|
Log-Analyse und Auswertung: Windows 7: PDF mit Endung .scr geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.11.2015, 23:42 | #1 |
| Windows 7: PDF mit Endung .scr geöffnet Hi, ich habe dummerweise eine PDF mit der Endung .scr geöffnet. Die Datei ist daraufhin verschwunden und nicht mehr auffindbar. Ich benutze Microsoft Security Essentials, welches mir keine Warnung ausgespuckt hat und auch nach einem Scan nichts finden konnte. Völlig in Panik habe ich erstmal wahllos diverse Dateien gelöscht, welche in letzter Zeit geändert wurden. Anschließend habe ich Malwarebytes installiert, welches 1 Datei gefunden hat - diese habe ich gelöscht. Das entsprechende Logfile poste ich unten. Ich hoffe, Ihr könnt mir bei der Suche helfen und bedanke mich bereits im Voraus recht herzlich für Eure Hilfe und Euer tolles Engagement LG, Flo FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015 durchgeführt von Flo (Administrator) auf FLO-PC (03-11-2015 22:55:32) Gestartet von F:\Download Geladene Profile: Flo & (Verfügbare Profile: Flo) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Google Inc.) C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CHENGDU YIWO Tech Development Co., Ltd) F:\EaseUS Partition Master 10.2\bin\EpmNews.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (BinTube LLC) C:\Program Files (x86)\BinTube\BinTube Usenet Reader\BinPlayer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Trend Micro Inc.) F:\Download\HijackThis_2.0.5.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamresearch.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [EaseUS EPM tray] => F:\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-10-26] (LogMeIn Inc.) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Google Update] => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [MusicManager] => C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [GoogleChromeAutoLaunch_113C8DD36E5867E6D61A3F35DE4397B3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Dropbox Update] => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\MountPoints2: {e5ec12ef-23e8-11e4-896f-00235437546a} - I:\autorun.exe HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_113C8DD36E5867E6D61A3F35DE4397B3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e5ec12ef-23e8-11e4-896f-00235437546a} - I:\autorun.exe HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-03-25] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{2201656A-CB43-4010-9B52-D9BA152DDFC4}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{8A66BF53-9C2A-4682-8078-92E8F29895C9}: [NameServer] 192.168.2.1 Tcpip\..\Interfaces\{A2043950-7D9E-497C-A489-F50F04C019B1}: [DhcpNameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{B67D2E28-BF2E-4659-B60F-AC90803A99B2}: [NameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-14] (Oracle Corporation) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default FF Homepage: hxxps://www.google.com/calendar/render?tab=wc FF NetworkProxy: "backup.ftp", "188.56.41.254" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "188.56.41.254" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "188.56.41.254" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "212.156.86.242" FF NetworkProxy: "ftp_port", 80 FF NetworkProxy: "http", "212.156.86.242" FF NetworkProxy: "http_port", 80 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "212.156.86.242" FF NetworkProxy: "socks_port", 80 FF NetworkProxy: "ssl", "212.156.86.242" FF NetworkProxy: "ssl_port", 80 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-18] (EA Digital Illusions CE AB) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2090188890-1994155989-3754954223-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin HKU\S-1-5-21-2090188890-1994155989-3754954223-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Extension: Battlefield Heroes Updater - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\battlefieldheroespatcher@ea.com [2013-10-06] [ist nicht signiert] FF Extension: YouTube Unblocker - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-09-02] FF Extension: Video MPEG4 Player Pro - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\{871f6975-d488-48d4-84eb-d9b382626948}.xpi [2015-08-26] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25] FF Extension: ZIP Plugin Free - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\{fb33f250-65f0-4067-9752-9cb63be2ff60}.xpi [2015-10-31] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-01] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin) S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-01-28] () S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [204096 2014-01-28] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-10-26] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-07] (Electronic Arts) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-20] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 cbfltfs3; C:\Windows\system32\drivers\cbfltfs3.sys [317632 2015-09-05] (EldoS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-07] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-03] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [Datei ist nicht signiert] R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Datei ist nicht signiert] S1 ajyhbmrl; \??\C:\Windows\system32\drivers\ajyhbmrl.sys [X] S1 ddhkfnib; \??\C:\Windows\system32\drivers\ddhkfnib.sys [X] S1 jcsbsvgk; \??\C:\Windows\system32\drivers\jcsbsvgk.sys [X] S1 krarqcqm; \??\C:\Windows\system32\drivers\krarqcqm.sys [X] S1 mtmrxqcn; \??\C:\Windows\system32\drivers\mtmrxqcn.sys [X] S1 nghiqpmj; \??\C:\Windows\system32\drivers\nghiqpmj.sys [X] S1 pjbslzyq; \??\C:\Windows\system32\drivers\pjbslzyq.sys [X] S1 uivjiqam; \??\C:\Windows\system32\drivers\uivjiqam.sys [X] S1 vqfdnoyg; \??\C:\Windows\system32\drivers\vqfdnoyg.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-03 22:53 - 2015-11-03 22:52 - 00000538 _____ C:\Users\Flo\Desktop\defogger_disable.log 2015-11-03 22:53 - 2015-11-03 22:51 - 00380416 _____ C:\Users\Flo\Desktop\Gmer-19357.exe 2015-11-03 22:53 - 2015-11-03 22:51 - 00050477 _____ C:\Users\Flo\Desktop\Defogger.exe 2015-11-03 22:53 - 2015-11-03 22:47 - 02198016 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe 2015-11-03 22:52 - 2015-11-03 22:55 - 00000000 ____D C:\FRST 2015-11-03 22:52 - 2015-11-03 22:52 - 00000168 _____ C:\Users\Flo\defogger_reenable 2015-11-03 22:50 - 2015-11-03 22:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-03 22:50 - 2015-11-03 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-03 22:49 - 2015-11-03 22:50 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-03 22:49 - 2015-11-03 22:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-03 22:49 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-03 22:49 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-03 22:49 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-03 22:28 - 2015-11-03 22:28 - 00001286 _____ C:\Users\Flo\Desktop\Revo Uninstaller.lnk 2015-11-03 22:28 - 2015-11-03 22:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-10-30 19:48 - 2015-10-30 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-10-30 19:48 - 2015-10-30 19:48 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-10-26 16:00 - 2015-10-26 16:00 - 00000220 _____ C:\Users\Flo\Desktop\The Ship.url 2015-10-26 16:00 - 2015-10-26 16:00 - 00000220 _____ C:\Users\Flo\Desktop\The Ship Tutorial.url 2015-10-26 16:00 - 2015-10-26 16:00 - 00000220 _____ C:\Users\Flo\Desktop\The Ship Single Player.url 2015-10-25 09:49 - 2015-10-25 09:51 - 00000000 ____D C:\Users\Flo\AppData\Local\elfopatch 2015-10-25 09:49 - 2015-10-25 09:49 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-18 11:18 - 2015-10-18 11:18 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-16 15:17 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-16 15:17 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-16 15:17 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-14 17:56 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-14 17:56 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-14 17:56 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-10-14 17:56 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-10-14 17:56 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-10-14 17:56 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-10-14 17:56 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-10-14 17:56 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-10-14 17:56 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-10-14 17:56 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-10-14 17:56 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-10-14 17:56 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-10-14 17:56 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-10-14 17:56 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-10-14 17:56 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-10-14 17:56 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-10-14 17:56 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-10-14 17:56 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-10-14 17:56 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-10-14 17:56 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-10-14 17:56 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-10-14 17:56 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-10-14 17:56 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-10-14 17:56 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-10-14 17:56 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-10-14 17:56 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-10-14 17:56 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-10-14 17:56 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-10-14 17:56 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-10-14 17:56 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-10-14 17:56 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-10-14 17:56 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-14 17:56 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-10-14 17:56 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-14 17:56 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-10-14 17:56 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-14 17:56 - 2015-09-18 00:47 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-14 17:56 - 2015-09-18 00:46 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-14 17:56 - 2015-09-17 21:44 - 14290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-14 17:56 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-10-14 17:56 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-10-14 17:56 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-10-14 17:56 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-10-14 17:56 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-10-14 17:56 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-10-14 17:56 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-10-14 17:56 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-10-14 17:56 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-14 17:56 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-10-14 17:56 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-14 17:56 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-14 17:55 - 2015-09-18 00:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-14 17:55 - 2015-09-18 00:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-10-14 17:55 - 2015-09-18 00:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-14 17:55 - 2015-09-18 00:46 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-14 17:55 - 2015-09-17 21:43 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-10-14 17:55 - 2015-09-17 19:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-10-14 17:55 - 2015-09-17 19:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-10-14 17:55 - 2015-09-17 19:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-14 17:55 - 2015-09-17 19:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-14 17:55 - 2015-09-17 19:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-10-14 17:55 - 2015-09-17 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-10-12 20:10 - 2015-10-12 20:10 - 00001110 _____ C:\Users\Public\Desktop\Picasa 3.lnk 2015-10-12 20:09 - 2015-10-12 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-10-06 17:51 - 2015-10-26 11:24 - 00000000 ____D C:\Games 2015-10-06 17:51 - 2015-10-06 17:51 - 00000807 _____ C:\Users\Public\Desktop\World of Warships.lnk 2015-10-06 17:51 - 2015-10-06 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-03 22:52 - 2012-03-24 17:51 - 00000000 ____D C:\Users\Flo 2015-11-03 22:45 - 2012-03-24 21:24 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype 2015-11-03 22:32 - 2012-03-24 17:51 - 01088665 _____ C:\Windows\WindowsUpdate.log 2015-11-03 22:30 - 2014-08-02 12:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-03 22:30 - 2014-02-14 22:31 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job 2015-11-03 22:13 - 2015-06-22 10:56 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job 2015-11-03 22:09 - 2012-04-05 20:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-03 20:30 - 2014-08-02 12:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-03 20:30 - 2014-02-14 22:31 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job 2015-11-03 20:13 - 2015-06-22 10:56 - 00001164 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job 2015-11-03 19:39 - 2009-07-14 05:45 - 00025520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-03 19:39 - 2009-07-14 05:45 - 00025520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-03 19:31 - 2009-07-14 18:58 - 00702942 _____ C:\Windows\system32\perfh007.dat 2015-11-03 19:31 - 2009-07-14 18:58 - 00150582 _____ C:\Windows\system32\perfc007.dat 2015-11-03 19:31 - 2009-07-14 06:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-03 19:25 - 2013-10-09 20:41 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-03 19:25 - 2012-09-01 13:35 - 00000000 ____D C:\Users\Flo\AppData\Local\LogMeIn Hamachi 2015-11-03 19:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-03 19:25 - 2009-07-14 05:51 - 00092509 _____ C:\Windows\setupact.log 2015-11-02 22:10 - 2014-12-26 12:25 - 00000000 ____D C:\Users\Flo\AppData\Local\Battle.net 2015-11-01 14:37 - 2013-05-27 21:40 - 00001199 _____ C:\Users\Public\Desktop\BinTube.lnk 2015-10-31 20:30 - 2015-06-22 10:58 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2015-10-30 20:00 - 2014-12-23 19:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-26 16:33 - 2013-06-08 12:42 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-10-26 16:00 - 2013-10-09 20:46 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-10-26 14:57 - 2014-04-29 08:49 - 00002038 ____H C:\Users\Flo\Documents\Default.rdp 2015-10-26 11:15 - 2012-09-01 13:35 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-10-25 14:31 - 2014-08-02 12:42 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-25 09:52 - 2012-08-11 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-10-19 15:34 - 2014-12-26 12:26 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-10-19 15:33 - 2015-03-07 21:56 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Ubisoft 2015-10-19 15:33 - 2012-09-01 10:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-10-19 15:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-10-19 11:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-10-19 10:45 - 2012-03-25 14:55 - 00175968 _____ C:\Windows\PFRO.log 2015-10-18 11:18 - 2013-10-31 22:40 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Dropbox 2015-10-18 11:09 - 2012-04-05 20:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-18 11:09 - 2012-04-05 20:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-18 11:09 - 2012-03-24 20:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-16 15:51 - 2014-12-13 19:25 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-16 15:51 - 2014-04-30 00:33 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-16 15:23 - 2014-12-02 10:53 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-10-14 19:51 - 2013-08-15 18:11 - 00000000 ____D C:\Windows\system32\MRT 2015-10-14 19:46 - 2012-03-26 15:33 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-10-14 19:46 - 2012-03-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-10-12 20:10 - 2013-10-29 19:29 - 00000000 ____D C:\Users\Flo\AppData\Local\Google 2015-10-12 20:09 - 2014-08-02 12:41 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-08 19:21 - 2015-04-04 13:10 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-08 19:21 - 2015-04-04 13:10 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-08 19:08 - 2012-03-24 21:24 - 00000000 ____D C:\ProgramData\Skype 2015-10-08 19:07 - 2012-03-24 20:32 - 00108976 _____ C:\Users\Flo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-10-08 19:07 - 2009-07-14 05:45 - 00411368 _____ C:\Windows\system32\FNTCACHE.DAT 2015-10-06 17:48 - 2013-10-31 22:47 - 00000000 ___RD C:\Users\Flo\Dropbox ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-05-26 14:54 - 2010-11-05 02:57 - 0055632 _____ (Microsoft Corporation) C:\Users\Flo\AppData\Roaming\ICQ7.exe 2013-10-15 15:48 - 2013-10-15 15:49 - 0038419 _____ () C:\Users\Flo\AppData\Roaming\Kommagetrennte Werte (DOS).ADR 2013-12-01 00:36 - 2014-02-11 10:01 - 0008704 _____ () C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-09-11 18:16 - 2015-09-11 18:16 - 0000600 _____ () C:\Users\Flo\AppData\Local\PUTTY.RND 2012-12-28 13:39 - 2012-12-28 13:39 - 95023320 ____T () C:\ProgramData\dsgsdgdsgdsgw.pad Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\dsgsdgdsgdsgw.pad ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-02 12:32 ==================== Ende von FRST.txt ============================ |
03.11.2015, 23:43 | #2 |
| Windows 7: PDF mit Endung .scr geöffnet Addition:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015 durchgeführt von Flo (2015-11-03 22:56:03) Gestartet von F:\Download Windows 7 Professional Service Pack 1 (X64) (2012-03-24 16:51:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2090188890-1994155989-3754954223-500 - Administrator - Disabled) Flo (S-1-5-21-2090188890-1994155989-3754954223-1000 - Administrator - Enabled) => C:\Users\Flo Gast (S-1-5-21-2090188890-1994155989-3754954223-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2090188890-1994155989-3754954223-1002 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) AC3Filter 2.1a (HKLM-x32\...\AC3Filter_is1) (Version: 2.1a - Alexander Vigovsky) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{47F9B7C3-F172-940F-D0C4-203C7914E5D2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) BinTube Ultimate 4.3.0.0 (HKLM-x32\...\BinTube Usenet Reader) (Version: 4.3.0.0 - BinTube.com) BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.) BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{2B73426A-9499-4875-BAE9-8DD729009399}) (Version: 1.47.0 - Kovid Goyal) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dropbox (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.) DVD-Cover Printmaster 1.4 (HKLM-x32\...\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}) (Version: 1.4 - biu software) EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen) ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - ) Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.) FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin) Games (HKLM\...\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.26.00.06 - Huawei Technologies Co.,Ltd) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iPhone Backup Extractor (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\iPhone Backup Extractor) (Version: 4.6.6.0 - Reincubate Ltd) iPhone Backup Extractor (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\iPhone Backup Extractor) (Version: 4.6.6.0 - Reincubate Ltd) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.406 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.406 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MP4 To MP3 Converter V3.0 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net) Music Manager (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\MusicManager) (Version: - Google, Inc.) Music Manager (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MusicManager) (Version: - Google, Inc.) Omron Health Management Software (HKLM-x32\...\{5441F067-5AF8-4284-9A8C-FD98DF05C981}) (Version: 1.50.0007 - Omron Healthcare) Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.) PowerLine Utility (HKLM-x32\...\{A5E1CA04-799E-495C-A084-AB48AEF00CCB}) (Version: 1.2.204 - TP-LINK) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{6B442DEB-80DA-4659-BD19-51853A27A028}) (Version: 5.40.29 - Silicon Laboratories, Inc.) Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) sv.net (HKLM-x32\...\sv.net) (Version: 14.0 - ITSG GmbH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 3 (HKLM-x32\...\TeamViewer 3) (Version: - TeamViewer GmbH) The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.) The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.) The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version: - Outerlight) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17055 - Blizzard Entertainment) World of Warships (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) World of Warships (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei ==================== Wiederherstellungspunkte ========================= 23-10-2015 14:52:10 Windows Update 25-10-2015 09:49:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 30-10-2015 20:00:00 Windows Update 03-11-2015 19:36:42 Windows Update 03-11-2015 22:29:58 Revo Uninstaller's restore point - NexusFont 2.5 (ver 2.5.8.1582) 03-11-2015 22:32:18 Revo Uninstaller's restore point - PhonerLite 2.16 03-11-2015 22:34:33 Revo Uninstaller's restore point - WinPcap 4.1.2 ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {033B08AC-D341-4427-B77D-C489BA23C713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1D6BA97A-53C3-4A95-A2C4-0A731500FC5C} - System32\Tasks\{EBD3FF75-AF8F-4C97-BD38-BA025E818EAC} => pcalua.exe -a "F:\Usenet\Usenet-Space-Cowboys]O&amp_O DiskRecovery 8.0.345\O&amp;O DiskRecovery 8.0.345 Tech Edition Final (32-64bit) Incl [+ serial].exe" -d "F:\Usenet\Usenet-Space-Cowboys]O&amp_O DiskRecovery 8.0.345" Task: {54A5432E-D657-49CF-9D84-EF8D7CE2AA48} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) Task: {5FAA3B23-57D1-4811-95BC-8AD0C71A9EF9} - System32\Tasks\{BD9BBACD-2E18-4E9E-ADA5-CFC8CFBE13C8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.259/de/abandoninstall?source=lightinstaller&page=tsPlugin Task: {68213E78-2C71-4C03-A5A4-8977137F5720} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.) Task: {8335BE18-7968-406B-A468-E78705D09CC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {8EAFE18E-316F-4649-8173-D8CC9F4F6F42} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.) Task: {90FD5B3E-17EC-4EFD-AE38-CEDC21895C62} - System32\Tasks\{18580066-AC2C-44DA-8238-01EEA3FBC63A} => pcalua.exe -a "C:\Users\Flo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5NH4JRQ\Firefox%20Setup%2011.0[1].exe" -d C:\Users\Flo\Desktop Task: {91C00161-77E9-4D72-8EF7-6730C305850F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {B5250B7A-4F5B-4C9A-9067-D8571491AA96} - System32\Tasks\{E42F3E4F-D957-48D1-8DF9-1BE3B07A6891} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.259/de/abandoninstall?source=lightinstaller&page=tsInstall Task: {C8988A74-372E-4A0E-94D7-5CF0C8F6E652} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated) Task: {D2E9184B-EB31-4F32-A6E7-C36505618ED7} - System32\Tasks\{ADBDF2F4-C5F6-4E78-8AC0-E9A13C0C190A} => pcalua.exe -a F:\Download\OOUnErase6Ger.exe -d F:\Download Task: {F1BE585E-D483-4611-86C7-3107CD470CDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2012-07-04 00:36 - 2012-07-04 00:36 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-20 12:46 - 2013-10-20 12:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-07-04 00:36 - 2012-07-04 00:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-07-04 00:16 - 2012-07-04 00:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-08-21 13:18 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-21 06:24 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-21 06:24 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-21 06:24 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 12:32 - 2015-10-14 21:56 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 15:45 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 15:45 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 15:45 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 15:45 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 15:45 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2013-10-04 15:54 - 2015-10-14 21:56 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-26 19:16 - 2015-10-09 19:13 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2015-08-13 21:33 - 2015-08-13 21:33 - 00117248 _____ () C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\libaacdec.dll 2015-08-13 21:34 - 2015-08-13 21:34 - 00234496 _____ () C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll 2015-08-13 21:34 - 2015-08-13 21:34 - 00253440 _____ () C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\libid3tag.dll 2015-08-13 21:33 - 2015-08-13 21:33 - 00344064 _____ () C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll 2015-10-25 14:31 - 2015-10-20 15:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll 2015-10-25 14:31 - 2015-10-20 15:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll 2013-09-10 13:20 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-11-06 05:40 - 2014-11-06 05:40 - 03357696 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\xr\mozjs.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00113171 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\libvlc.DLL 2014-07-23 00:29 - 2014-07-23 00:29 - 02396691 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\libvlccore.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00268307 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libdshow_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00027667 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_output\libdirectsound_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00031251 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_output\libwaveout_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00066579 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_output\libdirectdraw_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00076307 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libaccess_vdr_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00045587 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libfilesystem_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00060947 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\stream_filter\libsmooth_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00531475 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\stream_filter\libhttplive_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00708627 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\stream_filter\libdash_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00114195 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libzip_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00040467 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libstream_filter_rar_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\stream_filter\librecord_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00133139 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\demux\libplaylist_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01512467 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\meta_engine\libtaglib_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00296979 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\lua\liblua_plugin.dll 2014-10-08 14:40 - 2014-10-08 14:40 - 00241768 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\btunrar.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 02043411 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\liblibbluray_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00100371 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libaccess_bd_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00244243 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\access\libdvdnav_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00091667 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\demux\libavi_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00292371 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libpng_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00017939 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libcdg_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01280019 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libschroedinger_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018451 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libdts_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00336403 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libtheora_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00344595 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libfaad_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00198675 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libflac_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00027155 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libg711_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015891 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libaes3_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01393171 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\liblibass_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00146451 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libspeex_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00022035 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\liblpcm_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00733203 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libvorbis_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libmpeg_audio_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00026131 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libaraw_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00171027 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libopus_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019475 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\liba52_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libspudec_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 10447379 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\codec\libavcodec_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00746515 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\text_renderer\libfreetype_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00026643 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\sse2\libi420_yuy2_sse2_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\mmx\libi420_yuy2_mmx_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00587283 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_filter\libswscale_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00113683 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\sse2\libi420_rgb_sse2_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00027667 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\sse2\libi422_yuy2_sse2_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00013843 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_mixer\libfloat_mixer_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\mmx\libi422_yuy2_mmx_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libscaletempo_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00053779 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\mmx\libi420_rgb_mmx_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00130579 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libmpgatofixed32_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00016915 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libyuy2_i422_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00168979 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libdtstofloat32_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libgrey_yuv_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00058899 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\liba52tofloat32_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00032275 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libi420_rgb_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 01496083 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libsamplerate_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libi420_yuy2_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00019475 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libsimple_channel_mixer_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00020499 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libyuy2_i420_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00013331 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\liba52tospdif_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00017427 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libi422_yuy2_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libdtstospdif_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_chroma\libi422_i420_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libdolby_surround_decoder_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_filter\libscale_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libugly_resampler_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00013843 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_filter\libyuvp_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\audio_filter\libaudio_format_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00068115 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_output\libdirect3d_plugin.dll 2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files (x86)\BinTube\BinTube Usenet Reader\bin\vlc\plugins\video_output\libdrawable_plugin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\dyndns.org -> hxxps://stb-unterstaller-mu.dyndns.org IE trusted site: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dyndns.org -> hxxps://stb-unterstaller-mu.dyndns.org ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2090188890-1994155989-3754954223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall ist deaktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^Users^Flo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!Fernzugang.lnk => C:\Windows\pss\FRITZ!Fernzugang.lnk.Startup MSCONFIG\startupreg: icq.exe => C:\Users\Flo\AppData\Local\icq.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{D3308726-2DAA-4419-AC15-EE3CCA1CF52C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{84C3112C-78F9-4928-8BC3-EB34B9848DD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DB2177C0-7A61-4BE2-A663-889AF9231B44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A89E4CE2-4DE0-4270-8062-B1ED7C1DF68D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E7051D8E-19AF-4340-AB8F-A964115A35F2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{159A3C87-3CC6-4DFF-A0D5-8526A33E4D6C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{625EDA07-A864-43A6-A406-F8C169040A1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{4D8D344B-E378-4D34-8788-E32397D87031}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{C819801A-75E8-46FC-B3F1-98758FE9D02F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{83567CAA-982E-4BE2-AB80-736656E9F7AB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{10561202-D20D-4C66-9AD3-5EBF330EE5CC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{64F05E1B-C358-4642-AF0E-A24150548A7D}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{0F93A9B2-9B85-4AE9-8884-29C4D59F7EF5}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{2A1C288C-0897-4B6C-B214-76459EBC1D8A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe FirewallRules: [{0C994B7D-A09F-4E87-8805-9896D05DD8A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe FirewallRules: [{5733A598-07E4-4048-A207-51D5E863FD0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe FirewallRules: [{0A546F3B-2BAD-404A-8B12-5AA5131F9D6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe FirewallRules: [{DD7731C7-E6AA-458D-9DED-52202E892BC1}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe FirewallRules: [{2F7C6AA4-D093-4236-94F3-0C414039AD96}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe FirewallRules: [{28C7228B-A9C6-4FA8-9E60-472AF13A3A84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.913\Agent.exe FirewallRules: [{DB8F9B60-1CF3-48B4-BD37-31AD801EF24D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.913\Agent.exe FirewallRules: [{9C0C0069-5277-42FA-9EE0-E37761528E6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{F736B0D1-4790-46C7-9D16-C0EDC7E54A7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{C2CAB405-1EEB-43E9-9837-B02BF22D40ED}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{3800D18C-BCE4-4012-95AB-0A67320F767D}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{0FDCF885-9ECD-42B3-8478-3005324EABC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe FirewallRules: [{3107326C-0DCA-44A2-9BE5-75BCBF9D72F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe FirewallRules: [{42D16072-128D-4E8F-B642-99712F7F7E2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe FirewallRules: [{D0D7B2D9-52D8-4F71-85C4-D12844F57864}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe FirewallRules: [TCP Query User{9EB56B15-4D5F-4633-8360-CEAEA45B056B}C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat FirewallRules: [UDP Query User{BF644AAD-FCF8-4B2F-A33F-808AF92D8A6A}C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat FirewallRules: [{5FC560DF-99E0-4D8A-8005-057F20E491A4}] => (Allow) C:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe FirewallRules: [{7A42C07C-B265-4C24-BB47-6E1F95505256}] => (Allow) C:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe FirewallRules: [{A7C037DF-1834-470E-BF66-30598347D0E2}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe FirewallRules: [{E9B0B25F-87D6-475C-8863-B1CF60BC48D8}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe FirewallRules: [{5A588066-B094-4DB7-8D12-70E307DA62A8}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe FirewallRules: [{E0591F99-BC25-4582-8402-00468CE0C8CF}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe FirewallRules: [TCP Query User{0921B9EA-DD30-4B19-8BB0-6A7E6C3B6724}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe FirewallRules: [UDP Query User{79728583-0640-4B9B-9F9C-02DA2995B9AE}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe FirewallRules: [{CDE737FF-F4A9-4177-B451-D5E0D07BA5C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{6AE01900-1C14-4EC4-A20C-0B8F42CE8E81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{4D9DECD0-2C89-421B-9088-994C4D6D693A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{E896EC4C-902F-40A9-B68A-05FD167D20DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [TCP Query User{722F7B6E-861C-4F33-A4F5-E427DBCE4AD8}F:\#spiele\warcraft iii\war3.exe] => (Allow) F:\#spiele\warcraft iii\war3.exe FirewallRules: [UDP Query User{ECC97F53-E5A6-4637-9EDF-DDB99ABFA59F}F:\#spiele\warcraft iii\war3.exe] => (Allow) F:\#spiele\warcraft iii\war3.exe FirewallRules: [{88DA12B9-57FD-408F-BF90-1CEA27A26B08}] => (Block) F:\#spiele\warcraft iii\war3.exe FirewallRules: [{190E398E-5608-49A4-AA58-6C3D2BAA40BC}] => (Block) F:\#spiele\warcraft iii\war3.exe FirewallRules: [{BE591CF2-9FB5-4A23-AE8B-18ACF089341A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CDA40B63-91A0-4366-B338-2DF804710389}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E82A63F7-BBB6-4B27-896B-BB2577DD267F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos 3 Destination Berlin\readme.rtf FirewallRules: [{6F9E70AA-B3AE-485E-B93F-2CF91C7CE8F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos 3 Destination Berlin\readme.rtf FirewallRules: [TCP Query User{7FB56A82-BF1E-4624-A3FC-86B7DE0E9769}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{22D1F040-DB7C-498A-91A6-CD5C769D0A84}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{0534B344-4385-4D36-BFE2-CF36C8CDB1FD}] => (Block) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{013E548D-C89E-48AF-902E-CC926FEF7CBC}] => (Block) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{52909F92-B490-4A28-9A1A-61A7401A95AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{2D5C9129-180A-412B-8C97-CD402C566F72}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CDDBC453-7B6A-4BDC-8CFE-C35A8CDB8495}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{37AF35D5-F40D-4F7B-BBC0-D467B2A97B47}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7D89D24C-0A56-4955-BB0C-4A5F6E0AB839}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4697B190-0338-424B-9ACE-B808EBFBA0F0}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D092D319-E4B3-4E56-8E4E-5EA1FB57C644}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{BD91B8D3-E89D-4F97-AF98-BCB0020CFCB4}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{FC29F244-8512-490A-90D2-84EC561875AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{E573AF3A-5F92-4A90-B33B-BB44833E66D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{6E08509A-A66F-4F18-9A9C-257A96D01132}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{5C814516-C8CB-49C6-930B-A9149A6B6B3C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{2FD2A9A6-1E05-4339-9E88-4FE470111C20}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{EE8F9254-55C1-43E3-BE0C-73346E3881AD}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{D531358B-A21F-4635-92AF-D2BBA838C2BD}C:\program files (x86)\teamviewer3\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [UDP Query User{1472AA82-1A2E-4341-8906-1066F3671AB0}C:\program files (x86)\teamviewer3\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [{8B951D09-C361-4944-BD09-4964472A0089}] => (Block) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [{2F486BBE-370C-4FD5-AE3F-8C9DA4F3E5C5}] => (Block) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [{ABD2513C-14F2-4D53-9A74-B517DEB78958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{15D7AEAC-3B4F-4F74-B759-CDF9E3D3DDC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{6908EB69-A508-4825-8F53-52AE39CC87EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B6B5E52E-BAB4-4142-8510-1B522BE82127}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{5AA066FA-A6A9-49E0-9896-7392F52AD684}C:\users\flo\desktop\asd\dolphin.exe] => (Allow) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [UDP Query User{03B344C7-F949-4A60-B40B-E664E1744618}C:\users\flo\desktop\asd\dolphin.exe] => (Allow) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [{AB1BF9A7-36EA-4353-8614-92A563C0D6B2}] => (Block) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [{5F39C422-02C5-4027-9872-B62A35FC90C7}] => (Block) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [{182CF8D1-A6A4-406F-9D61-7575E1400EEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{3E27CB60-85E6-4710-82E6-ABB506C0E2A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{6934F2EC-20A1-4181-A0CF-A75FB7F7998A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{4354BAB6-3888-4C3A-A990-66734F7FCDFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{3D5471EB-D415-4323-B8BC-A87EA1B89755}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{6BEAB9CC-D4F0-423C-87FA-AC46EE2B9894}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{4FC6A3E4-DDAC-40EC-8CA0-DF3BD6944C09}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{ACC497C9-DE09-4F39-895D-8F070F551562}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7BCF14DE-3D19-48A3-A481-60D3B1E1C81E}] => (Allow) F:\Battle.net\Battle.net.exe FirewallRules: [{6529E0EC-7EC9-473C-9BA4-9E1F94CF40A0}] => (Allow) F:\Battle.net\Battle.net.exe FirewallRules: [{BF2924F9-58D2-4C26-A9D2-550F2D322C0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{D3D03729-C4C9-434F-9036-822F1EFF5AE1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{255BD636-FB52-4FF7-BCC9-484424D56EA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3931B437-7191-41D9-8699-D36BDBF7710B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4C15BE32-B58A-476C-BDE7-0019CB59B558}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{07E815F3-08C6-4D46-9AEA-56E1FA2B2D65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{2B04C0F3-2EA1-48C3-8A92-47DA19909AAC}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{A2FE6B35-6804-4D54-AC26-AF65B7BF7B46}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{50127CEE-5422-41F1-BFD1-F910B537EF33}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{EF39A5C2-1B7F-4E0F-A565-BB77C7793C75}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{E1A498C6-96D7-4F1C-A489-D65E9F8E099C}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe FirewallRules: [{08F8CE0F-5930-4A73-B936-BFDE3828D65B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{28F528C9-504B-40F1-AECD-3B1FD98725C6}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship\ship.exe FirewallRules: [{57D119CF-385E-4D83-95D2-45866FFEF9D0}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship\ship.exe FirewallRules: [{73A3D56C-9A02-428E-AFD7-EDA7884DC91F}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Single Player\ship.exe FirewallRules: [{6A14822C-96DA-4B8E-83D6-53D093266C40}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Single Player\ship.exe FirewallRules: [{72E4877C-1C7B-458C-82FC-168AC7346A02}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Tutorial\ship.exe FirewallRules: [{5E801633-9242-4293-B875-315E08EAE4C2}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Tutorial\ship.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Atheros AR5006X-Drahtlosnetzwerkadapter Description: Atheros AR5006X-Drahtlosnetzwerkadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Atheros AR922X Wireless Network Adapter Description: Atheros AR922X Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/02/2015 10:16:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x7e0 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/02/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)" Error: (11/02/2015 03:43:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x78c Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/02/2015 03:19:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 760 Startzeit: 01d1155f5784db5d Endzeit: 0 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: b92a9691-816c-11e5-ade6-f7f86aa12644 Error: (11/02/2015 12:22:21 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)" Error: (11/02/2015 12:11:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x184 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/01/2015 02:47:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/01/2015 01:42:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x764 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (10/31/2015 08:24:02 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)" Error: (10/31/2015 12:59:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x738 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Systemfehler: ============= Error: (11/03/2015 07:26:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/02/2015 10:16:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/02/2015 05:38:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/02/2015 03:43:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/02/2015 12:13:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/02/2015 12:11:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/02/2015 12:05:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/01/2015 02:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/01/2015 11:44:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/01/2015 01:42:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. ==================== Speicherinformationen =========================== Prozessor: AMD Phenom(tm) II X3 720 Processor Prozentuale Nutzung des RAM: 77% Installierter physikalischer RAM: 4095.3 MB Verfügbarer physikalischer RAM: 913.26 MB Summe virtueller Speicher: 8188.82 MB Verfügbarer virtueller Speicher: 4687.54 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:119.24 GB) (Free:5.78 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: () (Fixed) (Total:596.07 GB) (Free:75.55 GB) NTFS Drive h: (BLADE_4) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BCFD1924) Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 145ECAB6) Partition 1: (Not Active) - (Size=1015 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=596.1 GB) - (Type=42) ==================== Ende von Addition.txt ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-11-03 23:23:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 M4-CT128M4SSD2 rev.0309 119,24GB Running: Gmer-19357.exe; Driver: C:\Users\Flo\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000739d17fa 2 bytes CALL 766e11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000739d1860 2 bytes CALL 766e11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000739d1942 2 bytes JMP 74c37089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000739d194d 2 bytes JMP 74c3cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c21401 2 bytes JMP 7670b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c21419 2 bytes JMP 7670b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c21431 2 bytes JMP 76788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c2144a 2 bytes CALL 766e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c214dd 2 bytes JMP 767888c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c214f5 2 bytes JMP 76788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c2150d 2 bytes JMP 767887ba C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c21525 2 bytes JMP 76788b8a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c2153d 2 bytes JMP 766ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c21555 2 bytes JMP 767068ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c2156d 2 bytes JMP 76789089 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c21585 2 bytes JMP 76788bea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c2159d 2 bytes JMP 7678877e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c215b5 2 bytes JMP 766ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c215cd 2 bytes JMP 7670b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c216b2 2 bytes JMP 76788f4c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c216bd 2 bytes JMP 76788713 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 03.11.2015 Suchlaufzeit: 22:51 Protokolldatei: Malwarebytes.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.11.03.08 Rootkit-Datenbank: v2015.10.28.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Flo Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 345372 Abgelaufene Zeit: 8 Min., 20 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 Exploit.Dropper.GSA, C:\ProgramData\DSGSDGDSGDSGW.PAD, , [01a33346becd76c016067d4c44bff10f], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
05.11.2015, 18:59 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet Hi,
__________________Dann bitte jetzt Combofix ausführen und das Log in CODE-Tags posten wenn fertig: Scan mit Combofix
__________________ |
05.11.2015, 20:25 | #4 |
| Windows 7: PDF mit Endung .scr geöffnet Hallo cosinus, vielen Dank für deine Antwort. Combofix lief ohne Fehlermeldungen, anbei das Logfile: Code:
ATTFilter ComboFix 15-11-05.01 - Flo 05.11.2015 20:06:21.1.3 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2791 [GMT 1:00] ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0407.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((( Dateien erstellt von 2015-10-05 bis 2015-11-05 )))))))))))))))))))))))))))))) . . 2015-11-05 19:10 . 2015-11-05 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-11-04 21:08 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62E3AF89-43B4-4BEC-822D-F1317E4AB418}\mpengine.dll 2015-11-03 22:23 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-11-03 21:52 . 2015-11-03 21:56 -------- d-----w- C:\FRST 2015-11-03 21:50 . 2015-11-03 21:51 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-11-03 21:49 . 2015-11-03 21:50 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2015-11-03 21:49 . 2015-11-03 21:49 -------- d-----w- c:\programdata\Malwarebytes 2015-11-03 21:49 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-11-03 21:49 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-11-03 21:49 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-11-03 21:28 . 2015-11-03 21:28 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-11-02 11:05 . 2015-11-02 11:05 -------- d-----w- c:\users\Flo\AppData\Local\ElevatedDiagnostics 2015-10-30 19:00 . 2015-07-01 21:08 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EB41A44-7781-4C88-BDE6-3EB3F20B28C5}\gapaengine.dll 2015-10-30 18:48 . 2015-10-30 18:48 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2015-10-25 08:49 . 2015-10-25 08:49 -------- d-----w- c:\programdata\Package Cache 2015-10-25 08:49 . 2015-10-25 08:51 -------- d-----w- c:\users\Flo\AppData\Local\elfopatch 2015-10-16 14:17 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll 2015-10-16 14:17 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll 2015-10-16 14:17 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll 2015-10-16 14:17 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll 2015-10-16 14:17 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-10-16 14:17 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll 2015-10-16 14:17 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll 2015-10-14 16:55 . 2015-09-17 23:46 3960832 ----a-w- c:\windows\system32\jscript9.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-10-26 10:15 . 2012-09-01 12:35 34720 ---ha-w- c:\windows\system32\hamachi.sys 2015-10-18 10:09 . 2012-04-05 19:07 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-10-18 10:09 . 2012-03-24 19:00 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-10-14 18:46 . 2012-03-26 14:33 143481208 ----a-w- c:\windows\system32\MRT.exe 2015-09-29 02:58 . 2015-10-14 16:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-09-05 19:31 . 2014-10-26 13:25 317632 ----a-w- c:\windows\system32\drivers\cbfltfs3.sys 2015-09-02 03:04 . 2015-09-09 09:07 41984 ----a-w- c:\windows\system32\lpk.dll 2015-09-02 03:04 . 2015-09-09 09:07 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-09-02 03:04 . 2015-09-09 09:07 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-09-02 03:04 . 2015-09-09 09:07 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-09-02 02:48 . 2015-09-09 09:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-09-02 02:48 . 2015-09-09 09:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-09-02 02:48 . 2015-09-09 09:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-09-02 02:47 . 2015-09-09 09:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-09-02 01:51 . 2015-09-09 09:07 3209216 ----a-w- c:\windows\system32\win32k.sys 2015-09-02 01:47 . 2015-09-09 09:07 372736 ----a-w- c:\windows\system32\atmfd.dll 2015-09-02 01:33 . 2015-09-09 09:07 299520 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-08-27 18:18 . 2015-09-09 09:07 2004480 ----a-w- c:\windows\system32\msxml6.dll 2015-08-27 18:18 . 2015-09-09 09:07 1887232 ----a-w- c:\windows\system32\msxml3.dll 2015-08-27 18:13 . 2015-09-09 09:07 2048 ----a-w- c:\windows\system32\msxml6r.dll 2015-08-27 18:13 . 2015-09-09 09:07 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-08-27 17:58 . 2015-09-09 09:07 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll 2015-08-27 17:58 . 2015-09-09 09:07 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-08-27 17:51 . 2015-09-09 09:07 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll 2015-08-27 17:51 . 2015-09-09 09:07 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 194824 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-10-14 2901584] "MusicManager"="c:\users\Flo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-08-13 7646208] "GoogleChromeAutoLaunch_113C8DD36E5867E6D61A3F35DE4397B3"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-20 811848] "Dropbox Update"="c:\users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-22 134512] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-09-27 57981568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "EaseUS EPM tray"="f:\easeus partition master 10.2\bin\EpmNews.exe" [2014-11-18 2089056] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-10-26 5565448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-25 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 ajyhbmrl;ajyhbmrl;c:\windows\system32\drivers\ajyhbmrl.sys;c:\windows\SYSNATIVE\drivers\ajyhbmrl.sys [x] R1 ddhkfnib;ddhkfnib;c:\windows\system32\drivers\ddhkfnib.sys;c:\windows\SYSNATIVE\drivers\ddhkfnib.sys [x] R1 jcsbsvgk;jcsbsvgk;c:\windows\system32\drivers\jcsbsvgk.sys;c:\windows\SYSNATIVE\drivers\jcsbsvgk.sys [x] R1 krarqcqm;krarqcqm;c:\windows\system32\drivers\krarqcqm.sys;c:\windows\SYSNATIVE\drivers\krarqcqm.sys [x] R1 mtmrxqcn;mtmrxqcn;c:\windows\system32\drivers\mtmrxqcn.sys;c:\windows\SYSNATIVE\drivers\mtmrxqcn.sys [x] R1 nghiqpmj;nghiqpmj;c:\windows\system32\drivers\nghiqpmj.sys;c:\windows\SYSNATIVE\drivers\nghiqpmj.sys [x] R1 pjbslzyq;pjbslzyq;c:\windows\system32\drivers\pjbslzyq.sys;c:\windows\SYSNATIVE\drivers\pjbslzyq.sys [x] R1 uivjiqam;uivjiqam;c:\windows\system32\drivers\uivjiqam.sys;c:\windows\SYSNATIVE\drivers\uivjiqam.sys [x] R1 vqfdnoyg;vqfdnoyg;c:\windows\system32\drivers\vqfdnoyg.sys;c:\windows\SYSNATIVE\drivers\vqfdnoyg.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x] R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] R4 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe [x] R4 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [x] S1 cbfltfs3;cbfltfs3;c:\windows\system32\drivers\cbfltfs3.sys;c:\windows\SYSNATIVE\drivers\cbfltfs3.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe;c:\program files\FRITZ!Fernzugang\avmike.exe [x] S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe;c:\program files\FRITZ!Fernzugang\certsrv.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [x] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys;c:\windows\SYSNATIVE\DRIVERS\avmnwim.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-10-25 13:31 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:09] . 2015-11-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job - c:\users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22 09:56] . 2015-11-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job - c:\users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22 09:56] . 2015-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 17:17] . 2015-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02 17:17] . 2015-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job - c:\users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14 20:18] . 2015-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job - c:\users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14 20:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2015-10-12 23:34 232712 ----a-w- c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~2\Microsoft Office\Office12\EXCEL.EXE/3000 Trusted Zone: dyndns.org\stb-unterstaller-mu TCP: Interfaces\{8A66BF53-9C2A-4682-8078-92E8F29895C9}: NameServer = 192.168.2.1 TCP: Interfaces\{B67D2E28-BF2E-4659-B60F-AC90803A99B2}: NameServer = 192.168.2.1 FF - ProfilePath - c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?tab=wc FF - prefs.js: network.proxy.ftp - 212.156.86.242 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.http - 212.156.86.242 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 212.156.86.242 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 212.156.86.242 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.19" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-11-05 20:14:53 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-11-05 19:14 . Vor Suchlauf: 6.489.808.896 Bytes frei Nach Suchlauf: 5.531.258.880 Bytes frei . - - End Of File - - BABE8D7284D6D27BE43FFE0FDC6795A2 A36C5E4F47E84449FF07ED3517B43A31 |
05.11.2015, 21:57 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
06.11.2015, 00:01 | #6 |
| Windows 7: PDF mit Endung .scr geöffnet No Malware found Hier das Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.11.05.06 rootkit: v2015.11.04.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.17519 Flo :: FLO-PC [administrator] 05.11.2015 23:47:21 mbar-log-2015-11-05 (23-47-21).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 357834 Time elapsed: 10 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
06.11.2015, 09:53 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
06.11.2015, 22:18 | #8 |
| Windows 7: PDF mit Endung .scr geöffnet adwCleaner: Code:
ATTFilter # AdwCleaner v5.018 - Bericht erstellt am 06/11/2015 um 22:05:01 # Aktualisiert am 05/11/2015 von Xplode # Datenbank : 2015-11-03.2 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x64) # Benutzername : Flo - FLO-PC # Gestartet von : F:\Download\AdwCleaner_5.018.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\youtubeunblocker__web@unblocker.yt ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} [-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}] [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90} [-] Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Internetbrowser ] ***** [-] [C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] [-] [C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2752 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 7 Professional x64 Ran by Flo on 06.11.2015 at 22:08:15,07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_113C8DD36E5867E6D61A3F35DE4397B3 ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Flo\AppData\Roaming\pdfforge ~~~ FireFox Emptied folder: C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\jmgk1sir.default\minidumps [210 files] ~~~ Chrome [C:\Users\Flo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Flo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Flo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Flo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.11.2015 at 22:11:00,44 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015 durchgeführt von Flo (Administrator) auf FLO-PC (06-11-2015 22:14:44) Gestartet von F:\Download Geladene Profile: Flo (Verfügbare Profile: Flo) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [EaseUS EPM tray] => F:\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-10-26] (LogMeIn Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [MusicManager] => C:\Users\Flo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Dropbox Update] => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-03-25] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{2201656A-CB43-4010-9B52-D9BA152DDFC4}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{8A66BF53-9C2A-4682-8078-92E8F29895C9}: [NameServer] 192.168.2.1 Tcpip\..\Interfaces\{A2043950-7D9E-497C-A489-F50F04C019B1}: [DhcpNameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{B67D2E28-BF2E-4659-B60F-AC90803A99B2}: [NameServer] 192.168.2.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-14] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-15] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default FF Homepage: hxxps://www.google.com/calendar/render?tab=wc FF NetworkProxy: "backup.ftp", "188.56.41.254" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "188.56.41.254" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "188.56.41.254" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "212.156.86.242" FF NetworkProxy: "ftp_port", 80 FF NetworkProxy: "http", "212.156.86.242" FF NetworkProxy: "http_port", 80 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "212.156.86.242" FF NetworkProxy: "socks_port", 80 FF NetworkProxy: "ssl", "212.156.86.242" FF NetworkProxy: "ssl_port", 80 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll [Keine Datei] FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-18] (EA Digital Illusions CE AB) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2090188890-1994155989-3754954223-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin HKU\S-1-5-21-2090188890-1994155989-3754954223-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Extension: Battlefield Heroes Updater - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\battlefieldheroespatcher@ea.com [2013-10-06] [ist nicht signiert] FF Extension: Video MPEG4 Player Pro - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\{871f6975-d488-48d4-84eb-d9b382626948}.xpi [2015-08-26] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25] FF Extension: ZIP Plugin Free - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\jmgk1sir.default\Extensions\{fb33f250-65f0-4067-9752-9cb63be2ff60}.xpi [2015-10-31] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-01] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin) S2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin) S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-01-28] () S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [204096 2014-01-28] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-10-26] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-07] (Electronic Arts) S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-20] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 cbfltfs3; C:\Windows\system32\drivers\cbfltfs3.sys [317632 2015-09-05] (EldoS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-07] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [Datei ist nicht signiert] S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Datei ist nicht signiert] S1 ajyhbmrl; \??\C:\Windows\system32\drivers\ajyhbmrl.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 ddhkfnib; \??\C:\Windows\system32\drivers\ddhkfnib.sys [X] S1 jcsbsvgk; \??\C:\Windows\system32\drivers\jcsbsvgk.sys [X] S1 krarqcqm; \??\C:\Windows\system32\drivers\krarqcqm.sys [X] S1 mtmrxqcn; \??\C:\Windows\system32\drivers\mtmrxqcn.sys [X] S1 nghiqpmj; \??\C:\Windows\system32\drivers\nghiqpmj.sys [X] S1 pjbslzyq; \??\C:\Windows\system32\drivers\pjbslzyq.sys [X] S1 uivjiqam; \??\C:\Windows\system32\drivers\uivjiqam.sys [X] S1 vqfdnoyg; \??\C:\Windows\system32\drivers\vqfdnoyg.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-06 22:11 - 2015-11-06 22:11 - 00001976 _____ C:\Users\Flo\Desktop\JRT.txt 2015-11-06 22:08 - 2015-10-05 23:26 - 01801288 _____ (Malwarebytes) C:\Users\Flo\Desktop\JRT.exe 2015-11-06 22:01 - 2015-11-06 22:05 - 00000000 ____D C:\AdwCleaner 2015-11-05 23:47 - 2015-11-05 23:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-05 23:46 - 2015-11-05 23:58 - 00000000 ____D C:\Users\Flo\Desktop\mbar 2015-11-05 20:14 - 2015-11-05 20:14 - 00033190 _____ C:\ComboFix.txt 2015-11-05 20:05 - 2015-11-05 20:14 - 00000000 ____D C:\Qoobox 2015-11-05 20:05 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-05 20:05 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-05 20:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-05 20:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-05 20:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-05 20:05 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-05 20:05 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-05 20:05 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-05 20:04 - 2015-11-05 20:13 - 00000000 ____D C:\Windows\erdnt 2015-11-05 20:04 - 2015-11-05 20:04 - 05637844 ____R (Swearware) C:\Users\Flo\Desktop\ComboFix.exe 2015-11-03 23:27 - 2015-11-03 22:56 - 00069926 _____ C:\Users\Flo\Desktop\Addition.txt 2015-11-03 23:27 - 2015-11-03 22:56 - 00067968 _____ C:\Users\Flo\Desktop\FRST.txt 2015-11-03 23:23 - 2015-11-03 23:23 - 00004221 _____ C:\Users\Flo\Desktop\Gmer.log 2015-11-03 23:00 - 2015-11-03 23:00 - 00001273 _____ C:\Users\Flo\Desktop\Malwarebytes.txt 2015-11-03 22:53 - 2015-11-03 22:52 - 00000538 _____ C:\Users\Flo\Desktop\defogger_disable.log 2015-11-03 22:53 - 2015-11-03 22:51 - 00380416 _____ C:\Users\Flo\Desktop\Gmer-19357.exe 2015-11-03 22:53 - 2015-11-03 22:51 - 00050477 _____ C:\Users\Flo\Desktop\Defogger.exe 2015-11-03 22:53 - 2015-11-03 22:47 - 02198016 _____ (Farbar) C:\Users\Flo\Desktop\FRST64.exe 2015-11-03 22:52 - 2015-11-06 22:14 - 00000000 ____D C:\FRST 2015-11-03 22:52 - 2015-11-03 22:52 - 00000168 _____ C:\Users\Flo\defogger_reenable 2015-11-03 22:50 - 2015-11-05 23:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-03 22:50 - 2015-11-03 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-03 22:49 - 2015-11-05 23:46 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-03 22:49 - 2015-11-03 22:50 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-03 22:49 - 2015-11-03 22:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-03 22:49 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-03 22:49 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-03 22:28 - 2015-11-03 22:28 - 00001286 _____ C:\Users\Flo\Desktop\Revo Uninstaller.lnk 2015-11-03 22:28 - 2015-11-03 22:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-10-30 19:48 - 2015-10-30 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-10-30 19:48 - 2015-10-30 19:48 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-10-26 16:00 - 2015-10-26 16:00 - 00000220 _____ C:\Users\Flo\Desktop\The Ship.url 2015-10-26 16:00 - 2015-10-26 16:00 - 00000220 _____ C:\Users\Flo\Desktop\The Ship Tutorial.url 2015-10-26 16:00 - 2015-10-26 16:00 - 00000220 _____ C:\Users\Flo\Desktop\The Ship Single Player.url 2015-10-25 09:49 - 2015-10-25 09:51 - 00000000 ____D C:\Users\Flo\AppData\Local\elfopatch 2015-10-25 09:49 - 2015-10-25 09:49 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-18 11:18 - 2015-10-18 11:18 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-16 15:17 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-16 15:17 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-16 15:17 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-16 15:17 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-14 17:56 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-14 17:56 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-14 17:56 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-10-14 17:56 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-10-14 17:56 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-10-14 17:56 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-10-14 17:56 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-10-14 17:56 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-10-14 17:56 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-10-14 17:56 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-10-14 17:56 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-10-14 17:56 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-10-14 17:56 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-10-14 17:56 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-10-14 17:56 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-10-14 17:56 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-10-14 17:56 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-10-14 17:56 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-10-14 17:56 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-10-14 17:56 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-10-14 17:56 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-10-14 17:56 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-10-14 17:56 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-10-14 17:56 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-10-14 17:56 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-10-14 17:56 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-10-14 17:56 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-14 17:56 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-10-14 17:56 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-10-14 17:56 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-10-14 17:56 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-10-14 17:56 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-10-14 17:56 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-10-14 17:56 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-10-14 17:56 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 17:56 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-10-14 17:56 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-10-14 17:56 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-14 17:56 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-10-14 17:56 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-14 17:56 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-14 17:56 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-10-14 17:56 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-14 17:56 - 2015-09-18 00:47 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-14 17:56 - 2015-09-18 00:46 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-14 17:56 - 2015-09-17 21:44 - 14290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-14 17:56 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-10-14 17:56 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-10-14 17:56 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-10-14 17:56 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-10-14 17:56 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-10-14 17:56 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-10-14 17:56 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-10-14 17:56 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-10-14 17:56 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-10-14 17:56 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-14 17:56 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-10-14 17:56 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-14 17:56 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-10-14 17:56 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-14 17:55 - 2015-09-18 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-14 17:55 - 2015-09-18 00:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-14 17:55 - 2015-09-18 00:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-10-14 17:55 - 2015-09-18 00:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-14 17:55 - 2015-09-18 00:46 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-10-14 17:55 - 2015-09-18 00:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-10-14 17:55 - 2015-09-17 21:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-14 17:55 - 2015-09-17 21:43 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-10-14 17:55 - 2015-09-17 21:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-10-14 17:55 - 2015-09-17 19:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-10-14 17:55 - 2015-09-17 19:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-10-14 17:55 - 2015-09-17 19:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-14 17:55 - 2015-09-17 19:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-14 17:55 - 2015-09-17 19:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-10-14 17:55 - 2015-09-17 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-10-12 20:10 - 2015-10-12 20:10 - 00001110 _____ C:\Users\Public\Desktop\Picasa 3.lnk 2015-10-12 20:09 - 2015-10-12 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-06 22:14 - 2015-06-22 10:56 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job 2015-11-06 22:14 - 2012-03-24 17:51 - 01230468 _____ C:\Windows\WindowsUpdate.log 2015-11-06 22:13 - 2009-07-14 05:45 - 00025520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-06 22:13 - 2009-07-14 05:45 - 00025520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-06 22:11 - 2009-07-14 18:58 - 00702942 _____ C:\Windows\system32\perfh007.dat 2015-11-06 22:11 - 2009-07-14 18:58 - 00150582 _____ C:\Windows\system32\perfc007.dat 2015-11-06 22:11 - 2009-07-14 06:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-06 22:09 - 2012-04-05 20:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-06 22:06 - 2014-08-02 12:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-06 22:06 - 2013-10-09 20:41 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-06 22:06 - 2012-09-01 13:35 - 00000000 ____D C:\Users\Flo\AppData\Local\LogMeIn Hamachi 2015-11-06 22:06 - 2012-03-24 21:24 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Skype 2015-11-06 22:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-06 22:06 - 2009-07-14 05:51 - 00092845 _____ C:\Windows\setupact.log 2015-11-05 23:45 - 2014-12-26 12:25 - 00000000 ____D C:\Users\Flo\AppData\Local\Battle.net 2015-11-05 23:30 - 2014-08-02 12:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-05 23:30 - 2014-02-14 22:31 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job 2015-11-05 20:44 - 2015-06-22 10:58 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm 2015-11-05 20:30 - 2014-02-14 22:31 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job 2015-11-05 20:14 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default 2015-11-05 20:13 - 2015-06-22 10:56 - 00001164 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job 2015-11-05 20:12 - 2012-03-25 14:55 - 00177586 _____ C:\Windows\PFRO.log 2015-11-05 20:12 - 2009-07-14 03:34 - 93323264 _____ C:\Windows\system32\config\software.bak 2015-11-05 20:12 - 2009-07-14 03:34 - 19660800 _____ C:\Windows\system32\config\system.bak 2015-11-05 20:12 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\default.bak 2015-11-05 20:12 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2015-11-05 20:12 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2015-11-05 20:12 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-03 22:52 - 2012-03-24 17:51 - 00000000 ____D C:\Users\Flo 2015-11-01 14:37 - 2013-05-27 21:40 - 00001199 _____ C:\Users\Public\Desktop\BinTube.lnk 2015-10-30 20:00 - 2014-12-23 19:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-26 16:33 - 2013-06-08 12:42 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-10-26 16:00 - 2013-10-09 20:46 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-10-26 14:57 - 2014-04-29 08:49 - 00002038 ____H C:\Users\Flo\Documents\Default.rdp 2015-10-26 11:24 - 2015-10-06 17:51 - 00000000 ____D C:\Games 2015-10-26 11:15 - 2012-09-01 13:35 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-10-25 14:31 - 2014-08-02 12:42 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-25 09:52 - 2012-08-11 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-10-19 15:34 - 2014-12-26 12:26 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-10-19 15:33 - 2015-03-07 21:56 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Ubisoft 2015-10-19 15:33 - 2012-09-01 10:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-10-19 15:33 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-10-19 11:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-10-18 11:18 - 2013-10-31 22:40 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Dropbox 2015-10-18 11:09 - 2012-04-05 20:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-18 11:09 - 2012-04-05 20:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-18 11:09 - 2012-03-24 20:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-16 15:51 - 2014-12-13 19:25 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-16 15:51 - 2014-04-30 00:33 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-16 15:23 - 2014-12-02 10:53 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-10-14 19:51 - 2013-08-15 18:11 - 00000000 ____D C:\Windows\system32\MRT 2015-10-14 19:46 - 2012-03-26 15:33 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-10-14 19:46 - 2012-03-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-10-12 20:10 - 2013-10-29 19:29 - 00000000 ____D C:\Users\Flo\AppData\Local\Google 2015-10-12 20:09 - 2014-08-02 12:41 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-08 19:21 - 2015-04-04 13:10 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-08 19:21 - 2015-04-04 13:10 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-08 19:08 - 2012-03-24 21:24 - 00000000 ____D C:\ProgramData\Skype 2015-10-08 19:07 - 2012-03-24 20:32 - 00108976 _____ C:\Users\Flo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-10-08 19:07 - 2009-07-14 05:45 - 00411368 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-05-26 14:54 - 2010-11-05 02:57 - 0055632 _____ (Microsoft Corporation) C:\Users\Flo\AppData\Roaming\ICQ7.exe 2013-10-15 15:48 - 2013-10-15 15:49 - 0038419 _____ () C:\Users\Flo\AppData\Roaming\Kommagetrennte Werte (DOS).ADR 2013-12-01 00:36 - 2014-02-11 10:01 - 0008704 _____ () C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-09-11 18:16 - 2015-09-11 18:16 - 0000600 _____ () C:\Users\Flo\AppData\Local\PUTTY.RND Einige Dateien in TEMP: ==================== C:\Users\Flo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-02 12:32 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-11-2015 durchgeführt von Flo (2015-11-06 22:15:04) Gestartet von F:\Download Windows 7 Professional Service Pack 1 (X64) (2012-03-24 16:51:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2090188890-1994155989-3754954223-500 - Administrator - Disabled) Flo (S-1-5-21-2090188890-1994155989-3754954223-1000 - Administrator - Enabled) => C:\Users\Flo Gast (S-1-5-21-2090188890-1994155989-3754954223-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2090188890-1994155989-3754954223-1002 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) AC3Filter 2.1a (HKLM-x32\...\AC3Filter_is1) (Version: 2.1a - Alexander Vigovsky) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{47F9B7C3-F172-940F-D0C4-203C7914E5D2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) BinTube Ultimate 4.3.0.0 (HKLM-x32\...\BinTube Usenet Reader) (Version: 4.3.0.0 - BinTube.com) BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.1.102 - BodyMedia, Inc.) BodyMedia SYNC (x32 Version: 2.3.1.102 - BodyMedia, Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{2B73426A-9499-4875-BAE9-8DD729009399}) (Version: 1.47.0 - Kovid Goyal) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dropbox (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.) DVD-Cover Printmaster 1.4 (HKLM-x32\...\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}) (Version: 1.4 - biu software) EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen) ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - ) Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.) FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin) Games (HKLM\...\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.26.00.06 - Huawei Technologies Co.,Ltd) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iPhone Backup Extractor (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\iPhone Backup Extractor) (Version: 4.6.6.0 - Reincubate Ltd) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.406 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.406 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MP4 To MP3 Converter V3.0 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net) Music Manager (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\MusicManager) (Version: - Google, Inc.) Omron Health Management Software (HKLM-x32\...\{5441F067-5AF8-4284-9A8C-FD98DF05C981}) (Version: 1.50.0007 - Omron Healthcare) Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.) PowerLine Utility (HKLM-x32\...\{A5E1CA04-799E-495C-A084-AB48AEF00CCB}) (Version: 1.2.204 - TP-LINK) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{6B442DEB-80DA-4659-BD19-51853A27A028}) (Version: 5.40.29 - Silicon Laboratories, Inc.) Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) sv.net (HKLM-x32\...\sv.net) (Version: 14.0 - ITSG GmbH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 3 (HKLM-x32\...\TeamViewer 3) (Version: - TeamViewer GmbH) The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.) The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.) The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version: - Outerlight) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17055 - Blizzard Entertainment) World of Warships (HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei ==================== Wiederherstellungspunkte ========================= 30-10-2015 20:00:00 Windows Update 03-11-2015 19:36:42 Windows Update 03-11-2015 22:29:58 Revo Uninstaller's restore point - NexusFont 2.5 (ver 2.5.8.1582) 03-11-2015 22:32:18 Revo Uninstaller's restore point - PhonerLite 2.16 03-11-2015 22:34:33 Revo Uninstaller's restore point - WinPcap 4.1.2 05-11-2015 20:05:07 ComboFix created restore point 06-11-2015 22:08:16 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-11-05 20:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {033B08AC-D341-4427-B77D-C489BA23C713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1D6BA97A-53C3-4A95-A2C4-0A731500FC5C} - System32\Tasks\{EBD3FF75-AF8F-4C97-BD38-BA025E818EAC} => pcalua.exe -a "F:\Usenet\Usenet-Space-Cowboys]O&amp_O DiskRecovery 8.0.345\O&amp;O DiskRecovery 8.0.345 Tech Edition Final (32-64bit) Incl [+ serial].exe" -d "F:\Usenet\Usenet-Space-Cowboys]O&amp_O DiskRecovery 8.0.345" Task: {54A5432E-D657-49CF-9D84-EF8D7CE2AA48} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) Task: {5FAA3B23-57D1-4811-95BC-8AD0C71A9EF9} - System32\Tasks\{BD9BBACD-2E18-4E9E-ADA5-CFC8CFBE13C8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.259/de/abandoninstall?source=lightinstaller&page=tsPlugin Task: {68213E78-2C71-4C03-A5A4-8977137F5720} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.) Task: {8335BE18-7968-406B-A468-E78705D09CC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {8EAFE18E-316F-4649-8173-D8CC9F4F6F42} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.) Task: {90FD5B3E-17EC-4EFD-AE38-CEDC21895C62} - System32\Tasks\{18580066-AC2C-44DA-8238-01EEA3FBC63A} => pcalua.exe -a "C:\Users\Flo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5NH4JRQ\Firefox%20Setup%2011.0[1].exe" -d C:\Users\Flo\Desktop Task: {91C00161-77E9-4D72-8EF7-6730C305850F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {B5250B7A-4F5B-4C9A-9067-D8571491AA96} - System32\Tasks\{E42F3E4F-D957-48D1-8DF9-1BE3B07A6891} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.259/de/abandoninstall?source=lightinstaller&page=tsInstall Task: {C8988A74-372E-4A0E-94D7-5CF0C8F6E652} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated) Task: {D2E9184B-EB31-4F32-A6E7-C36505618ED7} - System32\Tasks\{ADBDF2F4-C5F6-4E78-8AC0-E9A13C0C190A} => pcalua.exe -a F:\Download\OOUnErase6Ger.exe -d F:\Download Task: {F1BE585E-D483-4611-86C7-3107CD470CDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job => C:\Users\Flo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000Core.job => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090188890-1994155989-3754954223-1000UA.job => C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\...\dyndns.org -> hxxps://stb-unterstaller-mu.dyndns.org ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall ist deaktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^Users^Flo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!Fernzugang.lnk => C:\Windows\pss\FRITZ!Fernzugang.lnk.Startup MSCONFIG\startupreg: icq.exe => C:\Users\Flo\AppData\Local\icq.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{D3308726-2DAA-4419-AC15-EE3CCA1CF52C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{84C3112C-78F9-4928-8BC3-EB34B9848DD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DB2177C0-7A61-4BE2-A663-889AF9231B44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A89E4CE2-4DE0-4270-8062-B1ED7C1DF68D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E7051D8E-19AF-4340-AB8F-A964115A35F2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{159A3C87-3CC6-4DFF-A0D5-8526A33E4D6C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{625EDA07-A864-43A6-A406-F8C169040A1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{4D8D344B-E378-4D34-8788-E32397D87031}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{C819801A-75E8-46FC-B3F1-98758FE9D02F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{83567CAA-982E-4BE2-AB80-736656E9F7AB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{10561202-D20D-4C66-9AD3-5EBF330EE5CC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe FirewallRules: [{64F05E1B-C358-4642-AF0E-A24150548A7D}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{0F93A9B2-9B85-4AE9-8884-29C4D59F7EF5}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{2A1C288C-0897-4B6C-B214-76459EBC1D8A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe FirewallRules: [{0C994B7D-A09F-4E87-8805-9896D05DD8A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe FirewallRules: [{5733A598-07E4-4048-A207-51D5E863FD0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe FirewallRules: [{0A546F3B-2BAD-404A-8B12-5AA5131F9D6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe FirewallRules: [{DD7731C7-E6AA-458D-9DED-52202E892BC1}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe FirewallRules: [{2F7C6AA4-D093-4236-94F3-0C414039AD96}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe FirewallRules: [{28C7228B-A9C6-4FA8-9E60-472AF13A3A84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.913\Agent.exe FirewallRules: [{DB8F9B60-1CF3-48B4-BD37-31AD801EF24D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.913\Agent.exe FirewallRules: [{9C0C0069-5277-42FA-9EE0-E37761528E6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{F736B0D1-4790-46C7-9D16-C0EDC7E54A7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{C2CAB405-1EEB-43E9-9837-B02BF22D40ED}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{3800D18C-BCE4-4012-95AB-0A67320F767D}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{0FDCF885-9ECD-42B3-8478-3005324EABC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe FirewallRules: [{3107326C-0DCA-44A2-9BE5-75BCBF9D72F3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe FirewallRules: [{42D16072-128D-4E8F-B642-99712F7F7E2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe FirewallRules: [{D0D7B2D9-52D8-4F71-85C4-D12844F57864}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe FirewallRules: [TCP Query User{9EB56B15-4D5F-4633-8360-CEAEA45B056B}C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat FirewallRules: [UDP Query User{BF644AAD-FCF8-4B2F-A33F-808AF92D8A6A}C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat] => (Allow) C:\program files (x86)\ea games\command & conquer generäle stunde null\game.dat FirewallRules: [{5FC560DF-99E0-4D8A-8005-057F20E491A4}] => (Allow) C:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe FirewallRules: [{7A42C07C-B265-4C24-BB47-6E1F95505256}] => (Allow) C:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe FirewallRules: [{A7C037DF-1834-470E-BF66-30598347D0E2}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe FirewallRules: [{E9B0B25F-87D6-475C-8863-B1CF60BC48D8}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe FirewallRules: [{5A588066-B094-4DB7-8D12-70E307DA62A8}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe FirewallRules: [{E0591F99-BC25-4582-8402-00468CE0C8CF}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe FirewallRules: [TCP Query User{0921B9EA-DD30-4B19-8BB0-6A7E6C3B6724}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe FirewallRules: [UDP Query User{79728583-0640-4B9B-9F9C-02DA2995B9AE}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe FirewallRules: [{CDE737FF-F4A9-4177-B451-D5E0D07BA5C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{6AE01900-1C14-4EC4-A20C-0B8F42CE8E81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{4D9DECD0-2C89-421B-9088-994C4D6D693A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{E896EC4C-902F-40A9-B68A-05FD167D20DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [TCP Query User{722F7B6E-861C-4F33-A4F5-E427DBCE4AD8}F:\#spiele\warcraft iii\war3.exe] => (Allow) F:\#spiele\warcraft iii\war3.exe FirewallRules: [UDP Query User{ECC97F53-E5A6-4637-9EDF-DDB99ABFA59F}F:\#spiele\warcraft iii\war3.exe] => (Allow) F:\#spiele\warcraft iii\war3.exe FirewallRules: [{88DA12B9-57FD-408F-BF90-1CEA27A26B08}] => (Block) F:\#spiele\warcraft iii\war3.exe FirewallRules: [{190E398E-5608-49A4-AA58-6C3D2BAA40BC}] => (Block) F:\#spiele\warcraft iii\war3.exe FirewallRules: [{BE591CF2-9FB5-4A23-AE8B-18ACF089341A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CDA40B63-91A0-4366-B338-2DF804710389}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E82A63F7-BBB6-4B27-896B-BB2577DD267F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos 3 Destination Berlin\readme.rtf FirewallRules: [{6F9E70AA-B3AE-485E-B93F-2CF91C7CE8F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commandos 3 Destination Berlin\readme.rtf FirewallRules: [TCP Query User{7FB56A82-BF1E-4624-A3FC-86B7DE0E9769}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{22D1F040-DB7C-498A-91A6-CD5C769D0A84}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{0534B344-4385-4D36-BFE2-CF36C8CDB1FD}] => (Block) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{013E548D-C89E-48AF-902E-CC926FEF7CBC}] => (Block) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{52909F92-B490-4A28-9A1A-61A7401A95AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{2D5C9129-180A-412B-8C97-CD402C566F72}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CDDBC453-7B6A-4BDC-8CFE-C35A8CDB8495}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{37AF35D5-F40D-4F7B-BBC0-D467B2A97B47}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7D89D24C-0A56-4955-BB0C-4A5F6E0AB839}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4697B190-0338-424B-9ACE-B808EBFBA0F0}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D092D319-E4B3-4E56-8E4E-5EA1FB57C644}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{BD91B8D3-E89D-4F97-AF98-BCB0020CFCB4}] => (Allow) C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{FC29F244-8512-490A-90D2-84EC561875AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{E573AF3A-5F92-4A90-B33B-BB44833E66D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{6E08509A-A66F-4F18-9A9C-257A96D01132}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{5C814516-C8CB-49C6-930B-A9149A6B6B3C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{2FD2A9A6-1E05-4339-9E88-4FE470111C20}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{EE8F9254-55C1-43E3-BE0C-73346E3881AD}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{D531358B-A21F-4635-92AF-D2BBA838C2BD}C:\program files (x86)\teamviewer3\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [UDP Query User{1472AA82-1A2E-4341-8906-1066F3671AB0}C:\program files (x86)\teamviewer3\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [{8B951D09-C361-4944-BD09-4964472A0089}] => (Block) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [{2F486BBE-370C-4FD5-AE3F-8C9DA4F3E5C5}] => (Block) C:\program files (x86)\teamviewer3\teamviewer.exe FirewallRules: [{ABD2513C-14F2-4D53-9A74-B517DEB78958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{15D7AEAC-3B4F-4F74-B759-CDF9E3D3DDC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{6908EB69-A508-4825-8F53-52AE39CC87EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B6B5E52E-BAB4-4142-8510-1B522BE82127}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{5AA066FA-A6A9-49E0-9896-7392F52AD684}C:\users\flo\desktop\asd\dolphin.exe] => (Allow) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [UDP Query User{03B344C7-F949-4A60-B40B-E664E1744618}C:\users\flo\desktop\asd\dolphin.exe] => (Allow) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [{AB1BF9A7-36EA-4353-8614-92A563C0D6B2}] => (Block) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [{5F39C422-02C5-4027-9872-B62A35FC90C7}] => (Block) C:\users\flo\desktop\asd\dolphin.exe FirewallRules: [{182CF8D1-A6A4-406F-9D61-7575E1400EEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{3E27CB60-85E6-4710-82E6-ABB506C0E2A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{6934F2EC-20A1-4181-A0CF-A75FB7F7998A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{4354BAB6-3888-4C3A-A990-66734F7FCDFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{3D5471EB-D415-4323-B8BC-A87EA1B89755}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{6BEAB9CC-D4F0-423C-87FA-AC46EE2B9894}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{4FC6A3E4-DDAC-40EC-8CA0-DF3BD6944C09}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{ACC497C9-DE09-4F39-895D-8F070F551562}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7BCF14DE-3D19-48A3-A481-60D3B1E1C81E}] => (Allow) F:\Battle.net\Battle.net.exe FirewallRules: [{6529E0EC-7EC9-473C-9BA4-9E1F94CF40A0}] => (Allow) F:\Battle.net\Battle.net.exe FirewallRules: [{BF2924F9-58D2-4C26-A9D2-550F2D322C0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{D3D03729-C4C9-434F-9036-822F1EFF5AE1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{255BD636-FB52-4FF7-BCC9-484424D56EA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3931B437-7191-41D9-8699-D36BDBF7710B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4C15BE32-B58A-476C-BDE7-0019CB59B558}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{07E815F3-08C6-4D46-9AEA-56E1FA2B2D65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{2B04C0F3-2EA1-48C3-8A92-47DA19909AAC}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{A2FE6B35-6804-4D54-AC26-AF65B7BF7B46}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{50127CEE-5422-41F1-BFD1-F910B537EF33}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{EF39A5C2-1B7F-4E0F-A565-BB77C7793C75}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{E1A498C6-96D7-4F1C-A489-D65E9F8E099C}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe FirewallRules: [{08F8CE0F-5930-4A73-B936-BFDE3828D65B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{28F528C9-504B-40F1-AECD-3B1FD98725C6}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship\ship.exe FirewallRules: [{57D119CF-385E-4D83-95D2-45866FFEF9D0}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship\ship.exe FirewallRules: [{73A3D56C-9A02-428E-AFD7-EDA7884DC91F}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Single Player\ship.exe FirewallRules: [{6A14822C-96DA-4B8E-83D6-53D093266C40}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Single Player\ship.exe FirewallRules: [{72E4877C-1C7B-458C-82FC-168AC7346A02}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Tutorial\ship.exe FirewallRules: [{5E801633-9242-4293-B875-315E08EAE4C2}] => (Allow) F:\#Spiele\SteamLibrary\SteamApps\common\The Ship Tutorial\ship.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Atheros AR5006X-Drahtlosnetzwerkadapter Description: Atheros AR5006X-Drahtlosnetzwerkadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Atheros AR922X Wireless Network Adapter Description: Atheros AR922X Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/06/2015 12:01:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x438 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/05/2015 08:22:52 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)" Error: (11/05/2015 08:12:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x7b4 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/04/2015 10:55:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x794 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/04/2015 10:06:50 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)" Error: (11/03/2015 11:46:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x7cc Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/03/2015 11:45:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x758 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/03/2015 11:06:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ca8 Startzeit: 01d11683c32c0ffd Endzeit: 0 Anwendungspfad: C:\Users\Flo\Desktop\Gmer-19357.exe Berichts-ID: 1c5c22a3-8277-11e5-a939-a36d623c8f44 Error: (11/02/2015 10:16:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4ff3d643 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1 ID des fehlerhaften Prozesses: 0x7e0 Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (11/02/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)" Systemfehler: ============= Error: (11/06/2015 10:10:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Software Protection" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (11/06/2015 10:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/06/2015 10:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/06/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AVM FRITZ!Fernzugang Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2015-11-05 20:10:41.279 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-11-05 20:10:41.170 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: AMD Phenom(tm) II X3 720 Processor Prozentuale Nutzung des RAM: 35% Installierter physikalischer RAM: 4095.3 MB Verfügbarer physikalischer RAM: 2634.64 MB Summe virtueller Speicher: 8188.82 MB Verfügbarer virtueller Speicher: 6621.48 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:119.24 GB) (Free:5.52 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: () (Fixed) (Total:596.07 GB) (Free:77.35 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BCFD1924) Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 145ECAB6) Partition 1: (Not Active) - (Size=1015 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=596.1 GB) - (Type=42) ==================== Ende von Addition.txt ============================ |
06.11.2015, 22:32 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S1 ajyhbmrl; \??\C:\Windows\system32\drivers\ajyhbmrl.sys [X] S1 ddhkfnib; \??\C:\Windows\system32\drivers\ddhkfnib.sys [X] S1 jcsbsvgk; \??\C:\Windows\system32\drivers\jcsbsvgk.sys [X] S1 krarqcqm; \??\C:\Windows\system32\drivers\krarqcqm.sys [X] S1 mtmrxqcn; \??\C:\Windows\system32\drivers\mtmrxqcn.sys [X] S1 nghiqpmj; \??\C:\Windows\system32\drivers\nghiqpmj.sys [X] S1 pjbslzyq; \??\C:\Windows\system32\drivers\pjbslzyq.sys [X] S1 uivjiqam; \??\C:\Windows\system32\drivers\uivjiqam.sys [X] S1 vqfdnoyg; \??\C:\Windows\system32\drivers\vqfdnoyg.sys [X] C:\Windows\system32\drivers\ajyhbmrl.sys C:\Windows\system32\drivers\ddhkfnib.sys C:\Windows\system32\drivers\jcsbsvgk.sys C:\Windows\system32\drivers\krarqcqm.sys C:\Windows\system32\drivers\mtmrxqcn.sys C:\Windows\system32\drivers\nghiqpmj.sys C:\Windows\system32\drivers\pjbslzyq.sys C:\Windows\system32\drivers\uivjiqam.sys C:\Windows\system32\drivers\vqfdnoyg.sys Removeproxy: EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
06.11.2015, 22:39 | #10 |
| Windows 7: PDF mit Endung .scr geöffnetCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-11-2015 durchgeführt von Flo (2015-11-06 22:37:29) Run:1 Gestartet von F:\Download Geladene Profile: Flo (Verfügbare Profile: Flo) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** S1 ajyhbmrl; \??\C:\Windows\system32\drivers\ajyhbmrl.sys [X] S1 ddhkfnib; \??\C:\Windows\system32\drivers\ddhkfnib.sys [X] S1 jcsbsvgk; \??\C:\Windows\system32\drivers\jcsbsvgk.sys [X] S1 krarqcqm; \??\C:\Windows\system32\drivers\krarqcqm.sys [X] S1 mtmrxqcn; \??\C:\Windows\system32\drivers\mtmrxqcn.sys [X] S1 nghiqpmj; \??\C:\Windows\system32\drivers\nghiqpmj.sys [X] S1 pjbslzyq; \??\C:\Windows\system32\drivers\pjbslzyq.sys [X] S1 uivjiqam; \??\C:\Windows\system32\drivers\uivjiqam.sys [X] S1 vqfdnoyg; \??\C:\Windows\system32\drivers\vqfdnoyg.sys [X] C:\Windows\system32\drivers\ajyhbmrl.sys C:\Windows\system32\drivers\ddhkfnib.sys C:\Windows\system32\drivers\jcsbsvgk.sys C:\Windows\system32\drivers\krarqcqm.sys C:\Windows\system32\drivers\mtmrxqcn.sys C:\Windows\system32\drivers\nghiqpmj.sys C:\Windows\system32\drivers\pjbslzyq.sys C:\Windows\system32\drivers\uivjiqam.sys C:\Windows\system32\drivers\vqfdnoyg.sys Removeproxy: EmptyTemp: ***************** ajyhbmrl => Dienst erfolgreich entfernt ddhkfnib => Dienst erfolgreich entfernt jcsbsvgk => Dienst erfolgreich entfernt krarqcqm => Dienst erfolgreich entfernt mtmrxqcn => Dienst erfolgreich entfernt nghiqpmj => Dienst erfolgreich entfernt pjbslzyq => Dienst erfolgreich entfernt uivjiqam => Dienst erfolgreich entfernt vqfdnoyg => Dienst erfolgreich entfernt "C:\Windows\system32\drivers\ajyhbmrl.sys" => nicht gefunden. "C:\Windows\system32\drivers\ddhkfnib.sys" => nicht gefunden. "C:\Windows\system32\drivers\jcsbsvgk.sys" => nicht gefunden. "C:\Windows\system32\drivers\krarqcqm.sys" => nicht gefunden. "C:\Windows\system32\drivers\mtmrxqcn.sys" => nicht gefunden. "C:\Windows\system32\drivers\nghiqpmj.sys" => nicht gefunden. "C:\Windows\system32\drivers\pjbslzyq.sys" => nicht gefunden. "C:\Windows\system32\drivers\uivjiqam.sys" => nicht gefunden. "C:\Windows\system32\drivers\vqfdnoyg.sys" => nicht gefunden. ========= RemoveProxy: ========= HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt HKU\S-1-5-21-2090188890-1994155989-3754954223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt ========= Ende von RemoveProxy: ========= EmptyTemp: => 279.9 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 22:37:37 ==== |
06.11.2015, 23:04 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2015, 12:44 | #12 |
| Windows 7: PDF mit Endung .scr geöffnet MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 08.11.2015 Suchlaufzeit: 00:41 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.11.07.06 Rootkit-Datenbank: v2015.11.04.02 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Flo Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 356857 Abgelaufene Zeit: 5 Min., 36 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=c3896545bb950e4b8c21fadaac359c6f # end=init # utc_time=2015-11-07 11:52:11 # local_time=2015-11-08 12:52:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26617 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=c3896545bb950e4b8c21fadaac359c6f # end=updated # utc_time=2015-11-07 11:54:32 # local_time=2015-11-08 12:54:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=c3896545bb950e4b8c21fadaac359c6f # engine=26617 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-11-08 12:02:46 # local_time=2015-11-08 01:02:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 14391815 141122176 0 0 # scanned=166834 # found=0 # cleaned=0 # scan_time=493 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=c3896545bb950e4b8c21fadaac359c6f # end=init # utc_time=2015-11-08 12:03:32 # local_time=2015-11-08 01:03:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 26617 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=c3896545bb950e4b8c21fadaac359c6f # end=updated # utc_time=2015-11-08 12:03:47 # local_time=2015-11-08 01:03:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=c3896545bb950e4b8c21fadaac359c6f # engine=26617 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-11-08 11:10:23 # local_time=2015-11-08 12:10:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 14431872 141162233 0 0 # scanned=406106 # found=3 # cleaned=0 # scan_time=39995 sh=1C9BD651288D9CE6AB7F2091EB55B7A552F3AFB6 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5cc150e-56d051bf" sh=CD2FEC35D17773494DD289E84B1AE3BC0B180AFB ft=1 fh=678275574c7e0c41 vn="Variante von Win32/Reveton.O.Gen Trojaner" ac=I fn="C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3819a8f1" sh=5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 ft=0 fh=0000000000000000 vn="Java/Agent.FH Trojaner" ac=I fn="C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\44b66df0-38c56b65" Code:
ATTFilter Results of screen317's Security Check version 1.009 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 19.0.0.226 Adobe Reader XI Mozilla Firefox 38.0.5 Firefox out of Date! Google Chrome (46.0.2490.71) Google Chrome (46.0.2490.80) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
08.11.2015, 15:26 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet Java und Adobe Reader deinstallieren. Beides wird im Prinzip nicht mehr benötigt. FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
09.11.2015, 01:30 | #14 |
| Windows 7: PDF mit Endung .scr geöffnetCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-11-2015 durchgeführt von Flo (2015-11-09 01:23:07) Run:2 Gestartet von F:\Download Geladene Profile: Flo (Verfügbare Profile: Flo) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 EmptyTemp: ***************** C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => erfolgreich verschoben EmptyTemp: => 1.1 GB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 01:23:12 ==== |
09.11.2015, 09:45 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: PDF mit Endung .scr geöffnet Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows 7: PDF mit Endung .scr geöffnet |
adobe, bonjour, converter, defender, desktop, dnsapi.dll, explorer, firefox, flash player, google, hijack, hijackthis, homepage, installation, logfile, mozilla, prozesse, registry, revo uninstaller, scan, security, services.exe, software, svchost.exe, system, warnung, windows |