|
Plagegeister aller Art und deren Bekämpfung: FW:Important Mails verschickt, vermutlich Link angeklicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.10.2015, 13:47 | #1 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Hallo zusammen, ich kämpfe nun schon einige Tage damit, dass meine Emailadresse den oben genannten und bekannten Betreff verschickt. Mehrere Passwortänderungen konnten das Problem nicht eindämmen. Ich bin mir nicht 100% sicher ob ich nicht blöderweise einmal den Link angeklickt habe. Nun habe ich große Angst befallen zu sein. Wie in anderen Threads gelesen habe ich eine überprüfung mit FRST durchgeführt, den Code werde ich nun anhängen. Ich hoffe ihr könnt mir Helfen und Tipps geben. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015 durchgeführt von Sven (Administrator) auf SVEN-PC (01-10-2015 13:26:14) Gestartet von E:\Imaginärer Desktop\Downloads Geladene Profile: Sven (Verfügbare Profile: Sven & DefaultAppPool) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe () C:\Windows\SysWOW64\ASGT.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\wuapihost.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Sven\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe (Mozilla Corporation) E:\Mozilla\firefox.exe (Mozilla Corporation) E:\Mozilla\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.) HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-10-12] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Run: [Spotify Web Helper] => C:\Users\Sven\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-05] (Spotify Ltd) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\MountPoints2: {42a026c9-342a-11e4-9c33-806e6f6e6963} - "F:\autorun.exe" Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2013-01-04] ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{b4064000-a755-4536-826f-dd0fcd003147}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e4098305-1e64-4aa0-84a3-af8930013e28}: [DhcpNameServer] 139.7.30.126 139.7.30.125 Internet Explorer: ================== HKU\S-1-5-21-2376779872-2597445691-444311316-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-2376779872-2597445691-444311316-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd URLSearchHook: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> {F8BF49F2-E55D-45A6-AE48-91858F3A84AD} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation) Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-03-28] (ICQ) Toolbar: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default FF Homepage: hxxps://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2376779872-2597445691-444311316-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2376779872-2597445691-444311316-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-15] () FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\google-images.xml [2014-09-16] FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\google-maps.xml [2014-09-16] FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\icqplugin.xml [2015-09-29] FF Extension: Cliqz - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\Extensions\cliqz@cliqz.com.xpi [2014-09-16] FF Extension: New Tab by Yahoo - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-08-07] FF HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\extensions\cliqz@cliqz.com => nicht gefunden StartMenuInternet: FIREFOX.EXE - E:\Mozilla\firefox.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148688 2015-09-24] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [Datei ist nicht signiert] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-07-27] () R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37448 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-10-12] (Intel Corporation) [Datei ist nicht signiert] R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-03-28] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-04] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation) S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-04] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-02-02] () [Datei ist nicht signiert] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-24] (Avira Operations GmbH & Co. KG) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2014-08-14] () [Datei ist nicht signiert] R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-10-12] (Intel Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-02-02] () [Datei ist nicht signiert] R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2015-08-11] (Macrovision Europe Ltd) [Datei ist nicht signiert] S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-01 13:25 - 2015-10-01 13:26 - 00000000 ____D C:\FRST 2015-10-01 13:24 - 2015-10-01 13:24 - 00000000 ____D C:\AdwCleaner 2015-10-01 13:19 - 2015-10-01 13:19 - 00016148 _____ C:\WINDOWS\system32\SVEN-PC_Sven_HistoryPrediction.bin 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\Program Files\iPod 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files\Bonjour 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Program Files (x86)\WestwoodOnline 2015-09-14 18:31 - 2015-09-14 18:31 - 00004096 ____H C:\Users\Sven\AppData\Local\keyfile3.drm 2015-09-12 17:50 - 2015-09-28 15:39 - 00001677 _____ C:\WINDOWS\setupact.log 2015-09-12 17:50 - 2015-09-12 17:50 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-09-11 18:09 - 2015-09-19 17:25 - 00018887 _____ C:\WINDOWS\Directx.log 2015-09-11 18:03 - 2015-10-01 13:19 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Program Files (x86)\directx 2015-09-09 16:29 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-09-09 16:29 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-09-09 16:29 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-09-09 16:29 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-09 16:29 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-09 16:29 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-09-09 16:29 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-09 16:29 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-09-09 16:29 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-09 16:29 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-09 16:29 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-09 16:29 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-09 16:29 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-09 16:29 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-09 16:29 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-09 16:29 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-09-09 16:29 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-09 16:29 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-09 16:29 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-09 16:29 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-09 16:29 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-09 16:29 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-09 16:29 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-09 16:29 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-09 16:29 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-09 16:29 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-01 13:25 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-10-01 13:24 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-10-01 13:22 - 2015-08-31 10:20 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2CBD864-49DA-492E-B3F2-9E4431FFA505} 2015-10-01 13:22 - 2013-01-04 18:11 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-10-01 13:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-01 13:19 - 2013-01-04 17:47 - 00000316 _____ C:\WINDOWS\Tasks\GlaryInitialize.job 2015-10-01 13:19 - 2013-01-04 16:59 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-30 17:41 - 2013-01-04 16:59 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-30 17:13 - 2014-07-13 16:16 - 00000000 ____D C:\Users\Sven\AppData\Local\Battle.net 2015-09-30 16:49 - 2014-07-13 16:16 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-09-28 21:33 - 2015-08-04 12:32 - 02080612 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-28 21:33 - 2015-07-10 18:34 - 00884716 _____ C:\WINDOWS\system32\perfh007.dat 2015-09-28 21:33 - 2015-07-10 18:34 - 00196348 _____ C:\WINDOWS\system32\perfc007.dat 2015-09-28 21:27 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-28 21:27 - 2013-06-09 13:03 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-28 16:55 - 2013-01-04 17:55 - 00000000 ___RD C:\Users\Sven\Desktop\Programme 2015-09-28 16:03 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI 2015-09-28 16:02 - 2015-01-30 12:54 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-09-28 16:02 - 2013-01-07 22:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-28 16:01 - 2013-01-07 22:45 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-24 13:27 - 2015-07-19 19:37 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-09-24 13:27 - 2015-07-19 19:37 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-09-22 22:12 - 2013-01-04 17:49 - 00000000 ____D C:\ProgramData\Origin 2015-09-20 22:11 - 2015-08-04 12:34 - 00000000 ____D C:\Users\Sven 2015-09-20 21:22 - 2013-01-04 20:49 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2015-09-20 21:22 - 2013-01-04 20:49 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-09-20 16:35 - 2013-01-05 18:52 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2015-09-19 17:26 - 2013-01-04 17:56 - 00000000 ____D C:\Users\Sven\Desktop\Spiele 2015-09-17 19:27 - 2013-01-14 20:34 - 00000000 ____D C:\Users\Sven\AppData\Local\Spotify 2015-09-17 19:20 - 2013-01-14 20:34 - 00000000 ____D C:\Users\Sven\AppData\Roaming\Spotify 2015-09-16 14:26 - 2015-08-04 13:18 - 00000000 ____D C:\Users\Sven\AppData\Local\Packages 2015-09-15 19:36 - 2013-01-04 16:59 - 00004192 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-15 19:36 - 2013-01-04 16:59 - 00003960 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-13 22:17 - 2013-04-13 23:38 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc 2015-09-11 18:09 - 2013-01-20 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2015-09-11 17:49 - 2015-07-10 14:20 - 00341624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-11 17:48 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-11 17:48 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-11 14:48 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache 2015-09-09 19:27 - 2015-07-10 12:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll 2015-09-09 19:26 - 2013-01-04 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-09 17:35 - 2013-01-05 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 17:34 - 2013-08-14 15:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-06 21:36 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-09-06 15:46 - 2013-01-04 17:03 - 00090432 _____ C:\Users\Sven\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-06 14:37 - 2015-08-04 13:25 - 00000000 ____D C:\Windows.old 2015-09-02 20:07 - 2015-04-04 01:04 - 00000000 ____D C:\Users\Sven\AppData\Roaming\dvdcss 2015-09-02 16:41 - 2015-08-04 19:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-09-14 18:31 - 2015-09-14 18:31 - 0004096 ____H () C:\Users\Sven\AppData\Local\keyfile3.drm 2014-02-03 18:35 - 2014-02-03 18:35 - 0000836 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel 2013-01-04 17:16 - 2013-01-04 17:16 - 0000017 _____ () C:\Users\Sven\AppData\Local\resmon.resmoncfg 2015-01-18 01:06 - 2015-01-18 01:06 - 0014456 _____ () C:\Users\Sven\AppData\Local\WiDiSetupLog.20150118.000632.wdl 2015-01-18 01:06 - 2015-01-18 01:07 - 0015214 _____ () C:\Users\Sven\AppData\Local\WiDiSetupLog.20150118.000652.wdl 2015-08-04 12:28 - 2015-08-04 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Sven\AppData\Local\Temp\avgnt.exe C:\Users\Sven\AppData\Local\Temp\sqlite3.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary5714788249305721880.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary8971995279134278962.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary9086440515081223896.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-21 15:18 ==================== Ende von FRST.txt ============================ Sven |
01.10.2015, 13:49 | #2 |
| FW:Important Mails verschickt, vermutlich Link angeklicktCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-09-2015 durchgeführt von Sven (2015-10-01 13:26:31) Gestartet von E:\Imaginärer Desktop\Downloads Windows 10 Home (X64) (2015-08-04 11:18:44) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2376779872-2597445691-444311316-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2376779872-2597445691-444311316-503 - Limited - Disabled) Gast (S-1-5-21-2376779872-2597445691-444311316-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2376779872-2597445691-444311316-1006 - Limited - Enabled) Sven (S-1-5-21-2376779872-2597445691-444311316-1000 - Administrator - Enabled) => C:\Users\Sven ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft) ANNO 1404 Venedig Entwickler-Tools (HKLM-x32\...\{13C1E98C-4434-4026-AADB-4A8A348B9402}) (Version: 1.00.0000 - Related Designs) ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Anno 2070 (HKLM-x32\...\Steam App 48240) (Version: - BlueByte) Apple Application Support (32-Bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal) Assassin's Creed(R) III v1.04 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.04 - Ubisoft) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.1.7.1 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.1.7.1 - ASUSTek COMPUTER INC.) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.5.2.34169 - Electronic Arts) Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) C&C - Zero Hour - Full Uncut Patch Final v.2.5 (HKLM-x32\...\C&C - Zero Hour - Full Uncut Patch Final v.2.5) (Version: - ) Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - ) Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version: - ) Canon MP970 series Benutzerregistrierung (HKLM-x32\...\Canon MP970 series Benutzerregistrierung) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) CoH Vire Map Pack (HKLM-x32\...\{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1) (Version: 1.0 - Henry666) Command & Conquer(TM) Generäle (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Command & Conquer(TM) Generäle (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command and Conquer(TM) Generäle Die Stunde Null (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Command and Conquer(TM) Generäle Die Stunde Null (x32 Version: 1.00.0000 - Electronic Arts) Hidden Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - ) Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform) Defy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games) Depth Hunter 2: Deep Dive (HKLM-x32\...\Steam App 248530) (Version: - Biart Company LLC) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DirectX Happy Uninstall v4.1 (HKLM-x32\...\DirectX Happy Uninstall_is1) (Version: - SuperFox Studio) EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) FixMyRegistry (HKLM-x32\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ACHTUNG Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Glary Utilities 2.51.0.1666 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.51.0.1666 - Glarysoft Ltd) Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version: - ) Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG) Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version: - ) Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - ) GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - ) Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve) Heroes of Might & Magic III - HD Edition (HKLM-x32\...\Steam App 297000) (Version: - DotEmu) Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix) ICQ 8.1 (build 6337) (HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ) ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1124 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.6 - Intel) Intel(R) Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.0.0.2003 - Intel Corporation) IsoBuster 3.1 (HKLM-x32\...\IsoBuster_is1) (Version: 3.1 - Smart Projects) iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.) marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - ) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla) Mozilla Firefox 36.0 (x86 de) (HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0 - Mozilla) Mozilla Thunderbird 17.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla) Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla) MTA:SA v1.3.1 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.1 - Multi Theft Auto) Nasty File Remover v0.72 (remove only) (HKLM-x32\...\NFR) (Version: - ) Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - ) Need for Speed™ ProStreet (HKLM-x32\...\{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}) (Version: 1.0.1.0 - Electronic Arts) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.2 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation) NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation) NVIDIA Grafiktreiber 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games) Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version: - PopCap) Peggle Nights (HKLM-x32\...\{6641FD4F-6B9F-47F4-9DEA-9979E79E68D7}) (Version: 1.1.6.5913 - PopCap Games) POSTAL 2 Complete (HKLM-x32\...\Steam App 223470) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Remote Mouse version 2.06 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.06 - Remote Mouse) Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix) Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB) Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian) Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version: - LucasArts) Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios) Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version: - FireFly Studios) Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios) Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios) Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios) System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer) The Crew (Beta) (HKLM-x32\...\Uplay Install 750) (Version: - Ubisoft) The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts) Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games) Unity Web Player (HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech) VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.) Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: - ) Xfire (HKLM-x32\...\Xfire) (Version: - ) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02B7224E-0DF7-4157-8F32-932D31D838CC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {037C24FD-6263-4CBF-BB03-07B9A808AC84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {1035932C-2B17-459D-A76D-E93BFA0DD652} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {12C07E51-1011-444A-ABCC-6B6E7FEE1B87} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {16F131D5-1DB0-41EA-AF27-2CD67FB2DE8E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {174A4FA4-B8DA-4687-A960-29B5C320C6D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated) Task: {17BD6BEC-FC11-4B44-98E8-B64D32B83130} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {2C494AC6-EE98-4992-9C6E-2E0E36462949} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {2D5DA54D-0FFB-4A91-BFEF-84F2D8BBB667} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {2E6599DE-58CD-4F6B-8241-71AFC227E759} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {352CD86B-7CD6-469B-98F1-0FA3D27254A2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {36A02D22-BD8D-430D-AB9C-028FEC4D60D1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {38990072-C7B8-461B-AF79-A1DA3BD982B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {3FDD4125-5AEB-42C7-A5E9-CC317857A116} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {46C34AB6-2DC7-4256-8B17-B44A345EF950} - System32\Tasks\GlaryInitialize => E:\Glary Utilities\Glary Utilities\initialize.exe [2012-11-28] (Glarysoft Ltd) Task: {4CADE8D4-C1DC-472F-8668-B8952AFED8BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {50F16257-FDD9-483F-9098-0DEB2D13876A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {53D64AE4-0384-401C-A505-A41C21B3376B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {5B824DE2-73E6-4CB8-B8DA-D770479C7B86} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {5D6344A7-577E-4758-A15A-ECF5E64B3839} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5EB4BABD-EC1C-4F95-99EE-BA7EDC95A75E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {67233D8C-DB46-44C7-AE7B-2474B1246074} - System32\Tasks\{18E8C04B-E39B-4674-9BE8-E3896DA27154} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/go/help.faq.installer?LastError=1618 Task: {6814CF03-7989-4348-ABD2-4CE22FF837A7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {6F9D585C-2A61-48CD-A36D-56AB1A8D6498} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {70D09F85-08F5-4A46-A7B1-628625D88FC6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {74B787B4-4561-4B59-B125-57971F84F727} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {79F43EF2-E5DD-4893-86EF-3BA25446D638} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {7CCB46D3-6247-4A19-B414-D8754F4767F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {83D1AA23-B4FC-4EA4-A385-AD33BEEA1D41} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {845B04C4-EE23-49B1-8144-50FA32CE79D0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {89D10D32-04E3-47C1-8C21-5D9702F3B6E5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {8C0D7198-139D-450B-9765-0FE1A936E890} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {97C535CB-1EB5-4B7E-8C14-1A2E09778254} - System32\Tasks\{3AA92185-0C2B-4C17-9CB8-954603728A1C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin Task: {9A339895-06F2-4C78-9C49-14F87AE3FD4E} - System32\Tasks\{4A054330-A7BE-43B5-8B07-3054B0401901} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {9A369C20-95DD-4F75-A15D-35DF4005A652} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {9CD5C0EE-2CFB-4173-8837-E7839D521678} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {A20428DA-B0A3-4761-ABF3-1141B597648D} - System32\Tasks\CCleanerSkipUAC => E:\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd) Task: {A46C0A8D-13F0-4445-9675-E27C0FAE3397} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {A6870061-73A4-456B-A0ED-9F4D30DB7E9B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {B0C7611B-103A-4876-BFFF-1B1CE1589AD6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {B6EF4534-1D90-455A-AA28-918C2FBF1E3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {BDAB13EB-31AE-429C-8374-5AB8635E976B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {CDBBB802-2751-421E-86B0-C3713B9C0626} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {D2E931C0-F743-4651-8392-9A00F49AB9A2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {E6059C06-142F-45D8-ABEC-D6CD988113E5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {E98C6373-72FD-47E5-A0E9-9F8CAC9E6A5D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {F1EAA3AD-2DAF-44DF-BFE4-0D6D3ACAD35F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {F35FA0F6-81C4-4F5B-BC58-58B1BA91FF0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {F6B3CE81-430F-489C-B26D-73542F9558F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {FDF62A1B-1B02-442E-A644-3FBD071D277E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GlaryInitialize.job => E:\Glary Utilities\Glary Utilities\initialize.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-08-04 13:24 - 2015-08-04 13:24 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-19 14:29 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2013-08-15 23:17 - 2010-03-28 16:47 - 00246520 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 2014-06-29 01:03 - 2014-06-29 01:03 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2013-07-02 22:56 - 2015-08-07 06:27 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-29 14:19 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-29 14:19 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-12 11:48 - 2015-08-03 03:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2015-08-12 11:48 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-19 14:30 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-12 11:48 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2015-07-02 02:28 - 2015-07-02 02:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2015-07-02 02:28 - 2015-07-02 02:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00031304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00017480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00088648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 01296456 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00061000 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2014-09-21 16:54 - 2014-08-14 00:47 - 00107592 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00075848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00068168 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00158280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00276040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00072264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00139848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00037448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00581192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00193096 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2014-09-21 16:54 - 2014-08-14 00:47 - 00255560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00145992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00076872 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00207944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00024648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00020552 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00032328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00034888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00064072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2014-09-21 16:54 - 2014-08-14 00:47 - 00022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00194120 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2014-09-21 16:54 - 2014-08-14 00:47 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2014-09-21 16:54 - 2014-08-14 00:47 - 00020040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00043080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00353864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00027208 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00137288 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00147016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00062024 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00089672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll 2014-09-21 16:54 - 2014-08-14 00:48 - 00056392 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll 2015-08-06 17:14 - 2015-08-06 17:14 - 00019968 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PSIClient\64ac277a63c8ef2eb9f3dc3a6d5f249b\PSIClient.ni.dll 2015-08-04 13:28 - 2015-07-24 06:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2013-03-12 18:10 - 2015-07-03 18:12 - 00778240 _____ () E:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 16:14 - 2015-07-03 18:12 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll 2014-05-25 18:00 - 2015-08-19 22:39 - 02413248 _____ () E:\Program Files (x86)\Steam\video.dll 2014-09-02 19:26 - 2014-12-01 23:31 - 02396672 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll 2014-09-02 19:26 - 2014-12-01 23:31 - 00479744 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll 2014-09-02 19:26 - 2014-12-01 23:31 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll 2014-09-02 19:26 - 2014-12-01 23:31 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll 2014-09-02 19:26 - 2014-12-01 23:31 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll 2015-01-20 16:14 - 2015-07-03 18:12 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 16:14 - 2015-07-03 18:12 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll 2013-01-04 18:03 - 2015-08-19 22:39 - 00704192 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-27 00:29 - 2015-07-27 03:13 - 00171008 _____ () E:\Program Files (x86)\Steam\bin\openvr_api.dll 2013-01-04 18:03 - 2015-07-03 18:12 - 39553928 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: FixMyRegistry => E:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as MSCONFIG\startupreg: icq => C:\Users\Sven\AppData\Roaming\ICQM\icq.exe -CU MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE MSCONFIG\startupreg: iTunesHelper => "E:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Sven\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "E:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{AE33E8A5-21C8-4954-993A-766D892D5FEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5C85BAC3-C42C-4DAB-9897-462BE26A747C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{04E23080-5EF8-4125-A707-FF55F7EA1721}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6AD5CF3D-47E1-4F39-821E-3F10D0BDDBF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{19D4AD3A-C7CA-4D32-B959-8DFB9CC43260}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe FirewallRules: [{C0FF7496-1B27-4E9D-9AE6-7B5C68FFFEEA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe FirewallRules: [UDP Query User{700E19D0-B513-4705-B928-ABE6986C7E5E}E:\imaginärer desktop\qip\qip.exe] => (Allow) E:\imaginärer desktop\qip\qip.exe FirewallRules: [TCP Query User{FD801DF3-A2D7-40B3-9E23-0AB1BE89F2FA}E:\imaginärer desktop\qip\qip.exe] => (Allow) E:\imaginärer desktop\qip\qip.exe FirewallRules: [{91B1D801-44A7-4A9A-830C-3E62CD976589}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe FirewallRules: [{BC13458C-5F05-4732-8EB9-DAABB2EC6E17}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe FirewallRules: [{35320B73-FA16-4FAE-B5E1-18D033275291}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{0ADAC72E-FBBE-483D-90EF-16C2E50C51D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{F9086E65-C393-4C9E-9202-2B500C5226C9}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\DepthHunter2\dh2.exe FirewallRules: [{501D636D-B0E3-4C6F-B505-988FE9140DAE}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\DepthHunter2\dh2.exe FirewallRules: [{BD6EC9B6-08C2-4A80-81A8-4362C3BA4A4A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Worms Armageddon\WA.exe FirewallRules: [{22901019-AD6C-4826-A00B-3BA7C18F3B27}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Worms Armageddon\WA.exe FirewallRules: [{55D43D55-BC75-43BC-AC39-7782E3DC0120}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed 2\AssassinsCreedIIGame.exe FirewallRules: [{EA78A7DA-7C92-4508-A6A9-76792DF66968}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed 2\AssassinsCreedIIGame.exe FirewallRules: [{E2B9E4F2-C024-44F7-A871-714693EA75B2}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{E4AE8DF5-F352-403D-A4F5-9FFE37ACCF5D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{5C527F23-40A2-4932-9B29-3A465393BDF6}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe FirewallRules: [{186B1E67-CFAE-4B3C-B76F-E68028C9FF34}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe FirewallRules: [UDP Query User{782FC2BD-285F-4865-AE87-1649227822B4}C:\users\sven\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sven\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{3220F9B5-A647-41D6-84BB-288AFFA8F865}C:\users\sven\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sven\appdata\roaming\spotify\spotify.exe FirewallRules: [{360EA121-D914-413D-8B89-5AD01F2A4FA8}] => (Allow) E:\Orignin games\Battlefield 4\bf4.exe FirewallRules: [{C6DD2A5E-8670-4E2D-BB09-50352F2069F7}] => (Allow) E:\Orignin games\Battlefield 4\bf4.exe FirewallRules: [{7D5AF3CE-1D41-4F44-94A6-76113617E3C8}] => (Allow) E:\Orignin games\Battlefield 4\bf4_x86.exe FirewallRules: [{3B0AE549-2883-486C-9012-29303B11A8A7}] => (Allow) E:\Orignin games\Battlefield 4\bf4_x86.exe FirewallRules: [{88463D13-A2C5-4B03-A9E2-F29737452648}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Dark Forces\DosBox\dosbox.exe FirewallRules: [{D9807CA9-5AE4-4F7D-A949-6826F1789B54}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Dark Forces\DosBox\dosbox.exe FirewallRules: [{7A25A4A3-E6D1-4916-8055-0189FD17512E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Monkey2\Monkey2.exe FirewallRules: [{8011C32A-5686-44C1-8816-D94131F65299}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Monkey2\Monkey2.exe FirewallRules: [{83DEAF22-3385-4C5D-B970-87ED8B9445CF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\The Secret of Monkey Island Special Edition\MISE.exe FirewallRules: [{8730A40A-58AC-4B72-BF02-5DC25939E8B8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\The Secret of Monkey Island Special Edition\MISE.exe FirewallRules: [UDP Query User{DCCF4507-5013-49E0-B1AE-2CB1329CD2E2}E:\imaginärer desktop\warcraft iii\war3.exe] => (Allow) E:\imaginärer desktop\warcraft iii\war3.exe FirewallRules: [TCP Query User{3B43360F-C8D5-4ED9-8B1C-D9C8E45242CF}E:\imaginärer desktop\warcraft iii\war3.exe] => (Allow) E:\imaginärer desktop\warcraft iii\war3.exe FirewallRules: [UDP Query User{D13A8F94-33E1-42B1-BB4B-888DC0E8F7EE}E:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [TCP Query User{945E5DF2-76A1-49A9-AB1E-B287C5D18634}E:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{31CDB413-0EA4-4EE3-97BA-8B3004E81640}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe FirewallRules: [{172F05DC-1BEE-40C8-A210-7C41DC0C5F29}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe FirewallRules: [{50570FBF-41F7-406F-A8CB-F6A74E10B85B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{837B6DFC-6915-4F17-A082-2E51043B282C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{18D336A0-C2BF-469C-91AD-59BF43A71A07}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe FirewallRules: [{C93A0E3F-EB6D-485C-A63E-31AB97E3F2CF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe FirewallRules: [{42B886C3-8920-42CE-BC3C-6880364BC403}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe FirewallRules: [{9F3332B6-4453-40EC-8C92-2D21614015B3}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe FirewallRules: [{A7294738-9EFD-4C02-8A75-08AA7E377963}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe FirewallRules: [{5D4A7D05-F3DB-46F9-AC1F-99A0516C35D2}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe FirewallRules: [{597BE152-B045-4EBB-BB17-1F5BAA20EEED}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{88135123-A56F-4D30-BB83-F0C105073589}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes Relaunch\RelicCOH.exe FirewallRules: [{D93A278F-3A14-499C-964F-9D48D5063A9C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe FirewallRules: [{EB576146-C213-4FA5-8DF6-87235257D4A3}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe FirewallRules: [{42894DAD-750B-48E3-B342-DF5A9D7565AC}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Defy Gravity\DefyGravity.exe FirewallRules: [{74A83261-A76A-4487-B3B1-8AD7C01722BB}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Defy Gravity\DefyGravity.exe FirewallRules: [{E12BDDF5-3520-41AF-9476-DBB4D8AC8DA5}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe FirewallRules: [{D4A24F3B-510D-418C-9ADA-847ADE915253}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe FirewallRules: [{36EC68CC-6E63-462E-9AC3-D10202AD72C4}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe FirewallRules: [{A76243EA-72EF-4F49-987F-831D90F50F7C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe FirewallRules: [{B9BF4783-FE87-40CF-9B80-1FAE61A29622}] => (Allow) E:\Orignin games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{2C3438A1-F2A4-4D28-931B-FB649A820E4C}] => (Allow) E:\Orignin games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{C6B3B17C-3E64-4094-9B23-899FE3AB7D55}] => (Allow) E:\Orignin games\Bejeweled 3\Bejeweled3.exe FirewallRules: [{5C6EA29A-11F2-401C-8E81-E27C45267359}] => (Allow) E:\Orignin games\Bejeweled 3\Bejeweled3.exe FirewallRules: [{2941B146-9368-4F55-9C48-E75A05DFFAF3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{A1AA8F90-454A-455A-AC31-B5FD18CA3CFF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{F32A9B7F-9D6F-44A7-AAA2-25E7FA314360}] => (Allow) LPort=4410 FirewallRules: [{CD3BD647-CAEE-4351-97D4-179D26CF6245}] => (Allow) LPort=4410 FirewallRules: [{A5D28AED-E32F-46A9-A32C-D8559C0F7581}] => (Allow) LPort=4410 FirewallRules: [{058177F1-562E-4AD9-B3B2-05FD0E257F80}] => (Allow) LPort=1900 FirewallRules: [{91FE893B-90BC-4612-8F01-9F882F987547}] => (Allow) LPort=7900 FirewallRules: [{670A5120-15CB-436D-A94E-4B99526B70B7}] => (Allow) LPort=24234 FirewallRules: [{7DBD51D5-1B14-452F-927C-60BA5B1AF44C}] => (Allow) LPort=7679 FirewallRules: [{DA3AB68F-BCCD-431C-B747-8D41D20D2C1C}] => (Allow) LPort=7676 FirewallRules: [{0B47B45B-6BCE-4D7E-B8D9-349EB22E995E}] => (Allow) LPort=8643 FirewallRules: [{0C827BAF-AAE1-4F8E-9899-20ADF8FF3471}] => (Allow) LPort=8743 FirewallRules: [{4A49C3C9-D060-4F14-A929-AF3C9457857B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{A25A7827-ACD7-4896-857C-06EEB14DD3CD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{E6D28DF8-7325-42F2-8091-AE85ED573D6D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe FirewallRules: [{BCC26417-6A2D-49A2-BC52-773FFC8536BF}] => (Allow) E:\Uplay games\The Crew (Beta)\TheCrew.exe FirewallRules: [{FB29DA69-E98E-4D9C-9AB9-FF6A77F975B8}] => (Allow) E:\Uplay games\The Crew (Beta)\TheCrew.exe FirewallRules: [{ADF24328-EB96-4198-8434-E8714CA4E73E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe FirewallRules: [{7A64E29E-4578-4E13-8430-77BB9A86CE4C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe FirewallRules: [{1910DA44-64E9-4006-90F7-370B98E20725}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{181BA87B-EB22-407C-91C9-A5395E8A7F60}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{53E61430-28AF-484E-984E-AFC9DADC11F5}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Tropico 5\Tropico5Steam.exe FirewallRules: [{ADA7FB7D-CAC2-480A-A72D-E1D53E6CF0D7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Tropico 5\Tropico5Steam.exe FirewallRules: [{C4CF2585-D0FA-45F9-8361-AFC5FA2CE692}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe FirewallRules: [{12767267-B68C-46D4-B951-B21EFF4C5D67}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe FirewallRules: [{78A5761F-DAF7-45E0-A7D0-125792EAF0B5}] => (Allow) E:\Orignin games\SimCity\SimCity\SimCity.exe FirewallRules: [{6A7BE97B-5C54-4261-91F8-33D5EF49332A}] => (Allow) E:\Orignin games\SimCity\SimCity\SimCity.exe FirewallRules: [{A4229200-DB96-41BC-ABD2-016F1E801E1D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{CA52D65F-DBAF-4D96-B720-2D95BCB654F7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{B16F5778-F775-4CDF-8A14-CD4706DB5B76}] => (Allow) E:\Orignin games\Battlefield 4\bf4.exe FirewallRules: [{8EFE0386-3948-474E-8E77-FFBAB170DA07}] => (Allow) E:\Orignin games\Battlefield 4\bf4.exe FirewallRules: [{1076781B-8CD6-4E2C-A708-F74E770536C7}] => (Allow) E:\Orignin games\Battlefield 4\bf4_x86.exe FirewallRules: [{B859C4AD-BE33-4BBA-AF29-8F17B9028770}] => (Allow) E:\Orignin games\Battlefield 4\bf4_x86.exe FirewallRules: [{FA78F1C9-1279-47CE-8184-47D4F197CB16}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{E4E42653-2168-48DF-B42E-4D880308525F}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{43985868-B00C-448A-85E1-C630F3512B4E}] => (Allow) E:\Orignin games\Peggle Nights\PeggleNights.exe FirewallRules: [{0124EA6E-1E64-492E-AF9F-FE727E986ADA}] => (Allow) E:\Orignin games\Peggle Nights\PeggleNights.exe FirewallRules: [{A75685BF-B53F-44ED-813F-A700CCFB8F51}] => (Allow) E:\Orignin games\Peggle Deluxe\Peggle.exe FirewallRules: [{36E8F165-8A06-4A3C-A638-197BA75CE0CE}] => (Allow) E:\Orignin games\Peggle Deluxe\Peggle.exe FirewallRules: [{97DD5124-D0ED-4F06-97C6-BFED4A32E9FA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe FirewallRules: [{B047FD4B-8CBC-412D-9865-57466DDCD68F}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe FirewallRules: [{CE8A1D65-63F3-48FD-94DA-B7A9A5944EB2}] => (Allow) E:\Program Files (x86)\Firefly Studios\Stronghold\Stronghold.exe FirewallRules: [{016BF2C5-4CBE-4BC9-AC25-A54E05594766}] => (Allow) E:\Program Files (x86)\Firefly Studios\Stronghold\Stronghold.exe FirewallRules: [{F026E7A2-26AF-4268-89C7-D5D1ABF29921}] => (Allow) E:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe FirewallRules: [{F36E80E8-96D0-4F6D-91C0-FEA16562957F}] => (Allow) E:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe FirewallRules: [{36E5A23B-2EE8-4012-8D21-B09E7D31DE86}] => (Allow) E:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe FirewallRules: [{4F4A1F9C-BC2C-45FB-9700-FA28E927EFDE}] => (Allow) E:\Program Files (x86)\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe FirewallRules: [{FC739D7F-5EE1-4416-8D56-BE7ED1DA332E}] => (Allow) LPort=1900 FirewallRules: [{E3643ECF-8285-44CB-857D-5CFFD9DE15C2}] => (Allow) LPort=2869 FirewallRules: [{C78D5056-56C5-4FCC-AC8F-35ADAEDD590F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{58AABF09-D038-4AF2-890D-27A8F1B95DF4}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{529F52E3-6778-4695-A2F8-FF02A8F48870}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{943F402E-1CF9-4508-B82C-018197DFA9F5}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{FA5A6469-7B18-40E5-95F2-A5F442031ECB}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{E784E69A-AF53-4786-BE46-AEE25D6F82E1}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe FirewallRules: [{4B6DF97B-BF33-41B3-B8AA-0226AE3579F5}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe FirewallRules: [{2CBCC9D5-F851-4EB6-BA7C-82A982A0C448}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe FirewallRules: [{6FAB42FE-5219-4F3A-A3E0-25766002232B}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe FirewallRules: [{70FCA0BD-9338-45C8-A290-AA9E51A13157}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe FirewallRules: [{7D0003AB-79C3-4DA2-A0E3-040288216731}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe FirewallRules: [{A43E7A37-C818-4818-B904-10BBBD4C03CC}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe FirewallRules: [{9745F8E4-DF3A-4459-9FB7-0B407B9AFBDD}] => (Allow) E:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe FirewallRules: [{A6DDF791-3B3C-48CC-B4A0-8409B9B99545}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{7E3AEBD8-CD70-45B2-AB08-D78330BC964C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{2B5D426F-583C-40AE-997D-47F1D2E7B165}] => (Allow) E:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{6B5B0426-51B3-47A8-939B-1B2D7F0EC3C9}] => (Allow) E:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{16C94F59-CC01-471F-AD30-60D4AF67CB27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{31D34A0D-7E20-4A53-B68D-51EA615367C2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7384B2AD-9F41-4C72-9D9F-4DFACE366017}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{DC145634-97A5-4B9D-97F5-DE1724CD12BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E619DDA1-648D-4B23-B5ED-9B60C27C7913}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe FirewallRules: [{32C6B20E-EC3E-4BB0-B04D-D4CA69D48FDC}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe FirewallRules: [{C5067341-E666-43AB-BA98-C8E460035720}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe FirewallRules: [{B41723DF-3074-4A89-AC21-0B2D3C404280}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe FirewallRules: [{F4C190A6-6F9E-4AD0-A141-4D62854C7105}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe FirewallRules: [{214E6526-9994-4057-8B08-E32BF9AC8711}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe FirewallRules: [{8694934B-8670-483A-B986-665E6026D1B7}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe FirewallRules: [{F13AA44F-E509-4B8B-B98A-4DB11B6BABC4}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe FirewallRules: [{0DD7F403-2AF6-4E52-A777-277B3B9D3286}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe FirewallRules: [{98C9A070-69DB-45E7-899E-859562F10142}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe FirewallRules: [{65786F36-FB68-4391-A4E5-53AACCA6E087}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe FirewallRules: [{4A323BCC-BCB6-48C5-860E-73ABC91CEDB2}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe FirewallRules: [{CD945246-445C-4BBA-AC76-4899B946703E}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe FirewallRules: [{0AD5CD69-BF63-4B73-8734-8C75F0DAC716}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe FirewallRules: [{23AF0838-BE36-45DB-B1D5-9B51DF900DCD}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe FirewallRules: [{12DFDC1A-F09A-4E9C-8B94-E2B037A8EFB1}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe FirewallRules: [{92D96BCB-A406-4E6B-A71F-157B9E821B8E}] => (Allow) C:\Program Files (x86)\ICQ7.2\aolload.exe FirewallRules: [{889248A6-A9CF-4B7D-A265-D9E801EBF2CA}] => (Allow) C:\Program Files (x86)\ICQ7.2\aolload.exe FirewallRules: [{BD0837A2-3FCF-4750-BB1F-1EE9AFD90B1C}] => (Allow) C:\Program Files (x86)\ICQ7.2\aolload.exe FirewallRules: [{81B2FEE7-2099-4325-A95E-C860206A89DE}] => (Allow) C:\Program Files (x86)\ICQ7.2\aolload.exe FirewallRules: [{DBCD6D6F-A895-4922-8EE3-C98F91E271FD}] => (Allow) C:\Program Files (x86)\ICQ7.2\aolload.exe FirewallRules: [{DDCA72A0-D753-473D-809C-4A1305861E16}] => (Allow) C:\Program Files (x86)\ICQ7.2\aolload.exe FirewallRules: [{B9690EF6-D5B2-4025-9059-83C469E6051A}] => (Allow) C:\Program Files (x86)\ICQ7.2\ICQ.exe FirewallRules: [{A48C5E73-D9CD-44F8-A6E7-34DB3BF9937F}] => (Allow) C:\Program Files (x86)\ICQ7.2\ICQ.exe FirewallRules: [{36D507E9-0FD8-4577-9BF4-41150F16AFFB}] => (Allow) C:\Program Files (x86)\ICQ7.2\ICQ.exe FirewallRules: [{D3E5D1E8-87C3-4720-93F2-9AEB954C692E}] => (Allow) C:\Program Files (x86)\ICQ7.2\ICQ.exe FirewallRules: [{0FE98C1B-51DC-461D-B79C-C603FB662796}] => (Allow) C:\Program Files (x86)\ICQ7.2\ICQ.exe FirewallRules: [{25B90E1E-D4C0-416F-B9A8-3427EEA4821A}] => (Allow) C:\Program Files (x86)\ICQ7.2\ICQ.exe FirewallRules: [{839CB61C-66DE-4DC1-94F2-ABC7A05700D7}] => (Allow) C:\Users\Sven\AppData\Roaming\ICQM\icq.exe FirewallRules: [{5A2FEA95-D422-4988-8DA0-97C7F8B0F8E4}] => (Allow) C:\Users\Sven\AppData\Roaming\ICQM\icq.exe FirewallRules: [{F79239F5-FB47-4857-9512-A43D831A18AB}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{BEEE83EF-5B14-4072-8B93-163113FBE9CF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{127C5581-1F97-4CF7-930F-C79F0216957F}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe FirewallRules: [{336F0C4D-38D6-4556-829B-67536CC16A47}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe FirewallRules: [{0F91E988-77B2-4299-BDA0-A02866D675D5}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\iw3mp.exe FirewallRules: [{4936686F-8B44-4049-B488-0EA2002DC7BA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\iw3mp.exe FirewallRules: [{E9897A5B-3E79-4EA1-AE7A-09998D97708D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\iw3sp.exe FirewallRules: [{1621BF80-23D2-406B-A1B2-09A9B3EE6687}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\iw3sp.exe FirewallRules: [{F40DCD1D-60DE-4138-BE56-B9D782C3DA64}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Hitman Absolution\HMA.exe FirewallRules: [{19559FAC-18A8-4553-9FBD-793BB9714A6D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Hitman Absolution\HMA.exe FirewallRules: [{9825907D-B2E1-4B61-9314-ED781E41CADA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe FirewallRules: [{D9D2E237-B6C2-42BC-A2B5-6C974F139EF2}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe FirewallRules: [{AFFC1300-E5E6-4E7D-A556-E66B82FDCBB7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe FirewallRules: [{7695A42A-01DD-46B4-9E06-B965BA208BFA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe FirewallRules: [{01E485E6-760F-4422-B183-06404C34D050}] => (Allow) E:\Swotr\Star Wars-The Old Republic\launcher.exe FirewallRules: [{6A4C87F1-1A30-4540-BB62-4E2619CC2EF7}] => (Allow) E:\Swotr\Star Wars-The Old Republic\launcher.exe FirewallRules: [{9B4205BA-ECA2-4B1E-B673-0CA417C9C5C2}] => (Allow) E:\Swotr\Star Wars-The Old Republic\launcher.exe FirewallRules: [{D59FDC26-00C8-4915-9173-D6118E88706D}] => (Allow) E:\Swotr\Star Wars-The Old Republic\launcher.exe FirewallRules: [{440A32A7-F523-4BF1-944D-53DC554B85A5}] => (Allow) E:\Orignin games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{42C86A49-7593-4DDB-9B6D-8EB0E6B7D7D3}] => (Allow) E:\Orignin games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{B9AC4AA6-C1BA-4D57-B27C-39E348857D5B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Peggle Extreme\PeggleExtreme.exe FirewallRules: [{D28365B1-B6E1-4B87-8CD3-D7856181921D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Peggle Extreme\PeggleExtreme.exe FirewallRules: [{1949043A-D9FF-4246-B404-5D99CA2332E2}] => (Allow) E:\Orignin games\SimCity\SimCity\SimCity.exe FirewallRules: [{E940BB49-2291-4B93-AFB4-1CFF6338EA5C}] => (Allow) E:\Orignin games\SimCity\SimCity\SimCity.exe FirewallRules: [{2F823C97-3BB6-4DE7-950E-2BA35E6B00B7}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe FirewallRules: [{0C540A67-0BB9-4C94-B496-CF1A5B9F5350}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AssassinsCreed3.exe FirewallRules: [{43230615-7988-4AE0-B8BD-1ED7B90C840E}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe FirewallRules: [{FEE5D806-A5EC-4B44-B7D9-D6E75A4EC61E}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3MP.exe FirewallRules: [{C85F970F-F273-4E31-99D1-56A7655D4C5C}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe FirewallRules: [{2762378D-A9C1-4B3E-B7DB-B53F89726F95}] => (Allow) E:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe FirewallRules: [{59CB7E79-0B0A-47C8-99BA-7EE75866492D}] => (Allow) E:\Diablo3\Diablo III\Diablo III.exe FirewallRules: [{DF08FB65-D810-426D-8E78-7ED9823B5F00}] => (Allow) E:\Diablo3\Diablo III\Diablo III.exe FirewallRules: [{85900FD5-67A1-436E-9808-83890FE472FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{67EA7559-527E-4D1E-9663-CC0B0810DB6C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{F845AE07-994A-4414-8CBD-FBA6618B16C1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F07D55CE-3545-48A8-A03B-0CCB09CD7D9A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{B506E186-79D1-43A1-8F22-0A7FC8137124}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe FirewallRules: [{E73D7F90-44BF-4935-B504-8A42FE14685F}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe FirewallRules: [{94C7E9AC-EE26-4F26-A7FE-682753123895}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe FirewallRules: [{52202AE6-E032-475F-825C-83C21964EB79}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe FirewallRules: [{D30A24CB-8117-4C18-92FE-6A2E458E1112}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe FirewallRules: [{BA96538F-76F5-4739-8ACA-DD1AB682B3E3}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe FirewallRules: [{1FC1E81F-2AB5-4F3E-B0C5-B2FF2C8B6AF3}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe FirewallRules: [{85BFB983-BBC4-4A47-A1CC-9E386FD867B1}] => (Allow) E:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe FirewallRules: [UDP Query User{31366EBB-9925-45FD-8AD7-DE62AF38AAEA}E:\program files (x86)\xfire\xfire.exe] => (Allow) E:\program files (x86)\xfire\xfire.exe FirewallRules: [TCP Query User{1BA501A3-442F-44F0-871C-4E38E3201E17}E:\program files (x86)\xfire\xfire.exe] => (Allow) E:\program files (x86)\xfire\xfire.exe FirewallRules: [{E41A3114-55FA-4EE3-BECC-F219C5A91A36}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BBB0E5EF-6FF5-48B8-98C1-F9D832F43678}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F8C756BE-B27D-4598-9AAA-0626B8069CF1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A115A2E6-D137-42BC-ADAA-5D4255C5E620}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{7D5CE18E-67A5-461E-B0C4-7C6E99C8994B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D815430D-2142-409F-9BEC-D7C2329EFD4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{E7840A91-FB57-4941-B8BD-935CB2FB7E26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{54E3B2D1-0957-4034-8B51-0B6E35A584D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0F393953-DCBC-461C-A3AE-9D396DE0893F}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe FirewallRules: [{B741FD3C-A0C2-4511-AE8D-8B4DBDA0EB92}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe FirewallRules: [{B035A108-988C-4641-99A0-9F1FA6B71AC3}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe FirewallRules: [{5A42A535-019E-47B2-93BC-90FD004C2F6B}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe FirewallRules: [{54E1B223-3FEA-4225-ABF6-6DAADC768075}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe FirewallRules: [{B08EB9EA-CE48-4CE9-AB89-EECBFB0093F7}] => (Allow) E:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe FirewallRules: [TCP Query User{CF053282-735B-49AC-A709-1846EF97AF93}E:\program files (x86)\ubisoft\related designs\anno 2070\autopatcherneu.exe] => (Allow) E:\program files (x86)\ubisoft\related designs\anno 2070\autopatcherneu.exe FirewallRules: [UDP Query User{365653DA-EB49-4EF2-8E60-BA17DC7BB9D4}E:\program files (x86)\ubisoft\related designs\anno 2070\autopatcherneu.exe] => (Allow) E:\program files (x86)\ubisoft\related designs\anno 2070\autopatcherneu.exe FirewallRules: [{833EE840-AC84-452E-B35B-A6627C0D5616}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\ANNO 2070\Anno5.exe FirewallRules: [{E999C5CF-0923-46CD-91E7-FC2BFEE0DC88}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\ANNO 2070\Anno5.exe FirewallRules: [{1FFE9C0D-B98D-4A63-B73C-F950F194172C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\ANNO 2070\Anno5.exe FirewallRules: [{AD1ABA8E-F625-4840-96E8-3004B8F7C09B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\ANNO 2070\Anno5.exe FirewallRules: [TCP Query User{12C2AAC2-A847-4336-8691-4228BBFE7429}E:\mozilla\firefox.exe] => (Allow) E:\mozilla\firefox.exe FirewallRules: [UDP Query User{B9A7B947-C24C-462C-A5A0-4E162AB83B02}E:\mozilla\firefox.exe] => (Allow) E:\mozilla\firefox.exe FirewallRules: [{D3888D89-7257-43E0-9F4B-B1E2F931E577}] => (Allow) E:\Orignin games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{AE32F6E4-C666-4FE1-AB9A-2E28B57D7590}] => (Allow) E:\Orignin games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{9DC2CB57-E3CD-4456-BFEA-9F6CEFA36997}] => (Allow) E:\Orignin games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{ABF83284-F3CF-4823-B25E-6072C4ED9ABE}] => (Allow) E:\Orignin games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{2CA16251-F250-4DAA-B1E7-578F28E0BAF7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{10E78197-BD82-40A3-902E-FC451162920B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [TCP Query User{F8D35763-2AAD-4C1A-BE0E-FBF5101A9176}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{5648654D-9027-40F2-975B-DADD954A5B2C}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe FirewallRules: [{F4AECB86-0D41-445A-BD86-6EA4B1FA355F}] => (Allow) E:\Orignin games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{3A3D3678-57A7-4E19-B085-D36FD292FCC2}] => (Allow) E:\Orignin games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{ADFEFFD7-D56F-4357-99E0-DC22C9631625}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D49A2971-E7C5-4761-B98D-BA70B79E140D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E4FC8228-17BA-4D2B-BAE9-ED33CFA392A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EF8032B0-F1D5-4E04-A23B-396237802B32}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B98A785C-CAFC-423B-A87F-A44085ED9788}] => (Allow) E:\Program Files\iTunes\iTunes.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/28/2015 10:19:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sven-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (09/28/2015 10:19:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sven-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (09/27/2015 09:48:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1 Name des fehlerhaften Moduls: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1 Ausnahmecode: 0x40000015 Fehleroffset: 0x00052d24 ID des fehlerhaften Prozesses: 0x2004 Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0 Pfad der fehlerhaften Anwendung: jucheck.exe1 Pfad des fehlerhaften Moduls: jucheck.exe2 Berichtskennung: jucheck.exe3 Vollständiger Name des fehlerhaften Pakets: jucheck.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jucheck.exe5 Error: (09/27/2015 09:47:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Diablo III.exe, Version 2.3.0.33567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d4 Startzeit: 01d0f95d03514e04 Beendigungszeit: 1 Anwendungspfad: E:\Diablo III\Diablo III.exe Berichts-ID: 7f25b9aa-6550-11e5-9bd9-3085a99a7620 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (09/22/2015 08:31:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm game.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3fc Startzeit: 01d0f564b67fb87b Beendigungszeit: 4294967295 Anwendungspfad: E:\Orignin games\Command and Conquer Red Alert II\game.exe Berichts-ID: 12e9b672-6158-11e5-9bd9-3085a99a7620 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (09/20/2015 12:05:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm game.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 98c Startzeit: 01d0f38b4d1df23a Beendigungszeit: 4294967295 Anwendungspfad: E:\Orignin games\Command and Conquer Red Alert II\game.exe Berichts-ID: 186fcb36-5f7f-11e5-9bd9-3085a99a7620 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (09/20/2015 12:05:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm RA2Launcher.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17d8 Startzeit: 01d0f38b474eaa4d Beendigungszeit: 4294967295 Anwendungspfad: E:\Orignin games\Command and Conquer Red Alert II\RA2Launcher.exe Berichts-ID: 10b3ee71-5f7f-11e5-9bd9-3085a99a7620 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (09/20/2015 01:52:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sven-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (09/17/2015 10:23:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sven-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (09/17/2015 07:36:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sven-PC) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Systemfehler: ============= Error: (09/30/2015 06:16:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/30/2015 06:16:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_Session3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/29/2015 09:59:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/29/2015 09:58:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/29/2015 04:21:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/28/2015 10:19:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/28/2015 10:19:51 PM) (Source: DCOM) (EventID: 10010) (User: Sven-PC) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (09/28/2015 10:19:51 PM) (Source: DCOM) (EventID: 10010) (User: Sven-PC) Description: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca Error: (09/28/2015 10:19:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/28/2015 09:27:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 CodeIntegrity: =================================== Date: 2015-09-28 21:27:35.409 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-28 21:27:35.386 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-28 16:03:58.354 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-28 16:03:58.333 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-15 16:31:15.377 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-15 16:31:15.339 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-12 14:44:41.960 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-09-12 14:44:41.941 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-09-12 14:44:41.919 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-09-12 14:44:41.887 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz Prozentuale Nutzung des RAM: 16% Installierter physikalischer RAM: 16325.85 MB Verfügbarer physikalischer RAM: 13554.93 MB Summe virtueller Speicher: 42325.85 MB Verfügbarer virtueller Speicher: 39562.38 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:45.98 GB) NTFS Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:414.55 GB) NTFS Drive f: (STUNDENULL1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DA564D34) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 724ACDFB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
01.10.2015, 14:02 | #3 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
01.10.2015, 14:58 | #4 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Beide Programme haben wohl nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.10.01.04 rootkit: v2015.09.22.01 Windows 10 x64 NTFS Internet Explorer 11.0.10240.16431 Sven :: SVEN-PC [administrator] 01.10.2015 15:26:26 mbar-log-2015-10-01 (15-26-26).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 531195 Time elapsed: 16 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 15:53:48.0818 0x1abc TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57 15:53:56.0812 0x1abc ============================================================ 15:53:56.0812 0x1abc Current date / time: 2015/10/01 15:53:56.0812 15:53:56.0812 0x1abc SystemInfo: 15:53:56.0812 0x1abc 15:53:56.0812 0x1abc OS Version: 10.0.10240 ServicePack: 0.0 15:53:56.0812 0x1abc Product type: Workstation 15:53:56.0812 0x1abc ComputerName: SVEN-PC 15:53:56.0812 0x1abc UserName: Sven 15:53:56.0812 0x1abc Windows directory: C:\WINDOWS 15:53:56.0812 0x1abc System windows directory: C:\WINDOWS 15:53:56.0812 0x1abc Running under WOW64 15:53:56.0812 0x1abc Processor architecture: Intel x64 15:53:56.0812 0x1abc Number of processors: 8 15:53:56.0812 0x1abc Page size: 0x1000 15:53:56.0812 0x1abc Boot type: Normal boot 15:53:56.0812 0x1abc ============================================================ 15:53:56.0943 0x1abc KLMD registered as C:\WINDOWS\system32\drivers\63154018.sys 15:53:56.0996 0x1abc System UUID: {F3B6507A-62D0-D0FB-2B1F-B48191D43F72} 15:53:57.0191 0x1abc Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:53:57.0211 0x1abc Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:53:57.0213 0x1abc ============================================================ 15:53:57.0213 0x1abc \Device\Harddisk1\DR1: 15:53:57.0213 0x1abc MBR partitions: 15:53:57.0213 0x1abc \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:53:57.0213 0x1abc \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000 15:53:57.0213 0x1abc \Device\Harddisk0\DR0: 15:53:57.0213 0x1abc MBR partitions: 15:53:57.0213 0x1abc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 15:53:57.0213 0x1abc ============================================================ 15:53:57.0214 0x1abc C: <-> \Device\Harddisk1\DR1\Partition2 15:53:57.0239 0x1abc E: <-> \Device\Harddisk0\DR0\Partition1 15:53:57.0239 0x1abc ============================================================ 15:53:57.0239 0x1abc Initialize success 15:53:57.0239 0x1abc ============================================================ 15:54:24.0027 0x0810 ============================================================ 15:54:24.0027 0x0810 Scan started 15:54:24.0027 0x0810 Mode: Manual; SigCheck; TDLFS; 15:54:24.0027 0x0810 ============================================================ 15:54:24.0027 0x0810 KSN ping started 15:54:26.0367 0x0810 KSN ping finished: true 15:54:27.0963 0x0810 ================ Scan system memory ======================== 15:54:27.0963 0x0810 System memory - ok 15:54:27.0963 0x0810 ================ Scan services ============================= 15:54:28.0015 0x0810 1394ohci - ok 15:54:28.0020 0x0810 3ware - ok 15:54:28.0026 0x0810 ACPI - ok 15:54:28.0031 0x0810 acpiex - ok 15:54:28.0038 0x0810 acpipagr - ok 15:54:28.0043 0x0810 AcpiPmi - ok 15:54:28.0047 0x0810 acpitime - ok 15:54:28.0053 0x0810 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:54:28.0070 0x0810 AdobeARMservice - ok 15:54:28.0099 0x0810 [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:54:28.0107 0x0810 AdobeFlashPlayerUpdateSvc - ok 15:54:28.0110 0x0810 ADP80XX - ok 15:54:28.0113 0x0810 AFD - ok 15:54:28.0115 0x0810 agp440 - ok 15:54:28.0117 0x0810 ahcache - ok 15:54:28.0118 0x0810 AJRouter - ok 15:54:28.0120 0x0810 ALG - ok 15:54:28.0122 0x0810 AmdK8 - ok 15:54:28.0124 0x0810 AmdPPM - ok 15:54:28.0125 0x0810 amdsata - ok 15:54:28.0127 0x0810 amdsbs - ok 15:54:28.0129 0x0810 amdxata - ok 15:54:28.0148 0x0810 [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe 15:54:28.0166 0x0810 AntiVirMailService - ok 15:54:28.0175 0x0810 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe 15:54:28.0184 0x0810 AntiVirSchedulerService - ok 15:54:28.0193 0x0810 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe 15:54:28.0202 0x0810 AntiVirService - ok 15:54:28.0220 0x0810 [ 9A12F8E472FE05EF653CA152050405D4, 569EA8FFDE827F850CA8E3CB747A8552FD9981E61C48C7EA55E550A6C07F770E ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe 15:54:28.0238 0x0810 AntiVirWebService - ok 15:54:28.0241 0x0810 AppHostSvc - ok 15:54:28.0243 0x0810 AppID - ok 15:54:28.0245 0x0810 AppIDSvc - ok 15:54:28.0248 0x0810 Appinfo - ok 15:54:28.0259 0x0810 [ 3E7C6639E424FD28952C29D66B7E5277, B10AD3FA5CB36328C5DF33AF58F76770E2B54CFBCB70BD84934F925B8E19FA1F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:54:28.0263 0x0810 Apple Mobile Device Service - ok 15:54:28.0265 0x0810 AppReadiness - ok 15:54:28.0267 0x0810 AppXSvc - ok 15:54:28.0268 0x0810 arcsas - ok 15:54:28.0271 0x0810 [ 4DFF4312661F54EE87DC9A13CAEE60E0, 8821D2CA4036E764EFF71108735148FF54D3275DDCE1860EC7D67B2355E8DF82 ] asahci64 C:\WINDOWS\system32\drivers\asahci64.sys 15:54:28.0275 0x0810 asahci64 - ok 15:54:28.0296 0x0810 [ E536856E96A7605EBF580D62A868E5FE, 70D0F6ECB05E923C1B274605CB3320091D35D7622003FF7E4806645519C70F01 ] ASGT C:\Windows\SysWOW64\ASGT.exe 15:54:28.0303 0x0810 ASGT - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:30.0621 0x0810 Detect skipped due to KSN trusted 15:54:30.0621 0x0810 ASGT - ok 15:54:30.0645 0x0810 aspnet_state - ok 15:54:30.0650 0x0810 AsyncMac - ok 15:54:30.0656 0x0810 atapi - ok 15:54:30.0674 0x0810 [ 4AEF9EC86818375495FB78CA58DF4E18, 0565888F798FAB86091E7A7D8E1D583DF3CC5756A12ACF04987C67C14E360DFB ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys 15:54:30.0693 0x0810 atksgt - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:33.0019 0x0810 Detect skipped due to KSN trusted 15:54:33.0019 0x0810 atksgt - ok 15:54:33.0025 0x0810 AudioEndpointBuilder - ok 15:54:33.0029 0x0810 Audiosrv - ok 15:54:33.0036 0x0810 [ AC82CC4F2A41E098EB34C0A9F8125DDC, CC416DD5FC8E14A1F99F8DF52D795CA6E16EDBF8FD7C9624B10BA83D9D954BF2 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:54:33.0044 0x0810 avgntflt - ok 15:54:33.0052 0x0810 [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:54:33.0059 0x0810 avipbb - ok 15:54:33.0062 0x0810 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 15:54:33.0067 0x0810 avkmgr - ok 15:54:33.0070 0x0810 [ 74179E7C103F3A44B33D7D982E21E35D, 7F2384B065EA9959734D65426781D901CDB0DA8DFCAD13BF05044DDF33CA5688 ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys 15:54:33.0074 0x0810 avnetflt - ok 15:54:33.0077 0x0810 AxInstSV - ok 15:54:33.0078 0x0810 b06bdrv - ok 15:54:33.0081 0x0810 BasicDisplay - ok 15:54:33.0083 0x0810 BasicRender - ok 15:54:33.0086 0x0810 bcmfn2 - ok 15:54:33.0088 0x0810 BDESVC - ok 15:54:33.0090 0x0810 Beep - ok 15:54:33.0107 0x0810 [ 2EE42E7539BBF4252F7F47B288E61CEA, 2113A7C825AE2D222FD80D092BAA254AB3EFA8A2F58EC8325837A6BC611BC715 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 15:54:33.0129 0x0810 BEService - ok 15:54:33.0133 0x0810 BFE - ok 15:54:33.0135 0x0810 BITS - ok 15:54:33.0143 0x0810 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:54:33.0152 0x0810 Bonjour Service - ok 15:54:33.0154 0x0810 bowser - ok 15:54:33.0156 0x0810 BrokerInfrastructure - ok 15:54:33.0158 0x0810 Browser - ok 15:54:33.0160 0x0810 BthAvrcpTg - ok 15:54:33.0162 0x0810 BthHFEnum - ok 15:54:33.0164 0x0810 bthhfhid - ok 15:54:33.0166 0x0810 BthHFSrv - ok 15:54:33.0168 0x0810 BTHMODEM - ok 15:54:33.0171 0x0810 bthserv - ok 15:54:33.0173 0x0810 buttonconverter - ok 15:54:33.0175 0x0810 CapImg - ok 15:54:33.0177 0x0810 cdfs - ok 15:54:33.0179 0x0810 CDPSvc - ok 15:54:33.0181 0x0810 cdrom - ok 15:54:33.0183 0x0810 CertPropSvc - ok 15:54:33.0185 0x0810 circlass - ok 15:54:33.0187 0x0810 CLFS - ok 15:54:33.0189 0x0810 ClipSVC - ok 15:54:33.0194 0x0810 CmBatt - ok 15:54:33.0195 0x0810 CNG - ok 15:54:33.0197 0x0810 cnghwassist - ok 15:54:33.0212 0x0810 CompositeBus - ok 15:54:33.0216 0x0810 COMSysApp - ok 15:54:33.0224 0x0810 condrv - ok 15:54:33.0226 0x0810 CoreMessagingRegistrar - ok 15:54:33.0231 0x0810 CryptSvc - ok 15:54:33.0233 0x0810 dam - ok 15:54:33.0236 0x0810 DcomLaunch - ok 15:54:33.0237 0x0810 DcpSvc - ok 15:54:33.0239 0x0810 defragsvc - ok 15:54:33.0241 0x0810 DeviceAssociationService - ok 15:54:33.0243 0x0810 DeviceInstall - ok 15:54:33.0245 0x0810 DevQueryBroker - ok 15:54:33.0246 0x0810 Dfsc - ok 15:54:33.0249 0x0810 Dhcp - ok 15:54:33.0251 0x0810 diagnosticshub.standardcollector.service - ok 15:54:33.0253 0x0810 DiagTrack - ok 15:54:33.0255 0x0810 disk - ok 15:54:33.0256 0x0810 DmEnrollmentSvc - ok 15:54:33.0258 0x0810 dmvsc - ok 15:54:33.0260 0x0810 dmwappushservice - ok 15:54:33.0262 0x0810 Dnscache - ok 15:54:33.0267 0x0810 dot3svc - ok 15:54:33.0269 0x0810 DPS - ok 15:54:33.0270 0x0810 drmkaud - ok 15:54:33.0272 0x0810 DsmSvc - ok 15:54:33.0274 0x0810 DsSvc - ok 15:54:33.0276 0x0810 DXGKrnl - ok 15:54:33.0278 0x0810 e1iexpress - ok 15:54:33.0280 0x0810 Eaphost - ok 15:54:33.0289 0x0810 [ B6572CC49E8D0DBCCAB230B4DAB06FB1, 8DEABC39E09ABBA51BA1739A34E77F955E0D9D77094575EBB927CA320D874B25 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe 15:54:33.0294 0x0810 EaseUS Agent - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:35.0619 0x0810 Detect skipped due to KSN trusted 15:54:35.0619 0x0810 EaseUS Agent - ok 15:54:35.0624 0x0810 ebdrv - ok 15:54:35.0629 0x0810 EFS - ok 15:54:35.0634 0x0810 EhStorClass - ok 15:54:35.0639 0x0810 EhStorTcgDrv - ok 15:54:35.0644 0x0810 embeddedmode - ok 15:54:35.0650 0x0810 EntAppSvc - ok 15:54:35.0654 0x0810 ErrDev - ok 15:54:35.0665 0x0810 [ A40A3A4653A18A0DA6522CEC69547B9F, ABB8D6C5A890D15DE9B96768BC91F48D7223C514C480706884D3C96FF539DC0D ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys 15:54:35.0675 0x0810 EUBAKUP - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:37.0999 0x0810 Detect skipped due to KSN trusted 15:54:37.0999 0x0810 EUBAKUP - ok 15:54:38.0009 0x0810 [ 23A4CFFF224CD9FA2226B64F1DCC4B4A, 67FD0393C592591CE9B87C21C78651CB73C1FB67C125B5B04D56F64C241F4F24 ] EUBKMON C:\WINDOWS\system32\drivers\EUBKMON.sys 15:54:38.0016 0x0810 EUBKMON - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:40.0342 0x0810 Detect skipped due to KSN trusted 15:54:40.0342 0x0810 EUBKMON - ok 15:54:40.0347 0x0810 [ 38A68D8706F79429ACAD043BE3533B97, 19879137A938A77DB0DD68A15BEFB2908F4D592510EBA7B676BBB43CE93E2745 ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys 15:54:40.0358 0x0810 EUDSKACS - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:42.0675 0x0810 Detect skipped due to KSN trusted 15:54:42.0675 0x0810 EUDSKACS - ok 15:54:42.0686 0x0810 [ 06BB97B21EF082703B7F3AE97F2DFFD8, E40C844E476B8500760549CF5A615A7EE094F18FA14F1C1DF08292B1B73EF804 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys 15:54:42.0709 0x0810 EUFDDISK - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:45.0030 0x0810 Detect skipped due to KSN trusted 15:54:45.0030 0x0810 EUFDDISK - ok 15:54:45.0037 0x0810 EventSystem - ok 15:54:45.0042 0x0810 exfat - ok 15:54:45.0047 0x0810 fastfat - ok 15:54:45.0052 0x0810 Fax - ok 15:54:45.0057 0x0810 fcvsc - ok 15:54:45.0060 0x0810 fdc - ok 15:54:45.0063 0x0810 fdPHost - ok 15:54:45.0066 0x0810 FDResPub - ok 15:54:45.0068 0x0810 fhsvc - ok 15:54:45.0071 0x0810 FileCrypt - ok 15:54:45.0074 0x0810 FileInfo - ok 15:54:45.0078 0x0810 Filetrace - ok 15:54:45.0080 0x0810 flpydisk - ok 15:54:45.0083 0x0810 FltMgr - ok 15:54:45.0086 0x0810 FontCache - ok 15:54:45.0089 0x0810 FontCache3.0.0.0 - ok 15:54:45.0090 0x0810 FsDepends - ok 15:54:45.0092 0x0810 Fs_Rec - ok 15:54:45.0094 0x0810 fvevol - ok 15:54:45.0096 0x0810 gagp30kx - ok 15:54:45.0098 0x0810 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:54:45.0101 0x0810 GEARAspiWDM - ok 15:54:45.0103 0x0810 gencounter - ok 15:54:45.0105 0x0810 genericusbfn - ok 15:54:45.0123 0x0810 [ 5031F3E650D242EEECEB92EB9900FB93, FB51ADB81AC3E0097362BAECEC4F0C83C46E5505277B7F35FDCE9BF88B72C963 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 15:54:45.0141 0x0810 GfExperienceService - ok 15:54:45.0144 0x0810 GPIOClx0101 - ok 15:54:45.0145 0x0810 gpsvc - ok 15:54:45.0147 0x0810 GpuEnergyDrv - ok 15:54:45.0151 0x0810 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:54:45.0156 0x0810 gupdate - ok 15:54:45.0159 0x0810 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:54:45.0164 0x0810 gupdatem - ok 15:54:45.0166 0x0810 HDAudBus - ok 15:54:45.0167 0x0810 HidBatt - ok 15:54:45.0169 0x0810 HidBth - ok 15:54:45.0171 0x0810 hidi2c - ok 15:54:45.0173 0x0810 hidinterrupt - ok 15:54:45.0174 0x0810 HidIr - ok 15:54:45.0176 0x0810 hidserv - ok 15:54:45.0177 0x0810 HidUsb - ok 15:54:45.0179 0x0810 HomeGroupListener - ok 15:54:45.0182 0x0810 HomeGroupProvider - ok 15:54:45.0183 0x0810 HpSAMD - ok 15:54:45.0185 0x0810 HTTP - ok 15:54:45.0186 0x0810 hwpolicy - ok 15:54:45.0188 0x0810 hyperkbd - ok 15:54:45.0190 0x0810 HyperVideo - ok 15:54:45.0192 0x0810 i8042prt - ok 15:54:45.0193 0x0810 iaLPSSi_GPIO - ok 15:54:45.0195 0x0810 iaLPSSi_I2C - ok 15:54:45.0206 0x0810 [ BC14E2C46AECD17D22D3356CA0A2DD4B, B325BC739019AEE9BA787BD936A660439CA861F84A3289788ADB2DD7756F632B ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys 15:54:45.0217 0x0810 iaStorA - ok 15:54:45.0219 0x0810 iaStorAV - ok 15:54:45.0221 0x0810 [ 10F228CC634E74B47FD48FDBFE0126D9, 1A761E43C4ABFCBDBD4CC1CA5630408DBFF470208E09D4A388B3B5B16CE677D1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe 15:54:45.0224 0x0810 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:48.0537 0x0810 Detect skipped due to KSN trusted 15:54:48.0537 0x0810 IAStorDataMgrSvc - ok 15:54:48.0543 0x0810 [ 0475F003D7F3A949CA5BFC56C6B1DF43, 45A586407FF543DC4135E9601D647287A0355E0D0AF9E244C6B23CE7729EF6BD ] iaStorF C:\WINDOWS\system32\drivers\iaStorF.sys 15:54:48.0553 0x0810 iaStorF - ok 15:54:48.0557 0x0810 iaStorV - ok 15:54:48.0567 0x0810 ibbus - ok 15:54:48.0575 0x0810 [ 86B750CC384F3A8B8C1D12F3188307AE, 222B271B1E958715FF54B63B4533FA24DF13191B99D1A406BF2E9A532E31FF30 ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 15:54:48.0586 0x0810 ICQ Service - ok 15:54:48.0590 0x0810 icssvc - ok 15:54:48.0595 0x0810 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:54:48.0600 0x0810 IDriverT - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:50.0920 0x0810 Detect skipped due to KSN trusted 15:54:50.0920 0x0810 IDriverT - ok 15:54:50.0927 0x0810 IEEtwCollectorService - ok 15:54:50.0933 0x0810 IKEEXT - ok 15:54:51.0035 0x0810 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys 15:54:51.0134 0x0810 IntcAzAudAddService - ok 15:54:51.0140 0x0810 intelide - ok 15:54:51.0141 0x0810 intelpep - ok 15:54:51.0143 0x0810 intelppm - ok 15:54:51.0145 0x0810 IoQos - ok 15:54:51.0147 0x0810 IpFilterDriver - ok 15:54:51.0149 0x0810 iphlpsvc - ok 15:54:51.0150 0x0810 IPMIDRV - ok 15:54:51.0152 0x0810 IPNAT - ok 15:54:51.0162 0x0810 [ 57A85230DA22ABCFD9AF2E5A3D946F41, 9E9217FF5AB64D06D79632B9F9CEDABA10F744C40896D7622D0FD397FD0E99BF ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:54:51.0173 0x0810 iPod Service - ok 15:54:51.0176 0x0810 IRENUM - ok 15:54:51.0177 0x0810 isapnp - ok 15:54:51.0179 0x0810 iScsiPrt - ok 15:54:51.0181 0x0810 kbdclass - ok 15:54:51.0183 0x0810 kbdhid - ok 15:54:51.0184 0x0810 kdnic - ok 15:54:51.0186 0x0810 KeyIso - ok 15:54:51.0187 0x0810 KSecDD - ok 15:54:51.0189 0x0810 KSecPkg - ok 15:54:51.0191 0x0810 ksthunk - ok 15:54:51.0193 0x0810 KtmRm - ok 15:54:51.0200 0x0810 [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\WINDOWS\system32\DRIVERS\ladfGSCamd64.sys 15:54:51.0210 0x0810 LADF_CaptureOnly - ok 15:54:51.0214 0x0810 [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\WINDOWS\system32\DRIVERS\ladfGSRamd64.sys 15:54:51.0219 0x0810 LADF_RenderOnly - ok 15:54:51.0221 0x0810 LanmanServer - ok 15:54:51.0222 0x0810 LanmanWorkstation - ok 15:54:51.0225 0x0810 lfsvc - ok 15:54:51.0227 0x0810 [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys 15:54:51.0237 0x0810 LGBusEnum - ok 15:54:51.0239 0x0810 [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys 15:54:51.0243 0x0810 LGCoreTemp - ok 15:54:51.0246 0x0810 [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore C:\WINDOWS\system32\drivers\LGJoyXlCore.sys 15:54:51.0253 0x0810 LGJoyXlCore - ok 15:54:51.0256 0x0810 [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys 15:54:51.0260 0x0810 LGSHidFilt - ok 15:54:51.0263 0x0810 [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys 15:54:51.0270 0x0810 LGVirHid - ok 15:54:51.0272 0x0810 [ B6552D382FF070B4ED34CBD6737277C0, 7C2C24454037170311B0267DEFB797E8DF8D157D62157D271BF7F5F74B2A12F3 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 15:54:51.0276 0x0810 LHidFilt - ok 15:54:51.0278 0x0810 LicenseManager - ok 15:54:51.0282 0x0810 [ B658B7076B1ACAA5876524595630F183, 3B800B81D0966C2B988857847F35FCA5BB446B368063B10094FB4483A1508B8E ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys 15:54:51.0285 0x0810 lirsgt - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:53.0614 0x0810 Detect skipped due to KSN trusted 15:54:53.0614 0x0810 lirsgt - ok 15:54:53.0618 0x0810 lltdio - ok 15:54:53.0624 0x0810 lltdsvc - ok 15:54:53.0629 0x0810 lmhosts - ok 15:54:53.0636 0x0810 [ 73C1F563AB73D459DFFE682D66476558, 9B8BEE384C968DC6C37DD54B9128D9C2BA92EDBF7BDF49D753AA7DB165F18D00 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 15:54:53.0647 0x0810 LMouFilt - ok 15:54:53.0654 0x0810 LSI_SAS - ok 15:54:53.0659 0x0810 LSI_SAS2i - ok 15:54:53.0664 0x0810 LSI_SAS3i - ok 15:54:53.0668 0x0810 LSI_SSS - ok 15:54:53.0671 0x0810 LSM - ok 15:54:53.0673 0x0810 luafv - ok 15:54:53.0676 0x0810 MapsBroker - ok 15:54:53.0678 0x0810 megasas - ok 15:54:53.0681 0x0810 megasr - ok 15:54:53.0685 0x0810 [ E4DD818EF22BBBF4274AF767A96D34C8, 4796F543091E2FC2F143296C71CC13BE18646261E5E293A07C5872A544933826 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys 15:54:53.0691 0x0810 MEIx64 - ok 15:54:53.0696 0x0810 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:54:53.0702 0x0810 Microsoft Office Groove Audit Service - ok 15:54:53.0704 0x0810 mlx4_bus - ok 15:54:53.0705 0x0810 MMCSS - ok 15:54:53.0707 0x0810 Modem - ok 15:54:53.0709 0x0810 monitor - ok 15:54:53.0710 0x0810 mouclass - ok 15:54:53.0712 0x0810 mouhid - ok 15:54:53.0716 0x0810 mountmgr - ok 15:54:53.0719 0x0810 [ 8C7336950F1E69CDFD811CBBD9CF00A2, 6A85107B66936B3AAB10A4209F17A72BA86923B95A334B12F48D8512EB93CBAA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:54:53.0724 0x0810 MozillaMaintenance - ok 15:54:53.0725 0x0810 mpsdrv - ok 15:54:53.0727 0x0810 MpsSvc - ok 15:54:53.0729 0x0810 MQAC - ok 15:54:53.0732 0x0810 MRxDAV - ok 15:54:53.0734 0x0810 mrxsmb - ok 15:54:53.0735 0x0810 mrxsmb10 - ok 15:54:53.0737 0x0810 mrxsmb20 - ok 15:54:53.0739 0x0810 MsBridge - ok 15:54:53.0741 0x0810 MSDTC - ok 15:54:53.0744 0x0810 Msfs - ok 15:54:53.0746 0x0810 msgpiowin32 - ok 15:54:53.0747 0x0810 mshidkmdf - ok 15:54:53.0749 0x0810 mshidumdf - ok 15:54:53.0751 0x0810 msisadrv - ok 15:54:53.0753 0x0810 MSiSCSI - ok 15:54:53.0754 0x0810 msiserver - ok 15:54:53.0756 0x0810 MSKSSRV - ok 15:54:53.0758 0x0810 MsLldp - ok 15:54:53.0759 0x0810 MSMQ - ok 15:54:53.0761 0x0810 MSPCLOCK - ok 15:54:53.0763 0x0810 MSPQM - ok 15:54:53.0765 0x0810 MsRPC - ok 15:54:53.0767 0x0810 mssmbios - ok 15:54:53.0769 0x0810 MSTEE - ok 15:54:53.0771 0x0810 MTConfig - ok 15:54:53.0772 0x0810 Mup - ok 15:54:53.0775 0x0810 [ A56731462518CCE74EB0DB38C2A04986, 0E38662CC1D90E1A2DBE0835B0C23ED81CC48868104CBF637DB1C9881821A9B9 ] mv91cons C:\WINDOWS\system32\drivers\mv91cons.sys 15:54:53.0779 0x0810 mv91cons - ok 15:54:53.0784 0x0810 [ 232DE45537AE5652C64F0B8669081D02, 5382E94E1A61C78D36C77B4ABEA62F345C715FC60D8F3D35F29363BAB1DE10CC ] mvs91xx C:\WINDOWS\system32\drivers\mvs91xx.sys 15:54:53.0792 0x0810 mvs91xx - ok 15:54:53.0794 0x0810 mvumis - ok 15:54:53.0796 0x0810 NativeWifiP - ok 15:54:53.0798 0x0810 NcaSvc - ok 15:54:53.0800 0x0810 NcbService - ok 15:54:53.0801 0x0810 NcdAutoSetup - ok 15:54:53.0803 0x0810 ndfltr - ok 15:54:53.0805 0x0810 NDIS - ok 15:54:53.0806 0x0810 NdisCap - ok 15:54:53.0808 0x0810 NdisImPlatform - ok 15:54:53.0810 0x0810 NdisTapi - ok 15:54:53.0812 0x0810 Ndisuio - ok 15:54:53.0813 0x0810 NdisVirtualBus - ok 15:54:53.0815 0x0810 NdisWan - ok 15:54:53.0817 0x0810 ndiswanlegacy - ok 15:54:53.0819 0x0810 ndproxy - ok 15:54:53.0820 0x0810 Ndu - ok 15:54:53.0823 0x0810 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\WINDOWS\System32\drivers\netaapl64.sys 15:54:53.0832 0x0810 Netaapl - ok 15:54:53.0834 0x0810 NetBIOS - ok 15:54:53.0836 0x0810 NetBT - ok 15:54:53.0838 0x0810 Netlogon - ok 15:54:53.0840 0x0810 Netman - ok 15:54:53.0844 0x0810 NetMsmqActivator - ok 15:54:53.0845 0x0810 NetPipeActivator - ok 15:54:53.0847 0x0810 netprofm - ok 15:54:53.0849 0x0810 NetSetupSvc - ok 15:54:53.0850 0x0810 NetTcpActivator - ok 15:54:53.0852 0x0810 NetTcpPortSharing - ok 15:54:53.0854 0x0810 netvsc - ok 15:54:53.0857 0x0810 NgcCtnrSvc - ok 15:54:53.0858 0x0810 NgcSvc - ok 15:54:53.0860 0x0810 NlaSvc - ok 15:54:53.0862 0x0810 Npfs - ok 15:54:53.0864 0x0810 npsvctrig - ok 15:54:53.0866 0x0810 nsi - ok 15:54:53.0867 0x0810 nsiproxy - ok 15:54:53.0870 0x0810 NTFS - ok 15:54:53.0871 0x0810 Null - ok 15:54:53.0876 0x0810 [ B9E5A80F646DDFEF158773722A466EA3, 028979FE600D17DA70445F44D81FAE4EDA3478FCC81FA5506133CCAC37C4E2BF ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys 15:54:53.0884 0x0810 NVHDA - ok 15:54:54.0033 0x0810 [ 5FB73F2354F2993136567EB209F4835A, 40EA334DEDEB76C101CC432D1D07E59F1CD123D01778BE80193F821FC211512B ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys 15:54:54.0234 0x0810 nvlddmkm - ok 15:54:54.0268 0x0810 [ 4EBEE69A8FE7DC85FD3C122821C617A0, 7193C14DEB4C5B0D86C5C6841C80879C28E1FDA8F77879EB18A3D2685C67B986 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 15:54:54.0295 0x0810 NvNetworkService - ok 15:54:54.0298 0x0810 nvraid - ok 15:54:54.0299 0x0810 nvstor - ok 15:54:54.0301 0x0810 [ 0EF30778078D7B5877F8F57151699798, B0409C79143BDBB774C3C740CCA8EB77CF67915E59EC6050DB993ED0575EC077 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 15:54:54.0305 0x0810 NvStreamKms - ok 15:54:54.0380 0x0810 [ D23A07D549243F5B77780BAA4FBF5BC3, 5BC5161CAE6BE6382BDCDE9B1CDD5F4DEBC3EA18D01B0E261AF716FDB04154BC ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe 15:54:54.0454 0x0810 NvStreamSvc - ok 15:54:54.0473 0x0810 [ AE16891F2D960D9B312D704A8122AB29, DD9767637CC34C3D0EED6243FAD3D3D321873A5B72688CAD31895655A933055F ] nvsvc C:\Windows\system32\nvvsvc.exe 15:54:54.0493 0x0810 nvsvc - ok 15:54:54.0496 0x0810 [ 4F00008B513F4019623ED61159363888, A1047FF1FCF3ED405C3426C8959AD10426F30E3F58E95BFD6ADF1DBC947AB379 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys 15:54:54.0501 0x0810 nvvad_WaveExtensible - ok 15:54:54.0502 0x0810 nv_agp - ok 15:54:54.0511 0x0810 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:54:54.0520 0x0810 odserv - ok 15:54:54.0522 0x0810 OneSyncSvc - ok 15:54:54.0639 0x0810 [ 4F9FFCF12B6ED0B4DAC95427772C226E, 4A79AEC410ED1034366FAC1388FB29381EE6541AA17E3652BE86265D09541C56 ] Origin Client Service E:\Program Files (x86)\Origin\OriginClientService.exe 15:54:54.0695 0x0810 Origin Client Service - ok 15:54:54.0700 0x0810 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:54:54.0705 0x0810 ose - ok 15:54:54.0708 0x0810 p2pimsvc - ok 15:54:54.0710 0x0810 p2psvc - ok 15:54:54.0711 0x0810 Parport - ok 15:54:54.0713 0x0810 partmgr - ok 15:54:54.0715 0x0810 PcaSvc - ok 15:54:54.0717 0x0810 pci - ok 15:54:54.0718 0x0810 pciide - ok 15:54:54.0720 0x0810 pcmcia - ok 15:54:54.0722 0x0810 pcw - ok 15:54:54.0723 0x0810 pdc - ok 15:54:54.0725 0x0810 PEAUTH - ok 15:54:54.0727 0x0810 percsas2i - ok 15:54:54.0729 0x0810 percsas3i - ok 15:54:54.0750 0x0810 PerfHost - ok 15:54:54.0754 0x0810 PimIndexMaintenanceSvc - ok 15:54:54.0756 0x0810 pla - ok 15:54:54.0758 0x0810 PlugPlay - ok 15:54:54.0761 0x0810 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 15:54:54.0769 0x0810 PnkBstrA - ok 15:54:54.0771 0x0810 PNRPAutoReg - ok 15:54:54.0772 0x0810 PNRPsvc - ok 15:54:54.0774 0x0810 PolicyAgent - ok 15:54:54.0776 0x0810 Power - ok 15:54:54.0778 0x0810 PptpMiniport - ok 15:54:54.0833 0x0810 [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 15:54:54.0917 0x0810 PrintNotify - ok 15:54:54.0921 0x0810 Processor - ok 15:54:54.0922 0x0810 ProfSvc - ok 15:54:54.0924 0x0810 Psched - ok 15:54:54.0926 0x0810 [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio C:\Windows\system32\pwdrvio.sys 15:54:54.0935 0x0810 pwdrvio - ok 15:54:54.0937 0x0810 [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio C:\Windows\system32\pwdspio.sys 15:54:54.0944 0x0810 pwdspio - ok 15:54:54.0946 0x0810 QWAVE - ok 15:54:54.0948 0x0810 QWAVEdrv - ok 15:54:54.0949 0x0810 RasAcd - ok 15:54:54.0951 0x0810 RasAgileVpn - ok 15:54:54.0953 0x0810 RasAuto - ok 15:54:54.0954 0x0810 Rasl2tp - ok 15:54:54.0956 0x0810 RasMan - ok 15:54:54.0958 0x0810 RasPppoe - ok 15:54:54.0959 0x0810 RasSstp - ok 15:54:54.0961 0x0810 rdbss - ok 15:54:54.0964 0x0810 rdpbus - ok 15:54:54.0966 0x0810 RDPDR - ok 15:54:54.0969 0x0810 RdpVideoMiniport - ok 15:54:54.0971 0x0810 rdyboost - ok 15:54:54.0973 0x0810 ReFSv1 - ok 15:54:54.0975 0x0810 RemoteAccess - ok 15:54:54.0976 0x0810 RemoteRegistry - ok 15:54:54.0978 0x0810 RetailDemo - ok 15:54:54.0980 0x0810 RpcEptMapper - ok 15:54:54.0982 0x0810 RpcLocator - ok 15:54:54.0983 0x0810 RpcSs - ok 15:54:54.0985 0x0810 rspndr - ok 15:54:54.0987 0x0810 s3cap - ok 15:54:54.0988 0x0810 SamSs - ok 15:54:54.0990 0x0810 sbp2port - ok 15:54:54.0992 0x0810 SCardSvr - ok 15:54:54.0993 0x0810 ScDeviceEnum - ok 15:54:54.0995 0x0810 scfilter - ok 15:54:54.0997 0x0810 Schedule - ok 15:54:54.0999 0x0810 SCPolicySvc - ok 15:54:55.0000 0x0810 sdbus - ok 15:54:55.0002 0x0810 SDRSVC - ok 15:54:55.0004 0x0810 sdstor - ok 15:54:55.0005 0x0810 SecDrv - ok 15:54:55.0007 0x0810 seclogon - ok 15:54:55.0009 0x0810 SENS - ok 15:54:55.0011 0x0810 SensorDataService - ok 15:54:55.0012 0x0810 SensorService - ok 15:54:55.0014 0x0810 SensrSvc - ok 15:54:55.0016 0x0810 SerCx - ok 15:54:55.0017 0x0810 SerCx2 - ok 15:54:55.0019 0x0810 Serenum - ok 15:54:55.0021 0x0810 Serial - ok 15:54:55.0022 0x0810 sermouse - ok 15:54:55.0027 0x0810 SessionEnv - ok 15:54:55.0032 0x0810 sfloppy - ok 15:54:55.0034 0x0810 SharedAccess - ok 15:54:55.0036 0x0810 ShellHWDetection - ok 15:54:55.0037 0x0810 SiSRaid2 - ok 15:54:55.0039 0x0810 SiSRaid4 - ok 15:54:55.0046 0x0810 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:54:55.0055 0x0810 SkypeUpdate - ok 15:54:55.0057 0x0810 smphost - ok 15:54:55.0059 0x0810 SmsRouter - ok 15:54:55.0063 0x0810 SNMPTRAP - ok 15:54:55.0065 0x0810 spaceport - ok 15:54:55.0066 0x0810 SpbCx - ok 15:54:55.0069 0x0810 Spooler - ok 15:54:55.0070 0x0810 sppsvc - ok 15:54:55.0072 0x0810 srv - ok 15:54:55.0074 0x0810 srv2 - ok 15:54:55.0075 0x0810 srvnet - ok 15:54:55.0077 0x0810 SSDPSRV - ok 15:54:55.0079 0x0810 SstpSvc - ok 15:54:55.0082 0x0810 StateRepository - ok 15:54:55.0095 0x0810 [ 2A6EDC2FBB4B9C11BB21BE3881C7A692, 74482CA4EC2B98C069A32C224BA5449AE10A8B41BFC053A4C23B6F65113A97A4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 15:54:55.0109 0x0810 Steam Client Service - ok 15:54:55.0117 0x0810 [ 7477A8BD87856CBDF92BBD72692649A8, D13D117506D350AAC555C2ACB1DABDFAB199A954E1220940C91F2551BEF9D2E4 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:54:55.0126 0x0810 Stereo Service - ok 15:54:55.0128 0x0810 stexstor - ok 15:54:55.0130 0x0810 [ 7C4D2F167FA6153B4FE7145FE6D3DF15, F39ED9CDF323DDC57D0F64F9CC121E911EA53819A3A941A2F6EA557C35FCB372 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys 15:54:55.0137 0x0810 StillCam - ok 15:54:55.0139 0x0810 stisvc - ok 15:54:55.0140 0x0810 storahci - ok 15:54:55.0142 0x0810 storflt - ok 15:54:55.0144 0x0810 stornvme - ok 15:54:55.0148 0x0810 storqosflt - ok 15:54:55.0150 0x0810 StorSvc - ok 15:54:55.0152 0x0810 storufs - ok 15:54:55.0153 0x0810 storvsc - ok 15:54:55.0156 0x0810 svsvc - ok 15:54:55.0171 0x0810 swenum - ok 15:54:55.0172 0x0810 swprv - ok 15:54:55.0174 0x0810 Synth3dVsc - ok 15:54:55.0176 0x0810 SysMain - ok 15:54:55.0177 0x0810 SystemEventsBroker - ok 15:54:55.0179 0x0810 TabletInputService - ok 15:54:55.0181 0x0810 TapiSrv - ok 15:54:55.0182 0x0810 Tcpip - ok 15:54:55.0184 0x0810 Tcpip6 - ok 15:54:55.0186 0x0810 tcpipreg - ok 15:54:55.0189 0x0810 tdx - ok 15:54:55.0268 0x0810 [ 8305FB462C325A67628E0556DF244B8B, 4ABD5D14E64BE07DD9332E39C3B902A40BD1E763A075F68F0048A7FAEB3019D5 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 15:54:55.0343 0x0810 TeamViewer - ok 15:54:55.0349 0x0810 terminpt - ok 15:54:55.0351 0x0810 TermService - ok 15:54:55.0352 0x0810 Themes - ok 15:54:55.0354 0x0810 tiledatamodelsvc - ok 15:54:55.0356 0x0810 TimeBroker - ok 15:54:55.0357 0x0810 TPM - ok 15:54:55.0359 0x0810 TrkWks - ok 15:54:55.0361 0x0810 TrustedInstaller - ok 15:54:55.0365 0x0810 TsUsbFlt - ok 15:54:55.0367 0x0810 TsUsbGD - ok 15:54:55.0369 0x0810 tunnel - ok 15:54:55.0370 0x0810 uagp35 - ok 15:54:55.0372 0x0810 UASPStor - ok 15:54:55.0374 0x0810 UcmCx0101 - ok 15:54:55.0376 0x0810 UcmUcsi - ok 15:54:55.0377 0x0810 Ucx01000 - ok 15:54:55.0379 0x0810 UdeCx - ok 15:54:55.0381 0x0810 udfs - ok 15:54:55.0382 0x0810 UEFI - ok 15:54:55.0384 0x0810 Ufx01000 - ok 15:54:55.0386 0x0810 UfxChipidea - ok 15:54:55.0388 0x0810 ufxsynopsys - ok 15:54:55.0391 0x0810 UI0Detect - ok 15:54:55.0393 0x0810 uliagpkx - ok 15:54:55.0394 0x0810 umbus - ok 15:54:55.0396 0x0810 UmPass - ok 15:54:55.0398 0x0810 UmRdpService - ok 15:54:55.0400 0x0810 UnistoreSvc - ok 15:54:55.0402 0x0810 upnphost - ok 15:54:55.0404 0x0810 UrsChipidea - ok 15:54:55.0406 0x0810 UrsCx01000 - ok 15:54:55.0407 0x0810 UrsSynopsys - ok 15:54:55.0410 0x0810 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys 15:54:55.0419 0x0810 USBAAPL64 - ok 15:54:55.0421 0x0810 usbaudio - ok 15:54:55.0423 0x0810 usbccgp - ok 15:54:55.0424 0x0810 usbcir - ok 15:54:55.0427 0x0810 usbehci - ok 15:54:55.0428 0x0810 usbhub - ok 15:54:55.0430 0x0810 USBHUB3 - ok 15:54:55.0432 0x0810 usbohci - ok 15:54:55.0434 0x0810 usbprint - ok 15:54:55.0436 0x0810 usbser - ok 15:54:55.0437 0x0810 USBSTOR - ok 15:54:55.0439 0x0810 usbuhci - ok 15:54:55.0441 0x0810 USBXHCI - ok 15:54:55.0443 0x0810 UserDataSvc - ok 15:54:55.0445 0x0810 UserManager - ok 15:54:55.0447 0x0810 UsoSvc - ok 15:54:55.0448 0x0810 VaultSvc - ok 15:54:55.0450 0x0810 vdrvroot - ok 15:54:55.0452 0x0810 vds - ok 15:54:55.0453 0x0810 VerifierExt - ok 15:54:55.0455 0x0810 vhdmp - ok 15:54:55.0457 0x0810 vhf - ok 15:54:55.0459 0x0810 vmbus - ok 15:54:55.0460 0x0810 VMBusHID - ok 15:54:55.0462 0x0810 vmicguestinterface - ok 15:54:55.0464 0x0810 vmicheartbeat - ok 15:54:55.0466 0x0810 vmickvpexchange - ok 15:54:55.0467 0x0810 vmicrdv - ok 15:54:55.0469 0x0810 vmicshutdown - ok 15:54:55.0470 0x0810 vmictimesync - ok 15:54:55.0472 0x0810 vmicvmsession - ok 15:54:55.0473 0x0810 vmicvss - ok 15:54:55.0475 0x0810 volmgr - ok 15:54:55.0477 0x0810 volmgrx - ok 15:54:55.0479 0x0810 volsnap - ok 15:54:55.0480 0x0810 vpci - ok 15:54:55.0482 0x0810 vsmraid - ok 15:54:55.0484 0x0810 VSS - ok 15:54:55.0485 0x0810 VSTXRAID - ok 15:54:55.0487 0x0810 vwifibus - ok 15:54:55.0489 0x0810 vwififlt - ok 15:54:55.0491 0x0810 W32Time - ok 15:54:55.0493 0x0810 w3logsvc - ok 15:54:55.0494 0x0810 W3SVC - ok 15:54:55.0496 0x0810 WacomPen - ok 15:54:55.0498 0x0810 WalletService - ok 15:54:55.0499 0x0810 wanarp - ok 15:54:55.0501 0x0810 wanarpv6 - ok 15:54:55.0503 0x0810 WAS - ok 15:54:55.0504 0x0810 wbengine - ok 15:54:55.0506 0x0810 WbioSrvc - ok 15:54:55.0508 0x0810 Wcmsvc - ok 15:54:55.0510 0x0810 wcncsvc - ok 15:54:55.0511 0x0810 WcsPlugInService - ok 15:54:55.0513 0x0810 WdBoot - ok 15:54:55.0515 0x0810 Wdf01000 - ok 15:54:55.0516 0x0810 WdFilter - ok 15:54:55.0518 0x0810 WdiServiceHost - ok 15:54:55.0520 0x0810 WdiSystemHost - ok 15:54:55.0521 0x0810 wdiwifi - ok 15:54:55.0523 0x0810 WdNisDrv - ok 15:54:55.0525 0x0810 WdNisSvc - ok 15:54:55.0527 0x0810 WebClient - ok 15:54:55.0528 0x0810 Wecsvc - ok 15:54:55.0530 0x0810 WEPHOSTSVC - ok 15:54:55.0532 0x0810 wercplsupport - ok 15:54:55.0533 0x0810 WerSvc - ok 15:54:55.0535 0x0810 wfpcapture - ok 15:54:55.0537 0x0810 WFPLWFS - ok 15:54:55.0538 0x0810 WiaRpc - ok 15:54:55.0540 0x0810 WIMMount - ok 15:54:55.0541 0x0810 WinDefend - ok 15:54:55.0545 0x0810 WindowsTrustedRT - ok 15:54:55.0547 0x0810 WindowsTrustedRTProxy - ok 15:54:55.0549 0x0810 WinHttpAutoProxySvc - ok 15:54:55.0551 0x0810 WinMad - ok 15:54:55.0555 0x0810 Winmgmt - ok 15:54:55.0556 0x0810 WinRM - ok 15:54:55.0559 0x0810 WINUSB - ok 15:54:55.0561 0x0810 WinVerbs - ok 15:54:55.0563 0x0810 WlanSvc - ok 15:54:55.0565 0x0810 wlidsvc - ok 15:54:55.0566 0x0810 WmiAcpi - ok 15:54:55.0569 0x0810 wmiApSrv - ok 15:54:55.0571 0x0810 WMPNetworkSvc - ok 15:54:55.0573 0x0810 Wof - ok 15:54:55.0575 0x0810 workfolderssvc - ok 15:54:55.0577 0x0810 wpcfltr - ok 15:54:55.0580 0x0810 WPDBusEnum - ok 15:54:55.0582 0x0810 WpdUpFltr - ok 15:54:55.0583 0x0810 WpnService - ok 15:54:55.0585 0x0810 ws2ifsl - ok 15:54:55.0587 0x0810 wscsvc - ok 15:54:55.0588 0x0810 WSDPrintDevice - ok 15:54:55.0590 0x0810 WSDScan - ok 15:54:55.0592 0x0810 WSearch - ok 15:54:55.0596 0x0810 WSService - ok 15:54:55.0597 0x0810 wuauserv - ok 15:54:55.0599 0x0810 WudfPf - ok 15:54:55.0601 0x0810 WUDFRd - ok 15:54:55.0603 0x0810 wudfsvc - ok 15:54:55.0604 0x0810 WUDFWpdFs - ok 15:54:55.0606 0x0810 WUDFWpdMtp - ok 15:54:55.0608 0x0810 WwanSvc - ok 15:54:55.0609 0x0810 XblAuthManager - ok 15:54:55.0611 0x0810 XblGameSave - ok 15:54:55.0614 0x0810 xboxgip - ok 15:54:55.0616 0x0810 XboxNetApiSvc - ok 15:54:55.0618 0x0810 xinputhid - ok 15:54:55.0619 0x0810 ================ Scan global =============================== 15:54:55.0626 0x0810 [ Global ] - ok 15:54:55.0626 0x0810 ================ Scan MBR ================================== 15:54:55.0627 0x0810 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 15:54:55.0652 0x0810 \Device\Harddisk1\DR1 - ok 15:54:55.0653 0x0810 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:54:55.0697 0x0810 \Device\Harddisk0\DR0 - ok 15:54:55.0697 0x0810 ================ Scan VBR ================================== 15:54:55.0698 0x0810 [ A3231EAAA0E80DEFC8DB538E8B06DF0B ] \Device\Harddisk1\DR1\Partition1 15:54:55.0699 0x0810 \Device\Harddisk1\DR1\Partition1 - ok 15:54:55.0700 0x0810 [ 8DE403B6B6D0A6C4A0B18AAF4A49487B ] \Device\Harddisk1\DR1\Partition2 15:54:55.0701 0x0810 \Device\Harddisk1\DR1\Partition2 - ok 15:54:55.0702 0x0810 [ F3C37D13917630C1CDB12EF7C57CB9A9 ] \Device\Harddisk0\DR0\Partition1 15:54:55.0743 0x0810 \Device\Harddisk0\DR0\Partition1 - ok 15:54:55.0744 0x0810 ================ Scan generic autorun ====================== 15:54:55.0968 0x0810 [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 15:54:56.0146 0x0810 RTHDVCPL - ok 15:54:56.0189 0x0810 [ 8F82FFC6CD0F4C83F4565E1A40332CCD, 45D17603664CBE2C4236AEDB3C21D585C8225A3D3B1118365EE2C6BFDB8A7890 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 15:54:56.0225 0x0810 NvBackend - ok 15:54:56.0227 0x0810 ShadowPlay - ok 15:54:56.0431 0x0810 [ 4914D5FCBE8C478DCCDCB58945EEFAFC, A59B49114429A4DB8789AD7DE35C44B8EED0BF5B39A1814512DD91DB2F94FCCB ] C:\Program Files\Logitech Gaming Software\LCore.exe 15:54:56.0617 0x0810 Launch LCore - ok 15:54:56.0696 0x0810 [ 6D44DE61A0BC7EE359D65992665C6432, 5A3C2D57A293B9BDD7CB1A4AA0ACF19374866F8A88EF132E350E5973CB4F7662 ] E:\Program Files\iTunes\iTunesHelper.exe 15:54:56.0710 0x0810 iTunesHelper - ok 15:54:56.0723 0x0810 [ 994B8BF5CA5FD971647DD9E41630973E, 062A8F2D3E40BC0D8B53030507AA04C348AB52843EF78ED63BDE5233C607BECA ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe 15:54:56.0736 0x0810 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 ) 15:54:59.0061 0x0810 Detect skipped due to KSN trusted 15:54:59.0061 0x0810 IAStorIcon - ok 15:54:59.0067 0x0810 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe 15:54:59.0079 0x0810 GrooveMonitor - ok 15:54:59.0106 0x0810 [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe 15:54:59.0127 0x0810 avgnt - ok 15:54:59.0137 0x0810 [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 15:54:59.0148 0x0810 SunJavaUpdateSched - ok 15:54:59.0168 0x0810 OneDriveSetup - ok 15:54:59.0169 0x0810 OneDriveSetup - ok 15:54:59.0200 0x0810 [ F34001FB7E4EA94D404339CD8B15D84C, 7E76FD43729CE6B6F29C2ED4F6B41BE3232390D9E6224F65AB506C0846BB557D ] C:\Users\Sven\AppData\Roaming\Spotify\SpotifyWebHelper.exe 15:54:59.0230 0x0810 Spotify Web Helper - ok 15:54:59.0356 0x0810 [ 86BF17A265E1B4BA41325623EC132E66, 4414B5F01A78B76BFC1A7C39F595645A09E674FA6DE7991F31BA6673EEB23F9E ] E:\Program Files (x86)\Steam\steam.exe 15:54:59.0397 0x0810 Steam - ok 15:54:59.0399 0x0810 OneDriveSetup - ok 15:54:59.0400 0x0810 Waiting for KSN requests completion. In queue: 48 15:55:00.0400 0x0810 Waiting for KSN requests completion. In queue: 48 15:55:01.0401 0x0810 Waiting for KSN requests completion. In queue: 48 15:55:01.0753 0x1098 Object required for P2P: [ 8305FB462C325A67628E0556DF244B8B ] TeamViewer 15:55:02.0401 0x0810 Waiting for KSN requests completion. In queue: 11 15:55:03.0401 0x0810 Waiting for KSN requests completion. In queue: 11 15:55:04.0345 0x1098 Object send P2P result: true 15:55:04.0417 0x0810 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated ) 15:55:04.0421 0x0810 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated ) 15:55:04.0453 0x0810 Win FW state via NFP2: enabled ( trusted ) 15:55:06.0868 0x0810 ============================================================ 15:55:06.0868 0x0810 Scan finished 15:55:06.0868 0x0810 ============================================================ 15:55:06.0881 0x05b0 Detected object count: 0 15:55:06.0881 0x05b0 Actual detected object count: 0 Gruß |
02.10.2015, 15:56 | #5 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.10.2015, 16:56 | #6 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 02.10.2015 Suchlaufzeit: 17:29 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.10.02.05 Rootkit-Datenbank: v2015.09.22.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Sven Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 515716 Abgelaufene Zeit: 7 Min., 29 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.ICQToolbar, C:\Program Files (x86)\ICQ6Toolbar, Löschen bei Neustart, [260767ebb0dbdd59375993928d76ef11], Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 10 Home x64 Ran by Sven on 02.10.2015 at 17:50:44,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\WINDOWS\SysWOW64\RENDAC8.tmp ~~~ Folders Successfully deleted: [Folder] C:\Users\Sven\AppData\Roaming\getrighttogo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.10.2015 at 17:51:42,40 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v5.009 - Bericht erstellt am 02/10/2015 um 17:46:53 # Aktualisiert am 27/09/2015 von Xplode # Datenbank : 2015-09-30.1 [Server] # Betriebssystem : Windows 10 Home (x64) # Benutzername : Sven - SVEN-PC # Gestartet von : E:\Imaginärer Desktop\Downloads\AdwCleaner_5.009.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\ProgramData\RegClean [-] Ordner Gelöscht : C:\Users\Sven\AppData\Local\YSearchUtil [-] Ordner Gelöscht : C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software [-] Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil ***** [ Dateien ] ***** ***** [ Verknüpfungen ] ***** ***** [ Geplante Tasks ] ***** [-] Task Gelöscht : Adobe Flash Player Updater ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar [-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} [-] Schlüssel Gelöscht : HKCU\Software\APN PIP [-] Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar [-] Schlüssel Gelöscht : HKCU\Software\OCS [-] Schlüssel Gelöscht : HKCU\Software\smarttweak [-] Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar [-] Schlüssel Gelöscht : HKLM\SOFTWARE\PIP [-] Schlüssel Gelöscht : HKLM\SOFTWARE\systweak [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200 [!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\APN PIP [!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\ICQ\ICQToolbar [!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS [!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\smarttweak [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\systweak [!] Daten Nicht Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] [!] Daten Nicht Wiederhergestellt : HKU\S-1-5-21-2376779872-2597445691-444311316-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search] ***** [ Internetbrowser ] ***** [-] [C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.installsource", "1"); [-] [C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\prefs.js] [Preference] Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes"); ************************* :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2876 Bytes] ########## Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015 durchgeführt von Sven (Administrator) auf SVEN-PC (02-10-2015 17:53:39) Gestartet von C:\Users\Sven\Desktop Geladene Profile: Sven (Verfügbare Profile: Sven & DefaultAppPool) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Mozilla Corporation) E:\Mozilla\firefox.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Mozilla Corporation) E:\Mozilla\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.) HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-10-12] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Run: [Spotify Web Helper] => C:\Users\Sven\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-05] (Spotify Ltd) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\MountPoints2: {42a026c9-342a-11e4-9c33-806e6f6e6963} - "F:\autorun.exe" Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2013-01-04] ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{b4064000-a755-4536-826f-dd0fcd003147}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e4098305-1e64-4aa0-84a3-af8930013e28}: [DhcpNameServer] 139.7.30.126 139.7.30.125 Internet Explorer: ================== HKU\S-1-5-21-2376779872-2597445691-444311316-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> {F8BF49F2-E55D-45A6-AE48-91858F3A84AD} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default FF Homepage: hxxps://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2376779872-2597445691-444311316-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2376779872-2597445691-444311316-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-15] () FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\google-images.xml [2014-09-16] FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\google-maps.xml [2014-09-16] FF Extension: Cliqz - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\Extensions\cliqz@cliqz.com.xpi [2014-09-16] FF HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\extensions\cliqz@cliqz.com => nicht gefunden StartMenuInternet: FIREFOX.EXE - E:\Mozilla\firefox.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148688 2015-09-24] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [Datei ist nicht signiert] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-07-27] () S2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37448 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-10-12] (Intel Corporation) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMService; E:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-04] (Microsoft Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation) S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts) S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] () S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-04] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-02-02] () [Datei ist nicht signiert] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-24] (Avira Operations GmbH & Co. KG) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2014-08-14] () [Datei ist nicht signiert] R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-10-12] (Intel Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-02-02] () [Datei ist nicht signiert] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2015-08-11] (Macrovision Europe Ltd) [Datei ist nicht signiert] S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-02 17:53 - 2015-10-02 17:53 - 00017941 _____ C:\Users\Sven\Desktop\FRST.txt 2015-10-02 17:52 - 2015-10-02 17:52 - 00002975 _____ C:\Users\Sven\Desktop\AdwCleaner[C1].txt 2015-10-02 17:51 - 2015-10-02 17:51 - 00000738 _____ C:\Users\Sven\Desktop\JRT.txt 2015-10-02 17:48 - 2015-10-02 17:48 - 00016148 _____ C:\WINDOWS\system32\SVEN-PC_Sven_HistoryPrediction.bin 2015-10-02 17:42 - 2015-10-02 17:42 - 00001278 _____ C:\Users\Sven\Desktop\mbam.txt 2015-10-02 17:40 - 2015-10-02 17:48 - 00018834 _____ C:\WINDOWS\PFRO.log 2015-10-02 17:27 - 2015-10-02 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-10-02 17:27 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-10-02 17:27 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-10-02 17:24 - 2015-10-02 17:24 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-10-01 15:26 - 2015-10-02 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-01 15:25 - 2015-10-02 17:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-10-01 15:25 - 2015-10-02 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-10-01 15:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-10-01 13:30 - 2015-09-25 02:13 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-10-01 13:30 - 2015-09-25 01:24 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2015-10-01 13:30 - 2015-09-25 01:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2015-10-01 13:30 - 2015-09-25 01:23 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-10-01 13:30 - 2015-09-25 01:17 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-10-01 13:30 - 2015-09-25 01:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-10-01 13:30 - 2015-09-25 01:07 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-10-01 13:30 - 2015-09-25 01:06 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2015-10-01 13:30 - 2015-09-25 01:05 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2015-10-01 13:30 - 2015-09-25 01:01 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2015-10-01 13:30 - 2015-09-25 01:00 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-10-01 13:30 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2015-10-01 13:30 - 2015-09-25 01:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2015-10-01 13:30 - 2015-09-25 00:53 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2015-10-01 13:30 - 2015-09-25 00:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2015-10-01 13:30 - 2015-09-25 00:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2015-10-01 13:30 - 2015-09-25 00:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2015-10-01 13:30 - 2015-09-25 00:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2015-10-01 13:30 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2015-10-01 13:30 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-10-01 13:30 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2015-10-01 13:30 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-10-01 13:30 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-10-01 13:30 - 2015-09-17 08:49 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-01 13:30 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2015-10-01 13:30 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2015-10-01 13:30 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys 2015-10-01 13:30 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2015-10-01 13:30 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-10-01 13:30 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-10-01 13:30 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-10-01 13:30 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2015-10-01 13:30 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-10-01 13:30 - 2015-09-17 08:39 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-10-01 13:30 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2015-10-01 13:30 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-10-01 13:30 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2015-10-01 13:30 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-10-01 13:30 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2015-10-01 13:30 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2015-10-01 13:30 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-10-01 13:30 - 2015-09-17 08:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-10-01 13:30 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-10-01 13:30 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-10-01 13:30 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2015-10-01 13:30 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-10-01 13:30 - 2015-09-17 08:12 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-10-01 13:30 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-10-01 13:30 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-10-01 13:30 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll 2015-10-01 13:30 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2015-10-01 13:30 - 2015-09-17 08:07 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-10-01 13:30 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-10-01 13:30 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-10-01 13:30 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-10-01 13:30 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-10-01 13:30 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-10-01 13:30 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-10-01 13:30 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2015-10-01 13:30 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2015-10-01 13:30 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2015-10-01 13:30 - 2015-09-17 08:00 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll 2015-10-01 13:30 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2015-10-01 13:30 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-10-01 13:30 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2015-10-01 13:30 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-10-01 13:30 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-10-01 13:30 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-10-01 13:30 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2015-10-01 13:30 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2015-10-01 13:30 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2015-10-01 13:30 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2015-10-01 13:30 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-10-01 13:30 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2015-10-01 13:30 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2015-10-01 13:30 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-10-01 13:30 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2015-10-01 13:30 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2015-10-01 13:30 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-10-01 13:30 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-10-01 13:30 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2015-10-01 13:30 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-10-01 13:30 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-10-01 13:30 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2015-10-01 13:30 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-10-01 13:30 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2015-10-01 13:30 - 2015-09-17 07:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-10-01 13:30 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2015-10-01 13:30 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2015-10-01 13:30 - 2015-09-17 07:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-10-01 13:30 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2015-10-01 13:30 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-10-01 13:30 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2015-10-01 13:30 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2015-10-01 13:30 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-10-01 13:30 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-10-01 13:29 - 2015-09-25 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2015-10-01 13:29 - 2015-09-25 02:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2015-10-01 13:29 - 2015-09-25 01:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2015-10-01 13:29 - 2015-09-25 01:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2015-10-01 13:29 - 2015-09-25 01:01 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2015-10-01 13:29 - 2015-09-25 01:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2015-10-01 13:29 - 2015-09-25 00:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2015-10-01 13:29 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-10-01 13:29 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-10-01 13:29 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-10-01 13:29 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-10-01 13:29 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-10-01 13:29 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2015-10-01 13:29 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-10-01 13:29 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2015-10-01 13:29 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2015-10-01 13:29 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-10-01 13:29 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-10-01 13:29 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-10-01 13:29 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2015-10-01 13:29 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2015-10-01 13:29 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2015-10-01 13:29 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2015-10-01 13:29 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-10-01 13:29 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 13:29 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll 2015-10-01 13:29 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2015-10-01 13:29 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-10-01 13:29 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2015-10-01 13:29 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-10-01 13:29 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll 2015-10-01 13:29 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll 2015-10-01 13:29 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-10-01 13:29 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll 2015-10-01 13:29 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2015-10-01 13:29 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2015-10-01 13:29 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-10-01 13:29 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 13:29 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll 2015-10-01 13:29 - 2015-09-17 07:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2015-10-01 13:29 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2015-10-01 13:25 - 2015-10-02 17:53 - 00000000 ____D C:\FRST 2015-10-01 13:25 - 2015-10-01 13:25 - 02192384 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe 2015-10-01 13:24 - 2015-10-02 17:46 - 00000000 ____D C:\AdwCleaner 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\Program Files\iPod 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files\Bonjour 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Program Files (x86)\WestwoodOnline 2015-09-14 18:31 - 2015-09-14 18:31 - 00004096 ____H C:\Users\Sven\AppData\Local\keyfile3.drm 2015-09-12 17:50 - 2015-09-28 15:39 - 00001677 _____ C:\WINDOWS\setupact.log 2015-09-12 17:50 - 2015-09-12 17:50 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-09-11 18:09 - 2015-09-19 17:25 - 00018887 _____ C:\WINDOWS\Directx.log 2015-09-11 18:03 - 2015-10-02 17:48 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Program Files (x86)\directx 2015-09-09 16:29 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-09 16:29 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-09 16:29 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-09 16:29 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-09 16:29 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-09 16:29 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-09 16:29 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-09 16:29 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-09 16:29 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-09 16:29 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-09 16:29 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-09 16:29 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-09 16:29 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-09 16:29 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-09 16:29 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-09 16:29 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-09 16:29 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-09 16:29 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-09 16:29 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-02 17:48 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-02 17:48 - 2013-06-09 13:03 - 00000000 ____D C:\ProgramData\NVIDIA 2015-10-02 17:48 - 2013-01-04 17:47 - 00000316 _____ C:\WINDOWS\Tasks\GlaryInitialize.job 2015-10-02 17:48 - 2013-01-04 16:59 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-02 17:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-02 17:47 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI 2015-10-02 17:41 - 2013-01-04 16:59 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-02 17:40 - 2013-01-04 17:05 - 00000000 ____D C:\WINDOWS\Downloaded Installations 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-10-02 17:37 - 2013-08-15 23:17 - 00000000 ____D C:\ProgramData\ICQ 2015-10-02 16:23 - 2015-08-31 10:20 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2CBD864-49DA-492E-B3F2-9E4431FFA505} 2015-10-02 14:48 - 2014-07-13 16:16 - 00000000 ____D C:\Users\Sven\AppData\Local\Battle.net 2015-10-02 14:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-10-02 14:24 - 2014-07-13 16:16 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-10-01 15:44 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-28 21:33 - 2015-08-04 12:32 - 02080612 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-28 21:33 - 2015-07-10 18:34 - 00884716 _____ C:\WINDOWS\system32\perfh007.dat 2015-09-28 21:33 - 2015-07-10 18:34 - 00196348 _____ C:\WINDOWS\system32\perfc007.dat 2015-09-28 16:55 - 2013-01-04 17:55 - 00000000 ___RD C:\Users\Sven\Desktop\Programme 2015-09-28 16:02 - 2015-01-30 12:54 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-09-28 16:02 - 2013-01-07 22:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-28 16:01 - 2013-01-07 22:45 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-24 13:27 - 2015-07-19 19:37 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-09-24 13:27 - 2015-07-19 19:37 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-09-22 22:12 - 2013-01-04 17:49 - 00000000 ____D C:\ProgramData\Origin 2015-09-20 22:11 - 2015-08-04 12:34 - 00000000 ____D C:\Users\Sven 2015-09-20 21:22 - 2013-01-04 20:49 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2015-09-20 21:22 - 2013-01-04 20:49 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-09-20 16:35 - 2013-01-05 18:52 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2015-09-19 17:26 - 2013-01-04 17:56 - 00000000 ____D C:\Users\Sven\Desktop\Spiele 2015-09-17 19:27 - 2013-01-14 20:34 - 00000000 ____D C:\Users\Sven\AppData\Local\Spotify 2015-09-17 19:20 - 2013-01-14 20:34 - 00000000 ____D C:\Users\Sven\AppData\Roaming\Spotify 2015-09-16 14:26 - 2015-08-04 13:18 - 00000000 ____D C:\Users\Sven\AppData\Local\Packages 2015-09-15 19:36 - 2013-01-04 16:59 - 00004192 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-15 19:36 - 2013-01-04 16:59 - 00003960 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-13 22:17 - 2013-04-13 23:38 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc 2015-09-11 18:09 - 2013-01-20 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2015-09-11 17:49 - 2015-07-10 14:20 - 00341624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-11 17:48 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-11 14:48 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache 2015-09-09 19:27 - 2015-07-10 12:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll 2015-09-09 19:26 - 2013-01-04 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-09 17:35 - 2013-01-05 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 17:34 - 2013-08-14 15:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-06 21:36 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-09-06 15:46 - 2013-01-04 17:03 - 00090432 _____ C:\Users\Sven\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-06 14:37 - 2015-08-04 13:25 - 00000000 ____D C:\Windows.old 2015-09-02 20:07 - 2015-04-04 01:04 - 00000000 ____D C:\Users\Sven\AppData\Roaming\dvdcss 2015-09-02 16:41 - 2015-08-04 19:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-09-14 18:31 - 2015-09-14 18:31 - 0004096 ____H () C:\Users\Sven\AppData\Local\keyfile3.drm 2014-02-03 18:35 - 2014-02-03 18:35 - 0000836 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel 2013-01-04 17:16 - 2013-01-04 17:16 - 0000017 _____ () C:\Users\Sven\AppData\Local\resmon.resmoncfg 2015-01-18 01:06 - 2015-01-18 01:06 - 0014456 _____ () C:\Users\Sven\AppData\Local\WiDiSetupLog.20150118.000632.wdl 2015-01-18 01:06 - 2015-01-18 01:07 - 0015214 _____ () C:\Users\Sven\AppData\Local\WiDiSetupLog.20150118.000652.wdl 2015-08-04 12:28 - 2015-08-04 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Sven\AppData\Local\Temp\avgnt.exe C:\Users\Sven\AppData\Local\Temp\sqlite3.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary5714788249305721880.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary8971995279134278962.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary9086440515081223896.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-01 13:50 ==================== Ende von FRST.txt ============================ |
03.10.2015, 11:34 | #7 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt Passwort vom Mail Account geändert? ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.10.2015, 19:06 | #8 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Passwort mehrmals gewechselt. Werde es jetzt nochmals ändern. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=63419cd2aa0d0d48839126775844395c # end=init # utc_time=2015-10-03 10:38:37 # local_time=2015-10-03 12:38:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 26060 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=63419cd2aa0d0d48839126775844395c # end=updated # utc_time=2015-10-03 10:44:17 # local_time=2015-10-03 12:44:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=63419cd2aa0d0d48839126775844395c # engine=26060 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-10-03 10:57:22 # local_time=2015-10-03 12:57:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 3004420 7343854 0 0 # scanned=49557 # found=0 # cleaned=0 # scan_time=785 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=63419cd2aa0d0d48839126775844395c # end=init # utc_time=2015-10-03 04:15:52 # local_time=2015-10-03 06:15:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 26063 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=63419cd2aa0d0d48839126775844395c # end=updated # utc_time=2015-10-03 04:16:24 # local_time=2015-10-03 06:16:24 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=63419cd2aa0d0d48839126775844395c # engine=26063 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-10-03 05:59:31 # local_time=2015-10-03 07:59:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 26406 7369183 0 0 # scanned=520265 # found=2 # cleaned=0 # scan_time=6186 sh=62BFF91A7E351CB1A21EF92320815874B2D2DFA8 ft=1 fh=fc2555afc5bde153 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sven\AppData\Local\Temp\DMR\dmr_72.exe" sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\CPUID\PC Wizard 2013\systweakasp_c.exe" Code:
ATTFilter Results of screen317's Security Check version 1.008 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Windows Defender Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 60 Adobe Flash Player 19.0.0.185 Adobe Reader XI Mozilla Firefox 17.0.1 Firefox out of Date! Mozilla Thunderbird 17.0. Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Avira Antivirus sched.exe Avira Antivirus avshadow.exe Avira Antivirus avmailc7.exe Avira Antivirus avwebg7.exe Windows Defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015 durchgeführt von Sven (Administrator) auf SVEN-PC (03-10-2015 20:04:32) Gestartet von C:\Users\Sven\Desktop Geladene Profile: Sven (Verfügbare Profile: Sven & DefaultAppPool) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe () C:\Windows\SysWOW64\ASGT.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Windows\System32\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Sven\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) E:\Mozilla\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.) HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-10-12] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Run: [Spotify Web Helper] => C:\Users\Sven\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-05] (Spotify Ltd) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation) HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\MountPoints2: {42a026c9-342a-11e4-9c33-806e6f6e6963} - "F:\autorun.exe" Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2013-01-04] ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{b4064000-a755-4536-826f-dd0fcd003147}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{e4098305-1e64-4aa0-84a3-af8930013e28}: [DhcpNameServer] 139.7.30.126 139.7.30.125 Internet Explorer: ================== HKU\S-1-5-21-2376779872-2597445691-444311316-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = SearchScopes: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> {F8BF49F2-E55D-45A6-AE48-91858F3A84AD} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2376779872-2597445691-444311316-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default FF Homepage: hxxps://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [Keine Datei] FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2376779872-2597445691-444311316-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2376779872-2597445691-444311316-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-15] () FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\google-images.xml [2014-09-16] FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\searchplugins\google-maps.xml [2014-09-16] FF Extension: Cliqz - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\Extensions\cliqz@cliqz.com.xpi [2014-09-16] FF HKU\S-1-5-21-2376779872-2597445691-444311316-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\yhab8cni.default\extensions\cliqz@cliqz.com => nicht gefunden StartMenuInternet: FIREFOX.EXE - E:\Mozilla\firefox.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148688 2015-09-24] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [Datei ist nicht signiert] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-07-27] () R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37448 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-10-12] (Intel Corporation) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] S2 MBAMService; E:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-04] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation) S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-29] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-04] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-04] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-02-02] () [Datei ist nicht signiert] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-24] (Avira Operations GmbH & Co. KG) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2014-08-14] () [Datei ist nicht signiert] R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2014-08-14] (CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert] R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-10-12] (Intel Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-02-02] () [Datei ist nicht signiert] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2015-08-11] (Macrovision Europe Ltd) [Datei ist nicht signiert] S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-03 20:04 - 2015-10-03 20:04 - 00019921 _____ C:\Users\Sven\Desktop\FRST.txt 2015-10-03 20:04 - 2015-10-03 20:04 - 00000000 ____D C:\Users\Sven\Desktop\FRST-OlderVersion 2015-10-03 19:55 - 2015-10-03 19:55 - 00016148 _____ C:\WINDOWS\system32\SVEN-PC_Sven_HistoryPrediction.bin 2015-10-02 17:40 - 2015-10-02 17:48 - 00018834 _____ C:\WINDOWS\PFRO.log 2015-10-02 17:27 - 2015-10-02 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-10-02 17:27 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-10-02 17:27 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-10-02 17:24 - 2015-10-02 17:24 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-10-01 15:26 - 2015-10-02 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-01 15:25 - 2015-10-02 17:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-10-01 15:25 - 2015-10-02 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-10-01 15:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-10-01 13:30 - 2015-09-25 02:13 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-10-01 13:30 - 2015-09-25 01:24 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2015-10-01 13:30 - 2015-09-25 01:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2015-10-01 13:30 - 2015-09-25 01:23 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-10-01 13:30 - 2015-09-25 01:17 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-10-01 13:30 - 2015-09-25 01:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-10-01 13:30 - 2015-09-25 01:07 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-10-01 13:30 - 2015-09-25 01:06 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2015-10-01 13:30 - 2015-09-25 01:05 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2015-10-01 13:30 - 2015-09-25 01:01 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2015-10-01 13:30 - 2015-09-25 01:00 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-10-01 13:30 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2015-10-01 13:30 - 2015-09-25 01:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2015-10-01 13:30 - 2015-09-25 00:53 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2015-10-01 13:30 - 2015-09-25 00:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2015-10-01 13:30 - 2015-09-25 00:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2015-10-01 13:30 - 2015-09-25 00:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2015-10-01 13:30 - 2015-09-25 00:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2015-10-01 13:30 - 2015-09-25 00:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2015-10-01 13:30 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2015-10-01 13:30 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-10-01 13:30 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2015-10-01 13:30 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-10-01 13:30 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-10-01 13:30 - 2015-09-17 08:49 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-01 13:30 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2015-10-01 13:30 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2015-10-01 13:30 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys 2015-10-01 13:30 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2015-10-01 13:30 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-10-01 13:30 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2015-10-01 13:30 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2015-10-01 13:30 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-10-01 13:30 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-10-01 13:30 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2015-10-01 13:30 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-10-01 13:30 - 2015-09-17 08:39 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-10-01 13:30 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2015-10-01 13:30 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-10-01 13:30 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2015-10-01 13:30 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-10-01 13:30 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2015-10-01 13:30 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2015-10-01 13:30 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-10-01 13:30 - 2015-09-17 08:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-10-01 13:30 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-10-01 13:30 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-10-01 13:30 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-10-01 13:30 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2015-10-01 13:30 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-10-01 13:30 - 2015-09-17 08:12 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-10-01 13:30 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-10-01 13:30 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-10-01 13:30 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll 2015-10-01 13:30 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2015-10-01 13:30 - 2015-09-17 08:07 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-10-01 13:30 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-10-01 13:30 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-10-01 13:30 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-10-01 13:30 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-10-01 13:30 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-10-01 13:30 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-10-01 13:30 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2015-10-01 13:30 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2015-10-01 13:30 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2015-10-01 13:30 - 2015-09-17 08:00 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-10-01 13:30 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll 2015-10-01 13:30 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2015-10-01 13:30 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2015-10-01 13:30 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-10-01 13:30 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2015-10-01 13:30 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2015-10-01 13:30 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-10-01 13:30 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-10-01 13:30 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-10-01 13:30 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-10-01 13:30 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-10-01 13:30 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2015-10-01 13:30 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2015-10-01 13:30 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2015-10-01 13:30 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll 2015-10-01 13:30 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2015-10-01 13:30 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-10-01 13:30 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-10-01 13:30 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2015-10-01 13:30 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-10-01 13:30 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-10-01 13:30 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2015-10-01 13:30 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2015-10-01 13:30 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-10-01 13:30 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2015-10-01 13:30 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2015-10-01 13:30 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-10-01 13:30 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-10-01 13:30 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2015-10-01 13:30 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-10-01 13:30 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-10-01 13:30 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2015-10-01 13:30 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-10-01 13:30 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2015-10-01 13:30 - 2015-09-17 07:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-10-01 13:30 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2015-10-01 13:30 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2015-10-01 13:30 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2015-10-01 13:30 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2015-10-01 13:30 - 2015-09-17 07:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-10-01 13:30 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2015-10-01 13:30 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-10-01 13:30 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-10-01 13:30 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2015-10-01 13:30 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2015-10-01 13:30 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-10-01 13:30 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-10-01 13:29 - 2015-09-25 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2015-10-01 13:29 - 2015-09-25 02:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2015-10-01 13:29 - 2015-09-25 01:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2015-10-01 13:29 - 2015-09-25 01:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2015-10-01 13:29 - 2015-09-25 01:01 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2015-10-01 13:29 - 2015-09-25 01:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2015-10-01 13:29 - 2015-09-25 00:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2015-10-01 13:29 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-10-01 13:29 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-10-01 13:29 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-10-01 13:29 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-10-01 13:29 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-10-01 13:29 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2015-10-01 13:29 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-10-01 13:29 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2015-10-01 13:29 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2015-10-01 13:29 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-10-01 13:29 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-10-01 13:29 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-10-01 13:29 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2015-10-01 13:29 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2015-10-01 13:29 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2015-10-01 13:29 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2015-10-01 13:29 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-10-01 13:29 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 13:29 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll 2015-10-01 13:29 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2015-10-01 13:29 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-10-01 13:29 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2015-10-01 13:29 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-10-01 13:29 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll 2015-10-01 13:29 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll 2015-10-01 13:29 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll 2015-10-01 13:29 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-10-01 13:29 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll 2015-10-01 13:29 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2015-10-01 13:29 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2015-10-01 13:29 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-10-01 13:29 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 13:29 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll 2015-10-01 13:29 - 2015-09-17 07:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2015-10-01 13:29 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2015-10-01 13:25 - 2015-10-03 20:04 - 02193408 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe 2015-10-01 13:25 - 2015-10-03 20:04 - 00000000 ____D C:\FRST 2015-10-01 13:24 - 2015-10-02 17:46 - 00000000 ____D C:\AdwCleaner 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\Program Files\iPod 2015-09-28 16:02 - 2015-09-28 16:02 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files\Bonjour 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-09-28 16:01 - 2015-09-28 16:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online 2015-09-19 17:25 - 2015-09-19 17:25 - 00000000 ____D C:\Program Files (x86)\WestwoodOnline 2015-09-14 18:31 - 2015-09-14 18:31 - 00004096 ____H C:\Users\Sven\AppData\Local\keyfile3.drm 2015-09-12 17:50 - 2015-09-28 15:39 - 00001677 _____ C:\WINDOWS\setupact.log 2015-09-12 17:50 - 2015-09-12 17:50 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-09-11 18:09 - 2015-09-19 17:25 - 00018887 _____ C:\WINDOWS\Directx.log 2015-09-11 18:03 - 2015-10-03 20:02 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-09 19:27 - 2015-09-09 19:27 - 00000000 ____D C:\Program Files (x86)\directx 2015-09-09 16:29 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-09-09 16:29 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-09-09 16:29 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-09 16:29 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-09 16:29 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-09-09 16:29 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-09-09 16:29 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-09-09 16:29 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-09-09 16:29 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-09-09 16:29 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-09-09 16:29 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll 2015-09-09 16:29 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-09-09 16:29 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-09-09 16:29 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-09-09 16:29 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-09 16:29 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-09-09 16:29 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-09 16:29 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-09 16:29 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-09-09 16:29 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-09 16:29 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-03 19:41 - 2013-01-04 16:59 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-03 19:41 - 2013-01-04 16:59 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-03 19:18 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-03 18:28 - 2014-07-13 16:16 - 00000000 ____D C:\Users\Sven\AppData\Local\Battle.net 2015-10-03 18:28 - 2014-07-13 16:16 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-10-03 18:17 - 2015-08-31 10:20 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2CBD864-49DA-492E-B3F2-9E4431FFA505} 2015-10-03 18:14 - 2013-01-04 17:47 - 00000316 _____ C:\WINDOWS\Tasks\GlaryInitialize.job 2015-10-03 11:00 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-10-02 18:18 - 2015-08-04 12:32 - 02080612 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-10-02 18:18 - 2015-07-10 18:34 - 00884716 _____ C:\WINDOWS\system32\perfh007.dat 2015-10-02 18:18 - 2015-07-10 18:34 - 00196348 _____ C:\WINDOWS\system32\perfc007.dat 2015-10-02 18:12 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-02 18:12 - 2013-06-09 13:03 - 00000000 ____D C:\ProgramData\NVIDIA 2015-10-02 18:11 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI 2015-10-02 17:40 - 2013-01-04 17:05 - 00000000 ____D C:\WINDOWS\Downloaded Installations 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning 2015-10-02 17:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-10-02 17:37 - 2013-08-15 23:17 - 00000000 ____D C:\ProgramData\ICQ 2015-10-01 15:44 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-28 16:55 - 2013-01-04 17:55 - 00000000 ___RD C:\Users\Sven\Desktop\Programme 2015-09-28 16:02 - 2015-01-30 12:54 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-09-28 16:02 - 2013-01-07 22:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-28 16:01 - 2013-01-07 22:45 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-24 13:27 - 2015-07-19 19:37 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-09-24 13:27 - 2015-07-19 19:37 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-09-22 22:12 - 2013-01-04 17:49 - 00000000 ____D C:\ProgramData\Origin 2015-09-20 22:11 - 2015-08-04 12:34 - 00000000 ____D C:\Users\Sven 2015-09-20 21:22 - 2013-01-04 20:49 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2015-09-20 21:22 - 2013-01-04 20:49 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-09-20 16:35 - 2013-01-05 18:52 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2015-09-19 17:26 - 2013-01-04 17:56 - 00000000 ____D C:\Users\Sven\Desktop\Spiele 2015-09-17 19:27 - 2013-01-14 20:34 - 00000000 ____D C:\Users\Sven\AppData\Local\Spotify 2015-09-17 19:20 - 2013-01-14 20:34 - 00000000 ____D C:\Users\Sven\AppData\Roaming\Spotify 2015-09-16 14:26 - 2015-08-04 13:18 - 00000000 ____D C:\Users\Sven\AppData\Local\Packages 2015-09-15 19:36 - 2013-01-04 16:59 - 00004192 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-15 19:36 - 2013-01-04 16:59 - 00003960 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-13 22:17 - 2013-04-13 23:38 - 00000000 ____D C:\Users\Sven\AppData\Roaming\vlc 2015-09-11 18:09 - 2013-01-20 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2015-09-11 17:49 - 2015-07-10 14:20 - 00341624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-09-11 17:48 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-11 14:48 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache 2015-09-09 19:27 - 2015-07-10 12:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2015-09-09 19:27 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll 2015-09-09 19:27 - 2015-07-10 12:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll 2015-09-09 19:26 - 2013-01-04 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-09 17:35 - 2013-01-05 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 17:34 - 2013-08-14 15:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-09-06 21:36 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-09-06 15:46 - 2013-01-04 17:03 - 00090432 _____ C:\Users\Sven\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-06 14:37 - 2015-08-04 13:25 - 00000000 ____D C:\Windows.old ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-09-14 18:31 - 2015-09-14 18:31 - 0004096 ____H () C:\Users\Sven\AppData\Local\keyfile3.drm 2014-02-03 18:35 - 2014-02-03 18:35 - 0000836 _____ () C:\Users\Sven\AppData\Local\recently-used.xbel 2013-01-04 17:16 - 2013-01-04 17:16 - 0000017 _____ () C:\Users\Sven\AppData\Local\resmon.resmoncfg 2015-01-18 01:06 - 2015-01-18 01:06 - 0014456 _____ () C:\Users\Sven\AppData\Local\WiDiSetupLog.20150118.000632.wdl 2015-01-18 01:06 - 2015-01-18 01:07 - 0015214 _____ () C:\Users\Sven\AppData\Local\WiDiSetupLog.20150118.000652.wdl 2015-08-04 12:28 - 2015-08-04 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Sven\AppData\Local\Temp\avgnt.exe C:\Users\Sven\AppData\Local\Temp\npp.6.8.3.Installer.exe C:\Users\Sven\AppData\Local\Temp\sqlite3.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary5714788249305721880.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary8971995279134278962.dll C:\Users\Sven\AppData\Local\Temp\SRLDetectionLibrary9086440515081223896.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-01 13:50 ==================== Ende von FRST.txt ============================ Danke für deine bisherige Hilfe |
04.10.2015, 07:25 | #9 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt Firefox und Thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Sven\AppData\Local\Temp\DMR\dmr_72.exe E:\Program Files (x86)\CPUID\PC Wizard 2013\systweakasp_c.exe Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wir haben Adware entfernt, aber sonst nix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.10.2015, 09:43 | #10 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Habe die Updates durchgheführt. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:03-10-2015 durchgeführt von Sven (2015-10-04 10:38:13) Run:1 Gestartet von C:\Users\Sven\Desktop Geladene Profile: Sven (Verfügbare Profile: Sven & DefaultAppPool) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\Sven\AppData\Local\Temp\DMR\dmr_72.exe E:\Program Files (x86)\CPUID\PC Wizard 2013\systweakasp_c.exe Emptytemp: ***************** C:\Users\Sven\AppData\Local\Temp\DMR\dmr_72.exe => erfolgreich verschoben E:\Program Files (x86)\CPUID\PC Wizard 2013\systweakasp_c.exe => erfolgreich verschoben EmptyTemp: => 5.4 GB temporäre Dateien entfernt. Das System musste neu gestartet werden.. ==== Ende von Fixlog 10:38:29 ==== |
04.10.2015, 15:36 | #11 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.10.2015, 18:36 | #12 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Hallo Schrauber, leider muss ich das Thema wieder aufgreifen. Seit deinem letzten Beitrag/der Passwort Änderung war Ruhe. Bis ich vor ca. 30min wieder 7 E-Mails erhalten habe, dass meine Mails nicht zugestellt werden können Betreff "FW:new massage" Ich habe 2min vorher das 1. mal wieder eine Email verfasst und verschickt, Thunderbird hat mich nach dem Passwort für das Ausgangskonto gefragt und ich konnte die Mail verschicken. Entweder ist mein PC/Mailkonto immer noch nicht sauber oder das war ein dummer Zufall und die Emails werden von wo anders verschickt. Ich bin mitlerweile wirklich verzweifelt. Gruß Sven |
17.10.2015, 15:47 | #13 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt Sind die 7 Mails in deinem Gesendet Ordner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.10.2015, 15:51 | #14 |
| FW:Important Mails verschickt, vermutlich Link angeklickt Hi, Nein, in meinem gesendet Ordner werden die Mails nicht angezeigt. Gruß Sven |
18.10.2015, 06:26 | #15 |
/// the machine /// TB-Ausbilder | FW:Important Mails verschickt, vermutlich Link angeklickt Dann hat es nichts mit deinem Konto zu tun, sondern einfach mit Spoofing.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu FW:Important Mails verschickt, vermutlich Link angeklickt |
.dll, administrator, adobe, antivirus, avira, bonjour, defender, desktop, dnsapi.dll, explorer, flash player, google, home, homepage, installation, launch, mozilla, problem, prozesse, realtek, registry, rundll, scan, services.exe, software, system, windows |