| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Datenträgerauslastung permanent auf 100%, PC bootet kaum und arbeitet sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.09.2015, 05:01
| #1 |
| |  Datenträgerauslastung permanent auf 100%, PC bootet kaum und arbeitet sehr langsam Hallo, ich bin verzweifelt und hoffe sehr hier Hilfe zu erhalten. Seit Dienstag habe ich ein großes Porblem mit meinem PC. Ich kenne mich mit PCs kaum aus habe aber dennoch die Vermutung das ich einen Virus habe oder die Festplatte kaputt ist. Zum Problem: Die Datenträgerauslastung im Task Manager ist permanent bei 100% und der PC ist so langsam das man ihn praktisch nicht nutzen kann. Ich habe, bevor ich diesen Thread gestartet habe, die Anweisungen befolgt und mit den von euch empfohlenen Programmen Logdateien erstellt. Wichtig: Einen Gmer-Bericht zu erstellen war mir leider nicht möglich da der Rechner mittendrin abgestürzt ist und das anschließende Booten ungelogen 2 Stunden (!) nach mehrmaligem versuchen gedauert hat. Ich habe aber die anderen Logdateien und hoffe sie helfen weiter :-( Ich habe die Festplatte auf Fehler überprüft. Es wurden keine festgestellt. Ich habe McAfee Scnellscan drüberlaufen lassen: kein Virus gefunden. Für einen vollständigen Scan war der Rechner leider wieder zu langsam und es hätte Tage/Wochen gedauert. Hier die Logfiles: Addition.txt: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Daniel (2015-09-24 22:42:58)
Gestartet von C:\Users\Daniel\Desktop
Windows 10 Home (X64) (2015-07-29 17:36:23)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3290045252-3424657786-848572120-500 - Administrator - Disabled)
Daniel (S-1-5-21-3290045252-3424657786-848572120-1000 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-3290045252-3424657786-848572120-503 - Limited - Disabled)
Gast (S-1-5-21-3290045252-3424657786-848572120-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3290045252-3424657786-848572120-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.1 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DA9FFDE7-5474-DE51-8729-76A31DB5682B}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version: - SQUARE ENIX)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 10.0.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
MagicYUV Lossless Video Codec version 1.1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.1 - INNOMAGIC Bt.)
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B6B4D918-A667-48D2-9AB6-FAF34FB25223}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.161 - McAfee, Inc.)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.465.1 - proDAD GmbH)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 9.0.0.0 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.014 - MSI)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Trust GXT Gaming Headset (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Trust GXT Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 2.0.01.13 - Trust)
Unity Web Player (HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.2.0 - UMEZAWA Takeshi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.126 - MSI)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3290045252-3424657786-848572120-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-170F5F5A3E94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-3290045252-3424657786-848572120-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Wiederherstellungspunkte =========================
09-09-2015 13:07:07 Windows Update
11-09-2015 12:29:16 DirectX wurde installiert
20-09-2015 08:04:36 Geplanter Prüfpunkt
22-09-2015 04:01:20 Camtasia Studio 8 wird entfernt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01D02A45-F3DD-43EA-8BE3-E957A09C4CEC} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> Keine Datei <==== ACHTUNG
Task: {03CF71D3-D2AD-4CEE-8070-2E26393AD3CC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0AD464AC-960D-4B17-A7E3-A991FCA4FEDA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {0CEC1E40-BD1F-4A22-B723-A42E93796902} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0F3543F2-DE58-4975-9865-FCACF8C3B244} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {107B77E2-0288-413F-AF65-B72757EDFEC6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {16D8FA47-823F-4D48-9F42-F238A8D95683} - System32\Tasks\{896C1BCB-A3AA-4D80-AC1D-E73311EE3822} => D:\Driver\USB\CmDrvRmU.exe
Task: {18F8FEB5-D0A3-4AF2-B053-7A60721154AE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1BC29554-7EFC-4A33-B53D-577F548F87A4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {1E04F520-04C0-4496-BC9E-4B3FE88FA846} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {26FB93D1-B16A-4261-B478-87FDD73DD0D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2B514A46-E01E-41B0-B0BC-564B54D88041} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {330C7902-B64E-4916-A02F-E12BD3DAE997} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {4E56B8CF-3A52-4AE1-8EA4-D9693CFB538E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {4EBF3510-EF4D-4A3A-8D46-ED3077CCE6E2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5B6D8C6E-F7C0-47BD-82EB-39B5261A21C7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5B79F223-5600-4E37-868B-A07AAFAAD690} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {68C30FED-1875-4136-BF2B-A066415F3D81} - System32\Tasks\{5AEBB083-66D0-4188-8A98-55DED5109C6A} => C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Task: {7B0F9A2B-DBB1-417B-BC0E-9FB6DADB9F68} - System32\Tasks\{39181EFE-83CC-4966-8021-BCB6A8223EEF} => C:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU Launcher.exe
Task: {819F4BC5-A441-43AF-9922-CC46BF16CF6C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8E36BFCE-D687-462F-B4BC-4E103FB33EC7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {8EE3FAEF-99FC-4170-AC20-7DB0D89BEB92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {92B9EE41-FEF0-4337-86BB-6EBF24EF9A02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {9429FDDE-5804-497B-ABC5-B54D3C8B68B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {9511C7F6-8B85-449B-B200-1F895B5032F0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {99AEC417-C468-4387-BFD9-C01560327DCA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {A26692E1-C809-4D4C-BBB1-E018D9FDE85A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A7A42C3B-1E96-44B3-BC61-89304BC44EDB} - System32\Tasks\{86FED63A-7419-4FB4-8598-6531F225CE53} => pcalua.exe -a C:\Users\Daniel\Desktop\GTAIV_TU5.exe -d C:\Users\Daniel\Desktop
Task: {B23D5CEE-7026-4407-8CC0-97C67E5983D8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B372339B-C720-4D6F-9046-7B515D632C4A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B4AE252C-87C2-4A1B-B964-2669F6993774} - System32\Tasks\{57FF362F-D869-49CF-8A86-33A2ACB3701B} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe
Task: {B653080C-CD19-4E55-B5A6-A0A582057486} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B9B87874-3F93-4AE8-887D-699B43F6C092} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-daniel.blumberg@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {C3715D10-8E88-470D-9B46-FFF0A4269AD8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C52774E4-FCD7-4931-80C8-8C8863B1305B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {CF81A715-72C0-412F-A591-5609AE62B7B4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D2F6270C-444D-4192-BF02-5A635EB48976} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {DE5E067E-5CAC-42A8-B8D9-87DBD2C7E313} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EE35B613-E8E0-431B-8D4A-26D8750B49F8} - System32\Tasks\{A21E56D4-E5D5-4B6B-ACB3-CAD5E554F166} => D:\Setup.exe
Task: {EEA520E2-3EE7-4303-8243-7665C8B83240} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {F2EECCF6-411A-45DC-9E62-A43C712A89B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F414D98A-790B-45F3-9ED1-95B54C3A638B} - System32\Tasks\{639E8D91-B320-4FA2-B163-9FC4D1807C92} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-29 20:01 - 2015-07-29 20:01 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 17:38 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-08-29 11:26 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 11:26 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 12:34 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 17:38 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 12:34 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-03 15:59 - 2015-08-03 15:59 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-08-19 17:38 - 2015-08-11 11:10 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-03-29 12:29 - 2015-03-29 12:29 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-07-22 15:32 - 2015-07-22 15:32 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-09-22 02:51 - 2015-09-19 00:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
2015-09-22 02:51 - 2015-09-19 00:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\0c0755adde552fb7ac6db5bb33:Win32App
AlternateDataStreams: C:\1464926e2d0f8d8f0c03a8f07b:Win32App
AlternateDataStreams: C:\3dc5cf3ae27a35ab3bbf2eaa7807:Win32App
AlternateDataStreams: C:\3e94fee5040caf58dfaed29561bf6b:Win32App
AlternateDataStreams: C:\5fe2d935482ad67561aba9e5f1f20b91:Win32App
AlternateDataStreams: C:\713c7990491c6178d504:Win32App
AlternateDataStreams: C:\737c0df51a666679a5e716d6:Win32App
AlternateDataStreams: C:\7da3071c344592fe1ee34caec404:Win32App
AlternateDataStreams: C:\a391f7ef64caeec4f7a346d5:Win32App
AlternateDataStreams: C:\a9029ce0333f022f1558:Win32App
AlternateDataStreams: C:\b7807027b5804b4fc79a9127e30e8793:Win32App
AlternateDataStreams: C:\ba2dc272ccbee51de7ef05:Win32App
AlternateDataStreams: C:\de54bf7a44920f2bdbf6926ad7ff9b:Win32App
AlternateDataStreams: C:\winki:Win32App
AlternateDataStreams: C:\Program Files\AMD:Win32App
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files\McAfee:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files\proDAD:Win32App
AlternateDataStreams: C:\Program Files\TeamSpeak 3 Client:Win32App
AlternateDataStreams: C:\Program Files\utvideo:Win32App
AlternateDataStreams: C:\Program Files\WinRAR:Win32App
AlternateDataStreams: C:\Program Files (x86)\AC3Filter:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD APP:Win32App
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App
AlternateDataStreams: C:\Program Files (x86)\Ffmpeg For Audacity:Win32App
AlternateDataStreams: C:\Program Files (x86)\FileZilla FTP Client:Win32App
AlternateDataStreams: C:\Program Files (x86)\K-Lite Codec Pack:Win32App
AlternateDataStreams: C:\Program Files (x86)\MagicYUV:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft Expression:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App
AlternateDataStreams: C:\Program Files (x86)\OpenOffice.org 3:Win32App
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App
AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App
AlternateDataStreams: C:\Program Files (x86)\Trust GXT Gaming Headset:Win32App
AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App
AlternateDataStreams: C:\ProgramData\MAGIX:Win32App
AlternateDataStreams: C:\Users\Daniel\AppData\Local\JDownloader v2.0:Win32App
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\New-Star-Wars-1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Facebook Update => "C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8BB32414-22B0-42F9-87FA-C600477CAE2A}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{7FA290FF-76B0-45F4-BA28-F4C387CCDC97}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{0A269937-A588-41B1-89CE-FAD43EF9D2B7}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{56D266B9-92B6-4194-B08D-CBAF2C8CDEB4}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{ACA25A2F-98CB-4C81-82EE-12C12E1F9D01}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{90826C90-5496-4404-B260-0F4E61C4E0B5}] => (Allow) C:\Users\Daniel\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{D835A564-FC0C-49A0-B3B2-36ECA18F9A1A}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{2EAA7623-4ED1-4EF7-AC34-0F8DD15B8246}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{B4522B06-0D7B-4CE1-8C42-378944E2C631}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{242F7449-D839-4C7C-A68B-80B15C6C35C8}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{8268CBAE-084A-432E-A472-CCB2D91A2A9F}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{A3F8283A-0DFC-46B1-B6B3-60AB3131F772}] => (Allow) C:\Users\Daniel\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{83CC8F61-4C88-4557-A6BC-30D0B4212872}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{60E3BB8A-461B-4416-A5DB-05B98F19C078}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{4D60BB19-E6BE-407B-9710-81FFA6D2E4FB}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{D47E8992-3A30-4269-A9B7-624845A61E61}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{793E9647-FEEA-483C-AFED-ABF776A474A4}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{7ADFBB91-481D-4E12-AFFF-48166C22341B}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{0E1A7ABE-5A2A-4B16-B1CB-1E331957AF57}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{748009C7-402A-4AFC-BB51-83FBF7BFD0DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{EC436F28-395D-4E23-B4FC-ED4374D3B4E9}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FEE96E08-BD65-4881-9EEB-BC4BA332731D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{6F6A659D-DCF8-4460-A9D4-8A860D19A79E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{4F9ECF1F-7367-4E9F-846C-5A1901F029A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [UDP Query User{FAA1FAD4-3292-46EA-8D8B-967E2EEC377A}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{4164E278-3EE2-4E19-A6EA-25CDA5AC0BE2}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [{0387CE19-EA89-4515-BD27-06389FC148BB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{B73E6719-43B5-42C3-BE33-869637A69C08}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BE7763D4-1F63-4382-811E-A61CC4DDCA76}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D0F5BB53-21F6-4259-BEE2-DBA43B354265}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{86C14710-832F-4D7F-BFF7-7732B757D86D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{05E01BCC-0A5D-4456-8918-4F5C2CBD9E14}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E6F8195-3C5C-4505-BC07-B68E9DB2426F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4A16793-DF20-494C-BE7A-DF9681DE08D0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{0BFE05D4-2952-4E9F-8274-6E0880A67207}C:\program files (x86)\arma iii\arma3.exe] => (Allow) C:\program files (x86)\arma iii\arma3.exe
FirewallRules: [TCP Query User{11049CDF-0C7F-4FD3-A419-97C0A3A132BA}C:\program files (x86)\arma iii\arma3.exe] => (Allow) C:\program files (x86)\arma iii\arma3.exe
FirewallRules: [UDP Query User{82916218-0049-434C-962D-AD71901FC20E}C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe] => (Allow) C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe
FirewallRules: [TCP Query User{B1B89488-9831-472E-99A6-AF85547B7AE8}C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe] => (Allow) C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe
FirewallRules: [{641C44DF-396F-40A2-B21E-7D3599B77F8F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{59EE68FE-0C3D-4B11-9532-34726CAB8720}C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe] => (Allow) C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe
FirewallRules: [TCP Query User{83589CDA-5BE1-42F7-A8E5-E5E22D5F5008}C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe] => (Allow) C:\program files (x86)\konami\pro evolution soccer 2014\pes2014.exe
FirewallRules: [{DAE7D97B-4D8A-4514-87EF-F44E7BD2F893}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84B1BDB0-F5CD-48BF-8728-0A7589C2AF6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{B1F91F36-4C4E-4A4F-B6EB-97FB0A5833D9}C:\users\daniel\desktop\leechftp.exe] => (Allow) C:\users\daniel\desktop\leechftp.exe
FirewallRules: [TCP Query User{397D690A-1B22-452E-9BAA-8D488D121F8C}C:\users\daniel\desktop\leechftp.exe] => (Allow) C:\users\daniel\desktop\leechftp.exe
FirewallRules: [UDP Query User{C662AD77-FF16-4759-ACDE-FB9A10AF40AD}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{92B5C138-BB80-47BB-AA40-3FE7FD86FC30}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{49CA7979-B218-4558-8960-65D8AB1B15F1}] => (Allow) LPort=1900
FirewallRules: [{F71B24F1-B013-49EC-B0B5-E43D50AC7968}] => (Allow) LPort=2869
FirewallRules: [{EDF53615-11E3-4281-BE15-DF4C494F7C50}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{94AA646F-349F-4D65-A857-0D9B449DBB54}] => (Allow) C:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F6904F80-423F-4910-A36D-D3045B30BA63}] => (Allow) C:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6323BC8C-8CC3-4B8F-A9AC-503E1075E948}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{BBCCBA59-BFFD-42A5-9F1A-C0AAD591C1FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{A1BA0DFE-44D5-42CD-9A50-FF7BED6EF9DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{BF8CCAB3-83C7-4511-B333-1DC1780EF7F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{378725FF-C70A-4C50-A21F-469159C04CDC}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe
FirewallRules: [{CC4119B2-08B5-4BDB-91FC-9A01984B4E93}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 13\Manager13.exe
FirewallRules: [{D6D1907A-9C78-4C64-BCAE-FE26362AE8FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/24/2015 09:39:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/23/2015 11:30:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/23/2015 07:06:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/23/2015 05:24:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/23/2015 05:16:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/22/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/22/2015 04:01:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (09/21/2015 07:16:53 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8088) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/21/2015 07:16:53 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8088) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/21/2015 07:16:43 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8088) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Systemfehler:
=============
Error: (09/24/2015 07:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Geräteinstallations-Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/24/2015 07:02:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst DsmSvc erreicht.
Error: (09/24/2015 07:02:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (09/24/2015 07:00:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/24/2015 06:59:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2015 06:57:19 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/24/2015 06:59:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.09.2015 um 09:12:16 unerwartet heruntergefahren.
Error: (09/24/2015 09:39:43 AM) (Source: DCOM) (EventID: 10010) (User: DANIEL-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (09/24/2015 09:39:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2015 09:39:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2015-09-11 20:04:58.354
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-09-11 20:04:58.221
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-09-11 20:03:04.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-09-11 20:03:04.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-23 08:35:13.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-23 08:35:13.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-23 08:34:14.089
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-23 08:34:13.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-15 14:19:37.091
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-15 14:19:36.844
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8156.2 MB
Verfügbarer physikalischer RAM: 5573.78 MB
Summe virtueller Speicher: 8556.2 MB
Verfügbarer virtueller Speicher: 5639.88 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:930.97 GB) (Free:623.44 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E4D43C21)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== Ende von Addition.txt ============================
defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:35 on 24/09/2015 (Daniel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von Daniel (Administrator) auf DANIEL-PC (24-09-2015 22:37:09)
Gestartet von C:\Users\Daniel\Desktop
Geladene Profile: Daniel (Verfügbare Profile: Daniel)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-10-23] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2015-08-27]
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5390e291-ca48-44c4-ad1a-ec3232c359c7}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3290045252-3424657786-848572120-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=MSD2&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EzyyD0AyEyEtDyC0EtDtDtN0D0Tzu0CyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=912537331&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=MSD2&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EzyyD0AyEyEtDyC0EtDtDtN0D0Tzu0CyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=912537331&ir=
SearchScopes: HKU\S-1-5-21-3290045252-3424657786-848572120-1000 -> DefaultScope {0B85846D-AD30-4ED0-9B5F-DC06749E9256} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE544D20140623&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3290045252-3424657786-848572120-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=MSD2&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EzyyD0AyEyEtDyC0EtDtDtN0D0Tzu0CyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=912537331&ir=
SearchScopes: HKU\S-1-5-21-3290045252-3424657786-848572120-1000 -> {0B85846D-AD30-4ED0-9B5F-DC06749E9256} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE544D20140623&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3290045252-3424657786-848572120-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CE1FD43D7E95A440&affID=121565&tt=080913_ctrl&tsp=5000
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-08] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\Binaries\NPMPDRM.dll [2011-10-11] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3290045252-3424657786-848572120-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-23]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=MSD2&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EzyyD0AyEyEtDyC0EtDtDtN0D0Tzu0CyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=912537331&ir="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => Keine Datei
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-05-03]
CHR Extension: (Nordic Forest) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amekpplpfocpmaimnmgfjoibodpjedie [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-03]
CHR Extension: (Web Developer) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-15]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-03]
CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-03]
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-23]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-03]
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]
CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]
CHR Extension: (Google Tabellen) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]
CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <kein Path/update_url>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-18]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-18]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-31] () [Datei ist nicht signiert]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-08] (BitRaider, LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-15] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-29] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-06] (Electronic Arts)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-29] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-25] (BitRaider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-08] (DT Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-29] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S4 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-24 22:37 - 2015-09-24 22:41 - 00026571 _____ C:\Users\Daniel\Desktop\FRST.txt
2015-09-24 22:36 - 2015-09-24 22:38 - 00000000 ____D C:\FRST
2015-09-24 22:35 - 2015-09-24 22:36 - 02192384 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2015-09-24 22:34 - 2015-09-24 22:35 - 00000474 _____ C:\Users\Daniel\Desktop\defogger_disable.log
2015-09-24 22:34 - 2015-09-24 22:34 - 00000168 _____ C:\Users\Daniel\defogger_reenable
2015-09-24 22:33 - 2015-09-24 22:33 - 00050477 _____ C:\Users\Daniel\Desktop\Defogger.exe
2015-09-24 21:31 - 2015-09-24 21:31 - 00016148 _____ C:\WINDOWS\system32\DANIEL-PC_Daniel_HistoryPrediction.bin
2015-09-24 20:02 - 2015-09-24 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-23 21:54 - 2015-09-23 21:55 - 00008943 _____ C:\Users\Daniel\Documents\Install STAR WARS The Old Republic.log
2015-09-14 20:25 - 2015-09-21 04:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-09-11 13:20 - 2015-09-11 13:20 - 00000000 ____D C:\Users\Daniel\Documents\BioWare
2015-09-10 08:11 - 2015-09-10 08:14 - 00000000 ____D C:\Users\Daniel\Documents\Fussball Manager 13
2015-09-10 08:09 - 2015-09-10 08:49 - 00002228 _____ C:\Users\Daniel\Desktop\FUSSBALL MANAGER 15-16.lnk
2015-09-10 08:09 - 2015-09-10 08:09 - 00000000 ____D C:\Users\Daniel\Documents\FUSSBALL MANAGER 14
2015-09-10 07:58 - 2015-09-10 07:58 - 00001293 _____ C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk
2015-09-09 04:20 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 04:20 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 04:20 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 04:20 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 04:20 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 04:20 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 04:20 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 04:20 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 04:20 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 04:20 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 04:20 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 04:20 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 04:20 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 04:20 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 04:20 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 04:20 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 04:20 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 04:20 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 04:20 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 04:20 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 04:20 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 04:20 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 04:20 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 04:20 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 04:20 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 04:20 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 04:20 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 04:20 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 04:20 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 04:20 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 04:20 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 04:20 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-29 11:26 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 11:26 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 11:26 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 11:26 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 11:26 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 11:26 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 11:26 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 11:26 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 11:26 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 11:26 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 11:26 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 11:26 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 11:26 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 11:26 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 11:26 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 11:26 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 11:26 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 11:26 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 11:26 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 11:26 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 11:26 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 11:26 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 11:26 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 11:26 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 11:26 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 11:26 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 11:26 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 11:26 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 11:26 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 11:26 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 11:26 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 11:26 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 11:26 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 11:26 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 11:26 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 11:26 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 11:26 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 11:26 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 11:26 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 11:26 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 11:26 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 14:39 - 2015-08-27 14:39 - 00001713 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-08-27 14:39 - 2015-08-27 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-27 12:27 - 2015-08-27 13:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GHISLER
2015-08-27 11:54 - 2015-08-27 11:54 - 00000000 ____D C:\Users\Daniel\licman
2015-08-27 11:54 - 2015-08-27 11:54 - 00000000 ____D C:\Users\Daniel\EREnt64
2015-08-27 11:51 - 2015-08-27 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ontrack EasyRecovery Enterprise
2015-08-27 11:51 - 2015-08-27 13:24 - 00000000 ____D C:\Program Files (x86)\Kroll Ontrack
2015-08-25 09:00 - 2015-08-25 09:00 - 00003670 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-daniel.blumberg@outlook.com
2015-08-25 06:45 - 2015-08-25 06:45 - 00001847 _____ C:\Users\Daniel\Desktop\Adobe Premiere Pro.lnk
2015-08-25 06:18 - 2015-08-25 06:18 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
2015-08-25 05:59 - 2015-08-25 05:59 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2015-08-25 05:58 - 2015-08-25 06:18 - 00000000 ____D C:\Program Files\Adobe
2015-08-25 05:57 - 2015-08-25 06:18 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-25 05:35 - 2015-08-27 17:28 - 00000000 ___RD C:\Users\Daniel\Creative Cloud Files
2015-08-25 05:34 - 2015-09-24 19:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-25 05:34 - 2015-08-25 05:34 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-08-25 05:34 - 2015-08-25 05:34 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-08-25 03:43 - 2015-08-27 14:39 - 00000585 _____ C:\WINDOWS\setupact.log
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\Program Files (x86)\Trust GXT Gaming Headset
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\de54bf7a44920f2bdbf6926ad7ff9b
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\ba2dc272ccbee51de7ef05
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\b7807027b5804b4fc79a9127e30e8793
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\a9029ce0333f022f1558
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\a391f7ef64caeec4f7a346d5
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\7da3071c344592fe1ee34caec404
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\737c0df51a666679a5e716d6
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\713c7990491c6178d504
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\5fe2d935482ad67561aba9e5f1f20b91
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\3e94fee5040caf58dfaed29561bf6b
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\3dc5cf3ae27a35ab3bbf2eaa7807
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\1464926e2d0f8d8f0c03a8f07b
2015-08-25 00:54 - 2015-08-25 00:54 - 00000000 _____ C:\0c0755adde552fb7ac6db5bb33
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-24 22:34 - 2015-07-29 19:13 - 00000000 ____D C:\Users\Daniel
2015-09-24 22:02 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-24 21:50 - 2013-05-03 15:18 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-24 21:01 - 2015-08-01 04:07 - 00006658 _____ C:\WINDOWS\system32\lvcoinst.log
2015-09-24 20:59 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-24 19:08 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-24 19:04 - 2015-07-29 19:12 - 02075858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-24 19:04 - 2015-07-10 18:34 - 00883662 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-24 19:04 - 2015-07-10 18:34 - 00195796 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-24 19:02 - 2013-05-03 15:18 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-24 18:59 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-24 18:58 - 2015-07-29 19:06 - 00030868 _____ C:\WINDOWS\PFRO.log
2015-09-24 02:00 - 2013-05-31 12:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
2015-09-23 22:54 - 2013-05-31 23:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2015-09-23 22:37 - 2013-10-09 05:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Audacity
2015-09-23 21:55 - 2015-07-23 20:34 - 00000000 _____ C:\end
2015-09-23 05:24 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-23 05:10 - 2014-06-23 13:34 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-22 18:35 - 2015-07-29 19:40 - 00000000 ____D C:\Users\Daniel\OneDrive
2015-09-22 17:05 - 2013-05-03 20:00 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-09-22 04:02 - 2013-05-03 15:45 - 00000000 ____D C:\ProgramData\Skype
2015-09-21 20:59 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-20 06:12 - 2015-07-29 19:40 - 00002396 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-20 06:12 - 2013-07-02 05:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2015-09-20 00:02 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-16 10:55 - 2015-07-29 19:36 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2015-09-15 12:11 - 2013-05-03 15:45 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2015-09-15 01:45 - 2013-05-03 15:18 - 00004196 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 01:45 - 2013-05-03 15:18 - 00003964 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 20:27 - 2014-06-23 13:26 - 00000000 ____D C:\ProgramData\McAfee
2015-09-14 20:26 - 2014-06-23 13:26 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-13 18:28 - 2014-04-15 10:37 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-09-13 15:40 - 2014-06-01 00:16 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TS3Client
2015-09-12 07:26 - 2015-06-08 07:15 - 00024005 _____ C:\Users\Daniel\Desktop\tags.odt
2015-09-12 07:09 - 2014-12-30 06:11 - 00000000 ____D C:\Users\Daniel\Desktop\Sonstiges
2015-09-11 16:26 - 2013-10-05 23:09 - 00000000 ____D C:\Users\Daniel\Documents\Camtasia Studio
2015-09-11 13:43 - 2015-07-10 14:20 - 05058568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-11 13:42 - 2013-07-15 11:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-11 13:42 - 2013-07-15 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-11 13:41 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-11 13:41 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-11 13:28 - 2013-05-03 19:58 - 00000000 ____D C:\ProgramData\Origin
2015-09-11 12:30 - 2013-05-03 16:15 - 00455717 _____ C:\WINDOWS\DirectX.log
2015-09-11 01:06 - 2013-05-03 15:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2015-09-10 14:10 - 2013-07-15 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-10 06:08 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-10 01:00 - 2013-12-19 05:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-09 13:13 - 2013-08-15 08:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-06 19:11 - 2013-05-03 19:58 - 00000000 ____D C:\Program Files (x86)\Origin
2015-09-06 17:25 - 2014-02-21 12:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\JDownloader v2.0
2015-09-05 18:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-05 01:01 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-29 12:25 - 2013-05-03 19:33 - 00000000 ____D C:\Fraps
2015-08-29 12:13 - 2013-08-31 16:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\dvdcss
2015-08-27 14:39 - 2015-08-01 04:16 - 00060658 _____ C:\WINDOWS\LDPINST.LOG
2015-08-27 14:39 - 2015-08-01 04:16 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-08-27 13:25 - 2013-05-03 19:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-27 09:30 - 2015-08-01 04:07 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-08-27 09:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-08-27 09:30 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-08-27 09:30 - 2013-05-03 15:20 - 00000000 ___HD C:\SuperChargerProfile
2015-08-27 09:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2015-08-26 18:37 - 2013-05-03 17:23 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-25 08:45 - 2015-07-30 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-08-25 06:18 - 2013-05-03 17:44 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe
2015-08-25 06:05 - 2014-08-03 09:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-25 05:57 - 2015-07-29 19:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-25 05:35 - 2014-08-01 04:32 - 00000000 ___RD C:\Users\Daniel\Creative Cloud Files (1)
2015-08-25 05:35 - 2013-05-03 19:27 - 00000000 ____D C:\ProgramData\Adobe
2015-08-25 05:34 - 2015-05-08 12:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-25 01:52 - 2014-08-31 17:00 - 00000000 ____D C:\Program Files\OBS
2015-08-25 01:52 - 2014-08-31 17:00 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-25 01:50 - 2015-05-01 01:31 - 00000000 ____D C:\Users\Daniel\Documents\Rockstar Games
2015-08-25 01:50 - 2015-04-30 23:46 - 00000000 ____D C:\Program Files\Rockstar Games
2015-08-25 01:50 - 2013-05-11 21:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Rockstar Games
2015-08-25 01:50 - 2013-05-03 15:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-25 01:41 - 2014-07-29 00:10 - 00007605 _____ C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2015-08-25 00:54 - 2015-05-01 01:30 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-08-29 05:16 - 2008-05-07 12:54 - 0043586 _____ () C:\Program Files (x86)\DDLanguage.xml
2013-08-29 05:18 - 2008-05-15 11:42 - 0389120 _____ (Electronic Arts) C:\Program Files (x86)\setup.exe
2013-08-29 05:18 - 2008-05-16 09:33 - 0000085 _____ () C:\Program Files (x86)\setup.ini
2015-08-25 00:54 - 2015-08-25 00:54 - 0000000 _____ () C:\Program Files (x86)\Trust GXT Gaming Headset
2015-08-25 00:54 - 2015-08-25 00:54 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2014-07-29 01:15 - 2014-07-29 02:35 - 0001442 _____ () C:\Users\Daniel\AppData\Roaming\BreakingPoint_Options.ini
2013-05-18 16:42 - 2013-05-18 16:42 - 0000046 _____ () C:\Users\Daniel\AppData\Roaming\Camdata.ini
2013-05-18 16:42 - 2013-05-18 16:42 - 0000408 _____ () C:\Users\Daniel\AppData\Roaming\CamLayout.ini
2013-05-18 16:42 - 2013-05-18 16:42 - 0000408 _____ () C:\Users\Daniel\AppData\Roaming\CamShapes.ini
2013-05-18 16:42 - 2013-05-18 16:42 - 0004510 _____ () C:\Users\Daniel\AppData\Roaming\CamStudio.cfg
2014-02-21 12:41 - 2014-02-21 12:41 - 0000047 _____ () C:\Users\Daniel\AppData\Roaming\WB.CFG
2013-12-23 07:26 - 2014-04-09 08:34 - 0005120 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-03 15:24 - 2013-05-03 15:24 - 0000036 _____ () C:\Users\Daniel\AppData\Local\housecall.guid.cache
2015-04-04 08:49 - 2015-04-04 08:49 - 28579392 _____ (Sony Mobile Communications ) C:\Users\Daniel\AppData\Local\pcc.exe
2014-07-29 00:10 - 2015-08-25 01:41 - 0007605 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2015-07-29 19:10 - 2015-07-29 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\proxy_vole1567800462510171404.dll
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniel\AppData\Local\Temp\tmp4117.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-21 07:27
==================== Ende von FRST.txt ============================
Eine Frage habe ich: Ist es möglich den Virus (falls es einer ist) per Systemwiederherstellung loszuwerden? Besitze mehrere Wiederherstellungspunkte und würde den 20.09.2015 nehmen. Geändert von Daniel300 (25.09.2015 um 01:32 Uhr) |
| Themen zu Datenträgerauslastung permanent auf 100%, PC bootet kaum und arbeitet sehr langsam |
| 100%, avast, booten, datenträgerauslastung, defender, dnsapi.dll, explorer, festplatte, flash player, ftp, home, internet, internet explorer, kaputt, langsam, lws.exe, onedrive, problem, prozesse, registry, rundll, scan, security, server, services.exe, siteadvisor, temp, usb, virus, webadvisor, windowsapps |
Baum-Darstellung