-14 08:45 - 2015-09-14 08:45 - 06988622 _____ C:\Users\Matthias\Downloads\PEW.ZIP 2015-09-14 08:45 - 2015-09-14 08:45 - 00000000 ____D C:\Users\Matthias\Downloads\PEW 2015-09-14 08:43 - 2015-09-14 08:44 - 00000000 ____D C:\Users\Matthias\Downloads\Pew-master 2015-09-14 08:31 - 2015-09-14 08:31 - 05462418 _____ C:\Users\Matthias\Downloads\Pew-master.zip 2015-09-14 08:30 - 2015-09-14 08:30 - 07015361 _____ C:\Users\Matthias\Downloads\sfml-spaceshooter-1.0alpha3.tar.gz 2015-09-13 21:14 - 2015-09-13 21:14 - 29202490 _____ C:\Users\Matthias\Downloads\wireshark-1.12.7.tar.bz2 2015-09-13 20:21 - 2015-09-13 20:21 - 00000000 ____D C:\ProgramData\SeriousBit 2015-09-13 20:20 - 2015-02-05 19:47 - 00042128 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys 2015-09-13 20:19 - 2015-09-13 20:19 - 04119400 _____ (SeriousBit ) C:\Users\Matthias\Downloads\NetBalancerSetup.exe 2015-09-13 19:49 - 2015-09-13 19:49 - 06688913 _____ C:\Users\Matthias\Downloads\gvim74.exe 2015-09-13 14:44 - 2015-09-13 14:44 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7 2015-09-13 14:40 - 2015-09-13 14:41 - 18423808 _____ C:\Users\Matthias\Downloads\python-2.7.10.msi 2015-09-13 14:25 - 2015-09-13 14:26 - 04363893 _____ C:\Users\Matthias\Downloads\chat-part-one.zip 2015-09-13 13:32 - 2015-09-13 15:32 - 00000000 ____D C:\Users\Matthias\Documents\gescannte Dokumente 2015-09-13 13:03 - 2015-09-13 13:03 - 05463571 _____ C:\Users\Matthias\Downloads\gegl-0.3.0.tar.bz2 2015-09-13 13:03 - 2015-09-13 13:03 - 00471664 _____ C:\Users\Matthias\Downloads\babl-0.1.8.tar.bz2 2015-09-12 18:48 - 2015-09-12 18:48 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\LolClient 2015-09-12 17:35 - 2015-09-12 17:38 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Riot Games 2015-09-12 17:20 - 2015-09-12 17:20 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-09-12 17:19 - 2015-09-12 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-12 17:16 - 2015-09-12 17:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2015-09-12 17:16 - 2015-09-12 17:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skype 2015-09-11 19:35 - 2015-09-11 19:37 - 387491700 _____ C:\Users\Matthias\Downloads\cocos2d-x-3.8.zip 2015-09-11 15:32 - 2015-09-11 15:32 - 00000000 ____D C:\Users\Matthias\Downloads\PhoneGap-Desktop-Beta-0.1.9-win 2015-09-11 15:31 - 2015-09-11 15:32 - 45993589 _____ C:\Users\Matthias\Downloads\PhoneGap-Desktop-Beta-0.1.9-win.zip 2015-09-11 15:30 - 2015-09-11 15:30 - 00000000 ____D C:\Users\Matthias\Downloads\phonegap-2.9.1 2015-09-11 15:29 - 2015-09-11 15:29 - 20277866 _____ C:\Users\Matthias\Downloads\phonegap-2.9.1.zip 2015-09-11 15:20 - 2015-09-13 21:10 - 00000000 ____D C:\Users\Matthias\AppData\Local\PhoneGap 2015-09-11 15:20 - 2015-09-11 15:20 - 00001295 _____ C:\Users\Matthias\Desktop\PhoneGap.lnk 2015-09-11 13:58 - 2015-09-11 13:58 - 00000000 ____D C:\Users\Matthias\Tracing 2015-09-11 13:48 - 2015-09-11 14:06 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\Users\Matthias\AppData\Local\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\ProgramData\Skype 2015-09-11 13:48 - 2015-09-11 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-11 13:46 - 2015-09-11 13:46 - 01506832 _____ (Skype Technologies S.A.) C:\Users\Matthias\Downloads\SkypeSetup.exe 2015-09-11 13:46 - 2015-09-11 13:46 - 00003134 _____ C:\Windows\System32\Tasks\{1188AA77-BFC2-4A18-8D83-F5EE801B4915} 2015-09-11 13:46 - 2015-09-11 13:46 - 00003084 _____ C:\Windows\System32\Tasks\{BCE9E01B-220F-4804-B5FF-A8A077EF2703} 2015-09-10 21:58 - 2015-09-15 20:13 - 00000000 ____D C:\Users\Matthias\Documents\Bewerbung DH-Studium 2015 (2016) 2015-09-10 20:35 - 2015-09-10 20:35 - 00000000 ____D C:\Users\Matthias\.plugman 2015-09-10 20:34 - 2015-09-10 20:34 - 00000000 ____D C:\Users\Matthias\.cordova 2015-09-10 20:31 - 2015-09-10 20:31 - 26686992 _____ (Adobe Inc. ) C:\Users\Matthias\Downloads\PhoneGapSetup.exe 2015-09-10 20:30 - 2015-09-17 22:33 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\npm-cache 2015-09-10 19:45 - 2015-09-10 19:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-09-10 17:17 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-10 17:17 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-10 17:17 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-10 17:17 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-10 17:17 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-10 17:17 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-10 17:17 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-10 17:17 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-10 17:16 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-10 17:16 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-10 17:16 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-10 17:16 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-10 17:16 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-10 17:16 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-10 17:16 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-10 17:16 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-10 17:16 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-10 17:16 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-10 17:16 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-10 17:16 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-10 17:16 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-10 17:16 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-10 17:16 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-10 17:16 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-10 17:16 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-10 17:16 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-10 17:16 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-10 17:16 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-10 17:16 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-10 17:16 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-10 17:16 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-10 17:16 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-10 17:16 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-10 17:16 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-10 17:16 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-10 17:16 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-10 17:16 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-10 17:15 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-10 17:15 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-10 17:15 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-10 17:15 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-10 17:15 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-10 17:15 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-10 17:15 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-10 17:15 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-10 17:15 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-10 17:15 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-10 17:15 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-10 17:15 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-10 17:15 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-10 17:15 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-10 17:15 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-10 17:15 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-10 17:15 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-10 17:15 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-10 17:15 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-10 17:15 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-10 17:15 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-10 17:15 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-09-10 17:12 - 2015-09-19 00:51 - 00000000 ____D C:\Windows\SysWOW64\NV 2015-09-10 17:12 - 2015-09-19 00:51 - 00000000 ____D C:\Windows\system32\NV 2015-09-10 17:11 - 2015-08-25 20:46 - 42840368 _____ C:\Windows\system32\nvcompiler.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 37819184 _____ C:\Windows\SysWOW64\nvcompiler.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 17082392 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 16637336 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 15512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 14635792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 13661160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 12185152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 11089200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-09-10 17:11 - 2015-08-25 20:46 - 02940720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 02627704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01075320 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 01064752 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00945456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00364336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-09-10 17:11 - 2015-08-25 20:46 - 00031352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys 2015-09-10 17:07 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-09-10 17:07 - 2015-08-11 06:52 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-20 19:16 - 2014-03-01 22:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-20 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-20 17:34 - 2014-01-09 15:00 - 01682932 _____ C:\Windows\WindowsUpdate.log 2015-09-20 15:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-09-20 14:52 - 2013-11-24 18:53 - 03702232 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-20 14:52 - 2013-08-28 12:25 - 00800316 _____ C:\Windows\system32\perfh013.dat 2015-09-20 14:52 - 2013-08-28 12:25 - 00162836 _____ C:\Windows\system32\perfc013.dat 2015-09-20 14:52 - 2013-08-28 12:16 - 00796064 _____ C:\Windows\system32\perfh010.dat 2015-09-20 14:52 - 2013-08-28 12:16 - 00156926 _____ C:\Windows\system32\perfc010.dat 2015-09-20 14:52 - 2013-08-28 11:59 - 00769092 _____ C:\Windows\system32\perfh007.dat 2015-09-20 14:52 - 2013-08-28 11:59 - 00160376 _____ C:\Windows\system32\perfc007.dat 2015-09-20 13:13 - 2014-03-01 15:08 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1176592850-2972094272-1075556021-1002 2015-09-20 12:10 - 2014-11-22 12:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\CodeBlocks 2015-09-20 11:56 - 2014-11-03 22:39 - 00000000 ____D C:\Users\Matthias\Downloads\S 2015-09-20 11:44 - 2014-03-02 19:25 - 00000000 ____D C:\Users\Matthias\Documents\Outlook-Dateien 2015-09-20 11:41 - 2015-07-28 15:27 - 00000000 ____D C:\Users\Matthias\MediaMonkey 2015-09-20 11:05 - 2013-08-22 16:46 - 00210698 _____ C:\Windows\setupact.log 2015-09-20 11:02 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-19 19:36 - 2014-01-09 15:29 - 17241634 _____ C:\Users\Public\CAFADEBUG.log 2015-09-19 19:24 - 2014-03-02 01:14 - 00000000 ____D C:\Users\Matthias\AppData\Local\Spotify 2015-09-19 17:39 - 2014-03-02 01:14 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Spotify 2015-09-19 12:41 - 2014-03-02 11:42 - 00000000 ____D C:\Users\Matthias\.gimp-2.8 2015-09-19 12:40 - 2014-03-02 11:55 - 00000000 ____D C:\Users\Matthias\AppData\Local\gtk-2.0 2015-09-19 12:39 - 2014-11-25 23:10 - 00000000 ____D C:\Users\Matthias\Desktop\txt 2015-09-19 01:03 - 2015-08-05 09:36 - 00002195 _____ C:\Users\Matthias\Desktop\Atom.lnk 2015-09-19 01:03 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2015-09-19 01:02 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Local\SquirrelTemp 2015-09-19 01:02 - 2015-08-05 09:36 - 00000000 ____D C:\Users\Matthias\AppData\Local\atom 2015-09-19 00:51 - 2013-11-25 03:39 - 00371616 _____ C:\Windows\PFRO.log 2015-09-18 19:11 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-09-18 13:24 - 2014-03-01 23:03 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\QtProject 2015-09-18 13:03 - 2014-01-09 15:12 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-18 13:03 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-18 12:58 - 2014-03-28 18:34 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4 2015-09-18 12:53 - 2015-07-28 15:28 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\MediaMonkey 2015-09-17 22:31 - 2015-08-05 12:51 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\npm 2015-09-17 12:27 - 2014-03-05 23:22 - 00000000 ____D C:\Users\Matthias\Documents\Excel 2015-09-16 22:08 - 2014-03-01 15:02 - 00000000 ____D C:\Users\Matthias 2015-09-16 22:07 - 2014-07-11 12:31 - 00000000 ____D C:\Users\Matthias\Spiele 2015-09-16 22:06 - 2015-07-31 22:05 - 00000000 ____D C:\Users\Matthias\eBooks 2015-09-16 21:05 - 2014-03-02 12:51 - 00000000 ___RD C:\Users\Matthias\Programming 2015-09-16 06:28 - 2015-07-31 16:00 - 00000671 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2015-09-15 14:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-09-14 06:36 - 2014-03-01 15:02 - 00000000 ____D C:\Users\Matthias\AppData\Local\Packages 2015-09-13 19:54 - 2014-03-04 18:29 - 00026401 ____H C:\Users\Matthias\_viminfo 2015-09-12 17:24 - 2014-03-01 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-12 17:20 - 2014-03-01 18:14 - 00000000 ____D C:\Users\Administrator 2015-09-12 17:18 - 2015-08-09 19:09 - 00000000 ____D C:\Program Files (x86)\JetBrains 2015-09-11 15:19 - 2014-05-03 12:09 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-09-11 13:46 - 2014-12-13 00:20 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieBrowserModeList 2015-09-11 13:46 - 2014-05-23 17:11 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieUserList 2015-09-11 13:46 - 2014-05-23 17:11 - 00000000 __SHD C:\Users\Matthias\AppData\Local\EmieSiteList 2015-09-11 11:21 - 2013-08-22 16:44 - 00416032 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-11 00:56 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 18:23 - 2014-03-02 18:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-10 18:21 - 2013-08-22 21:11 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-10 18:21 - 2013-08-22 15:25 - 00000199 _____ C:\Windows\win.ini 2015-09-10 18:19 - 2014-03-01 15:38 - 00000000 ____D C:\Windows\system32\MRT 2015-09-10 17:12 - 2014-01-09 15:01 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-10 17:07 - 2014-01-09 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-09-10 17:06 - 2014-03-01 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-08-27 02:37 - 2014-06-02 18:53 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-08-27 02:37 - 2014-03-02 19:08 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-08-27 02:36 - 2014-06-02 18:53 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-08-27 02:36 - 2014-03-02 19:08 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-08-26 18:37 - 2014-03-01 15:38 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-25 20:46 - 2015-06-13 14:46 - 03112904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-08-25 20:46 - 2014-03-02 19:13 - 00944736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 03527696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 01106672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-08-25 20:46 - 2014-01-09 15:00 - 00033025 _____ C:\Windows\system32\nvinfo.pb 2015-08-25 20:46 - 2013-12-23 13:33 - 12515016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-08-25 20:46 - 2013-12-23 13:33 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 03496752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 01062520 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-08-25 16:24 - 2014-01-09 15:01 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2015-08-25 16:24 - 2014-01-09 15:01 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-08-25 14:35 - 2014-01-09 15:01 - 05165808 _____ C:\Windows\system32\nvcoproc.bin ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-07-19 17:07 - 2015-07-19 17:07 - 0000001 _____ () C:\Users\Administrator\AppData\Local\llftool.4.40.agreement 2014-11-10 23:25 - 2014-11-10 23:25 - 0000870 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\Matthias\QTCreator.bat Einige Dateien in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll C:\Users\Matthias\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-10 17:32 ==================== Ende von FRST.txt ============================ |
20.09.2015, 18:50 | #8 |
| Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015 durchgeführt von Administrator (2015-09-20 19:39:02) Gestartet von C:\Users\Matthias\Desktop Windows 8.1 (X64) (2014-03-01 13:02:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1176592850-2972094272-1075556021-500 - Administrator - Enabled) => C:\Users\Administrator Gast (S-1-5-21-1176592850-2972094272-1075556021-501 - Limited - Disabled) Matthias (S-1-5-21-1176592850-2972094272-1075556021-1002 - Limited - Enabled) => C:\Users\Matthias ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Atom (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\atom) (Version: 1.0.15 - GitHub Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation) Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) CMake 3.3.0-rc2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.3.0-rc2) (Version: 3.3.0-rc2 - Kitware) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant) DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.) Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileZilla Client 3.10.0.2 (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) FileZilla Client 3.10.3 (HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Haskell Platform 7.10.2-a (HKLM\...\HaskellPlatform-7.10.2-a) (Version: - Haskell.org) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation) iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Node.js (HKLM-x32\...\{B716A4B0-5096-4132-A741-2D99CFF53207}) (Version: 0.12.7 - Joyent, Inc. and other Node contributors) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation) OpenTeacher (HKLM-x32\...\{07E3B694-5C5C-4971-AEE6-F3B4CDB09C43}) (Version: 3.0.0.1 - OpenTeacher Maintainers) Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) Python 3.5.0 (64-bit) (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.0 Add to Path (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Launcher (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 pip Bootstrap (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Tcl/Tk Support (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (64-bit) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qt (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\{73031b0c-42e3-4fb8-8356-e265b46115f6}) (Version: 2.0.1 - The Qt Company Ltd) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games) Sid Meier's Civilization 4 Complete (HKU\S-1-5-21-1176592850-2972094272-1075556021-500\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games) Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.30.0 - 2BrightSparks) TDM-GCC (HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\TDM-GCC) (Version: 1.1309.0 - TDM) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA) TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.214 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation) TOSHIBA Gesture Controller (HKLM-x32\...\{8C5B4504-3996-4F30-8F01-DA7A8455430B}) (Version: 4.0.110.2 - Toshiba Corporation) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH) TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version: - ) Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation) VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay Keine Datei CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-1002_Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InprocServer32 -> C:\Users\Matthias\FileZilla FTP Client\fzshellext_64.dll () CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay Keine Datei CustomCLSID: HKU\S-1-5-21-1176592850-2972094272-1075556021-500_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA) ==================== Wiederherstellungspunkte ========================= 13-09-2015 20:20:21 System Restore Point created by NetBalancer Setup 16-09-2015 21:02:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 18-09-2015 12:54:49 Python 3.5.0 (32-bit) 19-09-2015 19:35:45 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {31E81D1F-9A58-42AC-95DE-5BFA328D35B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {9428CB5D-87CD-4B51-BA52-5BCE7BB0F653} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {ADA72936-D056-4D5C-BD34-44B996A255BC} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-09] (TOSHIBA Corporation) Task: {B659F18F-C189-4759-8F87-B270B6DDCAFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {BC4A3D7E-FB7B-42E8-8088-1AF02F0C1726} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-19] (Toshiba Europe GmbH) Task: {BFD120F6-3218-48F8-BBE0-C7DBB6ADA391} - System32\Tasks\{BCE9E01B-220F-4804-B5FF-A8A077EF2703} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.0.101/de/privacy?source=lightinstaller Task: {C6373104-30E9-4073-8BA8-1E537DBF0A12} - System32\Tasks\{1188AA77-BFC2-4A18-8D83-F5EE801B4915} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.10.0.101/de/abandoninstall?source=lightinstaller&page=tsPlugin Task: {F624F99B-5FD2-4801-8460-B8588CBBBD5F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-01-09 15:00 - 2015-08-25 20:46 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-09 15:01 - 2015-08-25 16:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-09 17:31 - 2015-01-08 10:20 - 00013312 _____ () C:\Windows\SysWOW64\SMITSC.exe 2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Users\Matthias\FileZilla FTP Client\fzshellext_64.dll 2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2013-08-02 00:24 - 2013-08-02 00:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe 2015-09-15 14:25 - 2015-09-15 14:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-21 16:54 - 2015-09-12 17:38 - 01294336 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\system\rads_user_kernel.exe 2015-09-16 17:58 - 2015-09-16 17:58 - 02221048 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_launcher\releases\0.0.0.255\deploy\LoLLauncher.exe 2015-09-16 17:58 - 2015-09-16 17:58 - 04049400 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\LoLPatcher.exe 2015-09-12 17:46 - 2015-09-12 17:46 - 00074752 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\LolClient.exe 2014-06-10 10:23 - 2014-10-19 23:27 - 00564224 _____ () C:\MinGWold\msys\1.0\bin\sh.exe 2015-09-12 18:22 - 2015-09-16 18:00 - 18570744 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\solutions\lol_game_client_sln\releases\0.0.1.105\deploy\League of Legends.exe 2014-01-09 14:54 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-03-31 16:03 - 2015-08-27 02:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2013-12-23 13:33 - 2015-08-25 20:46 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2012-05-07 12:55 - 2012-05-07 12:55 - 00178104 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll 2015-09-16 17:58 - 2015-09-16 17:58 - 01581048 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_patcher\releases\0.0.0.39\deploy\RiotLauncher.dll 2015-09-12 17:41 - 2015-09-12 17:41 - 04774248 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\projects\lol_air_client\releases\0.0.1.160\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll 2015-09-19 01:03 - 2015-09-18 23:58 - 00143872 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\nslog\build\Release\nslog.node 2015-09-19 01:02 - 2015-09-19 01:01 - 01423360 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\libglesv2.dll 2015-09-19 01:02 - 2015-09-19 01:01 - 00011776 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\libegl.dll 2015-09-19 01:03 - 2015-09-18 23:58 - 00123904 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\pathwatcher\build\Release\pathwatcher.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00102912 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\atom-keymap\node_modules\keyboard-layout\build\Release\keyboard-layout-observer.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00124416 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\atom-keymap\node_modules\pathwatcher\build\Release\pathwatcher.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00318976 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\oniguruma\build\Release\onig_scanner.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00124416 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\text-buffer\node_modules\pathwatcher\build\Release\pathwatcher.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00103424 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\scrollbar-style\build\Release\scrollbar-style-observer.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00778240 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\git-utils\build\Release\git.node 2015-09-19 01:03 - 2015-09-18 23:58 - 00378368 _____ () C:\Users\Matthias\AppData\Local\atom\app-1.0.15\resources\app.asar.unpacked\node_modules\spell-check\node_modules\spellchecker\build\Release\spellchecker.node 2014-06-10 10:23 - 2010-02-02 00:29 - 00072192 _____ () C:\MinGWold\msys\1.0\bin\msys-regex-1.dll 2014-06-10 10:23 - 2010-02-01 03:44 - 00036864 _____ () C:\MinGWold\msys\1.0\bin\msys-termcap-0.dll 2015-09-12 18:22 - 2015-09-16 18:00 - 01581560 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\solutions\lol_game_client_sln\releases\0.0.1.105\deploy\RiotLauncher.dll 2015-09-12 17:39 - 2015-09-16 17:58 - 01649144 _____ () C:\Users\Matthias\Programming\CoffeScript\LoL\RADS\RiotRadsIO.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthias\Pictures\Wallpapers\fantasy_space-wide.jpg HKU\S-1-5-21-1176592850-2972094272-1075556021-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Toshiba\standard.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" HKU\S-1-5-21-1176592850-2972094272-1075556021-1002\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2CD07E91-45BA-4E3F-A259-C895FCE18E87}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{34BE7119-A0FC-4FE4-86DF-363A4CECB88F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{AF34F286-D165-4CF3-9D93-EDBDC2DFA5E4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{0CAA4BEA-7B40-4551-938E-6094F6A62B0E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{A51F5C99-C64D-4B09-BD8D-380090600945}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{CF9D0B2E-BBAD-49C4-B595-9049EEBD6E85}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{17CA0496-AC76-4280-8AF3-69DC7D0612F9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{F9C992D8-4EDD-4A56-8F54-CA9F48445E25}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [TCP Query User{3D342DC3-E7A7-43F5-9F48-93F975E8B8DE}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{4EB400F6-8A87-4CC5-9DD1-0C53A6192DC4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{585945A1-F00D-4203-95EB-5E22B1E52EB1}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{F0176762-6462-4697-BAB9-9E6650733BB2}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{D93C50F8-A977-4D50-95C9-1B3710EC537D}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe FirewallRules: [UDP Query User{B03D5EE2-F33C-41AD-9EC5-7B4CD074B9BC}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe FirewallRules: [TCP Query User{37EE1BAF-FE3D-4878-A219-FE3405B7D05E}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A4110CD2-6B4F-4DCB-B272-B55B86B993B7}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{650ABB4B-C1E9-42B3-B893-B029DE7BE56A}C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{584DC96D-29C7-4F25-ABC1-A6CA6AEC390B}C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{E2D4FA44-E739-4489-BAD7-789F641484A1}C:\users\matthias\programming\xampp\apache\bin\httpd.exe] => (Allow) C:\users\matthias\programming\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{005BE7CA-EFD8-4984-89BA-CABC41473287}C:\users\matthias\programming\xampp\apache\bin\httpd.exe] => (Allow) C:\users\matthias\programming\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{AD93162D-7C2B-4642-A868-7F8A24DF06A7}C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe] => (Allow) C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{AA09C223-7CD4-41AA-8236-1479E07961A9}C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe] => (Allow) C:\users\matthias\programming\xampp\mysql\bin\mysqld.exe FirewallRules: [{B8F816F8-11E3-4087-B939-E674A9A744B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D1852A83-0A47-4C33-A2F3-A7F073B9DE55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B4BB364D-2905-425D-80D6-F0204B26EF91}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{67428DD1-0C9A-4293-AF6E-87620CC7C070}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EF928F60-9C6F-4D75-9BD1-2842F7F0D47A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{247A38B7-251D-4D94-93BC-9BDC5AFC5E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{1C0FCEA9-CADA-4E67-95EB-217D0616135E}E:\xampplite\apache\bin\apache.exe] => (Block) E:\xampplite\apache\bin\apache.exe FirewallRules: [UDP Query User{80359055-CEA0-42EB-9E96-9F244A155CE1}E:\xampplite\apache\bin\apache.exe] => (Block) E:\xampplite\apache\bin\apache.exe FirewallRules: [TCP Query User{4248F06B-3FBC-4244-97DD-8BB449B81E2E}E:\xampplite\mysql\bin\mysqld.exe] => (Block) E:\xampplite\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{DE679317-B26C-4949-BA21-7FCBB11E6FD0}E:\xampplite\mysql\bin\mysqld.exe] => (Block) E:\xampplite\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{93B031D5-93A3-49B3-8445-FFF33EE99550}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{441D5BA9-6959-48FB-806F-82DA1CF45AAF}C:\users\matthias\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\matthias\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E0E55DE1-71E4-4E5C-A896-6B2A9FDF308E}C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe] => (Block) C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe FirewallRules: [UDP Query User{CFB5745B-B1E2-4B7A-9359-722D03C63376}C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe] => (Block) C:\users\matthias\programming\sfml-game-development-book-master\10-network\release\10-network.exe FirewallRules: [TCP Query User{9DFEC015-54C5-4316-93DB-C1450B9FA2A7}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{F834D38E-ED3D-4284-917D-CE05A4A65FDC}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{AA84B6F9-E22E-4771-AB22-4D2E81EB41FA}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{9C185C5F-F249-4107-A81E-9462BFBA7C91}C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe] => (Block) C:\users\matthias\programming\coffeescript\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{B4D16CBB-EEB8-469D-A4CE-F45351481312}F:\xampplite\apache\bin\apache.exe] => (Allow) F:\xampplite\apache\bin\apache.exe FirewallRules: [UDP Query User{EB716B6B-5800-474B-B21A-1E944A96ADEA}F:\xampplite\apache\bin\apache.exe] => (Allow) F:\xampplite\apache\bin\apache.exe FirewallRules: [TCP Query User{706A6D8C-2EC2-47AC-BFEB-6081E5392661}F:\xampplite\mysql\bin\mysqld.exe] => (Allow) F:\xampplite\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{C2129F97-09CC-42F0-AD05-FAE4B8F84243}F:\xampplite\mysql\bin\mysqld.exe] => (Allow) F:\xampplite\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{D028E132-B9DE-45B1-A3C5-21515894C6D8}E:\portable python 2.7.6.1\app\python.exe] => (Block) E:\portable python 2.7.6.1\app\python.exe FirewallRules: [UDP Query User{80E03E5C-B774-4550-BFD3-74A8EF394625}E:\portable python 2.7.6.1\app\python.exe] => (Block) E:\portable python 2.7.6.1\app\python.exe FirewallRules: [TCP Query User{424F3512-5004-45C3-8C87-D3F05256F10D}E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe] => (Block) E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe FirewallRules: [UDP Query User{A97078E1-2344-4D79-BBEE-0E1D2971ADA9}E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe] => (Block) E:\portable python 2.7.6.1\app\pycharm\bin\pycharm.exe FirewallRules: [TCP Query User{A03958F4-8EB8-4F89-B6F9-88DAC4D796CD}C:\python34\python.exe] => (Block) C:\python34\python.exe FirewallRules: [UDP Query User{AA72A32E-7EA6-47A6-B61C-C6F6232FA049}C:\python34\python.exe] => (Block) C:\python34\python.exe FirewallRules: [{4D6A918A-222C-4A32-AA74-6A91F094CEA5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe FirewallRules: [TCP Query User{D5A9BB6D-58F1-4F6B-945C-C6C9902737E1}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{2C64E8C0-694D-458B-AF5F-AD89CDBC9C97}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{2BA7EA32-CD36-493C-A930-50F9BB4B7F33}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{46611372-DD68-4F8D-B88F-0BDAA271ABD8}C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\users\matthias\programming\coffeescript\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [TCP Query User{8520A711-438C-454E-A39A-F360401C1ECF}C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{5B42A3DE-677F-49F0-A77B-190345E49C61}C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\users\matthias\programming\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{DBAA0C5E-A25D-485A-90D8-4B2E91769A30}C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe] => (Allow) C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe FirewallRules: [UDP Query User{D2567B9A-3965-47D9-A60B-2955A7A159FA}C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe] => (Allow) C:\users\matthias\programming\c++libs\poco\bin\timeserver.exe FirewallRules: [TCP Query User{A9627B1F-85F1-48F1-9AC6-9F3A419A3BE7}C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [UDP Query User{9938E502-7241-4134-A9EA-7E908BDE37AE}C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{322D17CE-5C13-470E-AEAA-F17D2B61721D}] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{C6DF6284-9667-419A-919A-8572D9D0CEE2}] => (Allow) C:\users\matthias\filezillaportable\app\filezilla\filezilla.exe FirewallRules: [{E9556089-9CA1-43BB-8C71-304D0F144A14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{656D703C-C7F2-43BF-B1BA-5E10D0CCB67D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{E127E3C0-87D6-4071-A40C-9222448CE333}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Block) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [UDP Query User{0F98269C-832C-4D13-B731-027C413FE845}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe] => (Block) C:\program files (x86)\thq\titan quest immortal throne\tqit.exe FirewallRules: [TCP Query User{3C83BD9E-1994-4045-8F00-98800A68E2B5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{D1042054-23CF-451F-9CD1-EA0AEF5E33FF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{65FF9328-E93C-47A4-AE56-FB2902BBBFBB}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\Hearthstone\Battle.net\Battle.net.exe FirewallRules: [{8BD63C85-44E2-4B00-A864-0413D8DB9EB3}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\Hearthstone\Battle.net\Battle.net.exe FirewallRules: [{38B0F747-8AF6-45DE-8164-3A038C2E5D36}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{4F9B221B-1BFB-4871-98E5-B96B1422DFDA}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{AE631DB4-FA7D-46F4-B1B2-3E1034FE734F}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{8BE7F6F5-A5FD-4B51-9D38-1C3D891D5880}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\lol.launcher.exe FirewallRules: [{270A14F5-28E7-40FF-9C59-C2AFA74227D5}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{E381EC0E-871E-4C09-822C-DB51B7CBAA19}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{34AFF7EB-191F-43E9-9DCB-EF192FDDE84A}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{32562A2B-F702-496A-B43D-EC0064541018}] => (Allow) C:\Users\Matthias\Programming\CoffeeScript\RADS\solutions\lol_game_client_sln\releases\0.0.1.88\deploy\League of Legends.exe FirewallRules: [{4CD54D25-A91A-4CC1-A7CB-CF91CBD4CD34}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{06AA4278-E574-40B6-8DE2-E6220D782F9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0D74D6B5-5214-4C16-ABAF-2A2DB940A12A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{0BA1FADE-A7AC-473F-8391-A3DDFF0F4694}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{3CEA4925-F886-49D5-A84E-00B7667F6F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3CA3BE4D-5082-411D-8CEE-CF899F671506}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{62C1D468-17BF-433B-B271-6C50BA2CFE5A}C:\users\matthias\webdev\nodejs\node.exe] => (Allow) C:\users\matthias\webdev\nodejs\node.exe FirewallRules: [UDP Query User{464B0FFF-4DB5-4410-B163-A4D85CDEB02D}C:\users\matthias\webdev\nodejs\node.exe] => (Allow) C:\users\matthias\webdev\nodejs\node.exe FirewallRules: [TCP Query User{DD179B08-5C70-4B82-869A-7C41326F09B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3391D3C5-384A-44BA-9131-7F655F8CD964}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{4A567E09-2434-4E8C-9F3F-E4100A0A3BA1}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe FirewallRules: [UDP Query User{A5594166-7133-46FA-943C-9B68351C65D9}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe FirewallRules: [TCP Query User{E469B88B-A355-4B77-8005-FCB3D2E72F3F}C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe] => (Allow) C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe FirewallRules: [UDP Query User{A41D7CC6-A56D-4DEE-B023-38132C0F0748}C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe] => (Allow) C:\users\matthias\downloads\phonegap-desktop-beta-0.1.9-win\win32\phonegap.exe FirewallRules: [{5883221A-A4BF-4876-8CE8-8B2F6256C7D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1BA9B1D7-5BCF-4535-B282-EE18862B80C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{96770D26-EC8D-4DD5-97A9-042A303A8834}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{56328845-142A-4874-ACD8-05E113A60E4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5725F639-8935-4A52-9DEB-A2B8FC8A9C7C}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Intel(R) 8 Series/C220 Series USB EHCI #1 - 8C26 Description: Intel(R) 8 Series/C220 Series USB EHCI #1 - 8C26 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/20/2015 07:30:45 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 07:26:31 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 02:52:31 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 02:52:28 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 02:52:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 02:52:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 02:52:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (09/20/2015 11:04:06 AM) (Source: Service1) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.Runtime.InteropServices.COMException (0x80010002): Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementEventWatcher.Initialize() bei System.Management.ManagementEventWatcher.Start() bei dts_apo_service.Service1.StartRegistryWatcher() bei dts_apo_service.Service1.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (09/20/2015 01:30:34 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: ) Description: Das folgende Modul konnte die Verarbeitung nicht beenden: Softwareaktualisierungen. Fehler: Vorgang fehlgeschlagen. Error: (09/19/2015 09:42:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LoLPatcher.exe, Version: 0.25.0.929, Zeitstempel: 0x55f0ed25 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00014598 ID des fehlerhaften Prozesses: 0x9c0 Startzeit der fehlerhaften Anwendung: 0xLoLPatcher.exe0 Pfad der fehlerhaften Anwendung: LoLPatcher.exe1 Pfad des fehlerhaften Moduls: LoLPatcher.exe2 Berichtskennung: LoLPatcher.exe3 Vollständiger Name des fehlerhaften Pakets: LoLPatcher.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LoLPatcher.exe5 Systemfehler: ============= Error: (09/20/2015 02:59:43 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/20/2015 02:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (09/20/2015 02:54:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (09/20/2015 02:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (09/20/2015 02:54:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (09/20/2015 02:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (09/20/2015 02:54:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (09/20/2015 02:50:31 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/20/2015 02:50:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\mpfilt.sys Error: (09/20/2015 11:05:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 CodeIntegrity: =================================== Date: 2015-09-20 11:05:07.335 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 19:30:30.743 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 17:25:52.566 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 12:29:25.873 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-19 00:54:10.422 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-14 21:37:15.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:14.831 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:14.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:06.314 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2015-09-14 21:37:06.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Prozentuale Nutzung des RAM: 31% Installierter physikalischer RAM: 16308.09 MB Verfügbarer physikalischer RAM: 11223.54 MB Summe virtueller Speicher: 18740.09 MB Verfügbarer virtueller Speicher: 12969.32 MB ==================== Laufwerke ================================ Drive c: (TI31250700A) (Fixed) (Total:695.07 GB) (Free:489.53 GB) NTFS Drive d: (TQGOLD) (CDROM) (Total:4.39 GB) (Free:0 GB) UDF Drive e: (TOSHIBA_DRIVE) (Fixed) (Total:931.51 GB) (Free:864.52 GB) NTFS Drive f: (M STAUBER) (Removable) (Total:3.68 GB) (Free:2.55 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D58103B8) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================ |
21.09.2015, 18:32 | #9 |
/// the machine /// TB-Ausbilder | Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen Das ist ne Fehlanzeige in Securitycheck Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.09.2015, 20:11 | #10 |
| Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen Hallo schrauber, nochmals vielen Dank für deine Hilfe. Finde ich schon interessant, dass zwei verschiedene Scanner da Alarm geschlagen haben. Wie kann es denn zu sowas kommen? LG SoftDrive |
22.09.2015, 19:05 | #11 |
/// the machine /// TB-Ausbilder | Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen Was genau meinst Du jetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Malwarebytes-Free Scan: Trojan.Siredef.C - Bedrohung entfernen |
anti-malware, durchgeführt, entfernen, erkannt, interne, internet, kostenlose, logfile, malwarebytes, malwarebytes anti-malware, problem, quarantäne, rechner, schonmal, trojan.siredef.c, trojaner, trojaner board, verschieben, websites, windows |