| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Automatisches öffnen von Werbeseiten.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.11.2015, 23:23
| #1 |
 |  Windows 7: Automatisches öffnen von Werbeseiten. Schönen guten Abend (Tag?) allerseits! Seit kurzen habe ich folgendes Problem: diverse Internetseiten (oft mit werbung) öffnen sich hin und wieder in meinem Browser(Firefox). Sie öffnen sich eigentlich nur wenn ich schon auf FF bin. Hier ein paar dieser seiten: - Loading (wenn ich sie aktualisiere oder nach einer ungewissen Zeit verwandelt sie sich in "tauchen-und-reisen24.de) - adspserving.com (wird auch oft zu einer anderen Seite, auch Webung) - n159adserv.com - orion.zerohorizon.net (warscheinlich am häufigsten). Ich habe verschiedene Programme laufen lassen, die bei vorherigen eingefangenen Adwaren Problemlos funktioniert haben: Adware cleaner, MBAM, Avast scan Hier dir logs, in der selben Reinfolge: (ausser AVAST logs) Adwcleaner: Code:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 23/11/2015 um 19:30:36
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-22.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Familie - FAMILIE-PC
# Gestartet von : C:\Users\Familie\Downloads\adwcleaner_5.022.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
Dienst Gefunden : sp_rsdrv2
***** [ Ordner ] *****
Ordner Gefunden : C:\Program Files (x86)\Common Files\tencent
Ordner Gefunden : C:\ProgramData\tencent
Ordner Gefunden : C:\Users\Familie\AppData\Roaming\tencent
***** [ Dateien ] *****
Datei Gefunden : C:\Windows\launcher.exe
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\CLASSES\METNSD
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_fr_166]
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Kromtech
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden : HKU\.DEFAULT\Software\AppDataLow\Software\Freeven pro 1.2
Schlüssel Gefunden : HKU\.DEFAULT\Software\AppDataLow\Software\MediaPlayerplus
Schlüssel Gefunden : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Freeven pro 1.2
Schlüssel Gefunden : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MediaPlayerplus
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.certified-toolbar.com?si=38268&home=true&tid=77
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=38268&home=true&tid=77
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=38268&tid=77&bs=true&q=
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.certified-toolbar.com?si=38268&tid=77&bs=true&q=
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.certified-toolbar.com?si=38268&tid=77&bs=true&q=
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=38268&home=true&tid=77
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=38268&home=true&tid=77
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=38268&tid=77&bs=true&q=
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=38268&tid=77&bs=true&q=
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=38268&tid=77&bs=true&q=
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)] - hxxp://search.certified-toolbar.com?si=38268&bs=true&tid=77&q=%s
Daten Gefunden : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=38268&bs=true&tid=77&q=%s
Daten Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchURI [(Default)] - hxxp://search.certified-toolbar.com?si=38268&bs=true&tid=77&q=%s
Daten Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)] - hxxp://search.certified-toolbar.com?si=38268&bs=true&tid=77&q=%s
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gefunden : DoNotAskAgain
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gefunden : DisplayName
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gefunden : URL
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gefunden : TopResultURLFallback
***** [ Internetbrowser ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [5245 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 24.11.2015 Suchlaufzeit: 19:27 Protokolldatei: MBAM.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.11.24.05 Rootkit-Datenbank: v2015.11.23.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Familie Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 367998 Abgelaufene Zeit: 30 Min., 14 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.Babylon, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [a92ca3de6e1d61d51447b28af50d01ff], PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{34F70F01-840E-4146-94FD-4B4AF7C8BD63}, In Quarantäne, [a233067b4b4056e01674fb7dfb086a96], PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F7BAF71-5C72-485E-B826-D0A35B966734}, In Quarantäne, [c411552cf09bbe78e2a81b5dd03322de], PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DC285CF-2E25-452A-AAB0-D87D6D1E59AF}, In Quarantäne, [379e334e216a6ec8c9c00a6e40c36f91], PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E32B11D0-B16F-4F84-B82D-396DDEF9DFBD}, In Quarantäne, [64711e6326650e287118c2b6a0635ba5], Registrierungswerte: 4 PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{34F70F01-840E-4146-94FD-4B4AF7C8BD63}|AppName, 4990dbc4-063d-41b4-a280-e9fab40f04de-2.exe-codedownloader.exe, In Quarantäne, [a233067b4b4056e01674fb7dfb086a96] PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F7BAF71-5C72-485E-B826-D0A35B966734}|AppName, 0e98351f-2d8e-459d-a4f9-c8ad5ef1d1fb-2.exe-codedownloader.exe, In Quarantäne, [c411552cf09bbe78e2a81b5dd03322de] PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DC285CF-2E25-452A-AAB0-D87D6D1E59AF}|AppName, 0e98351f-2d8e-459d-a4f9-c8ad5ef1d1fb-2.exe-buttonutil.exe, In Quarantäne, [379e334e216a6ec8c9c00a6e40c36f91] PUP.Optional.CrossRider, HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E32B11D0-B16F-4F84-B82D-396DDEF9DFBD}|AppName, 4990dbc4-063d-41b4-a280-e9fab40f04de-2.exe-buttonutil.exe, In Quarantäne, [64711e6326650e287118c2b6a0635ba5] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 3 PUP.Optional.Everything, C:\Users\Familie\AppData\Everything, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\net_search, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], Dateien: 35 PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\config.ini, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\DataIO.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\Everything.exe, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\Everything32.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\EverythingLoadHook.exe, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\EverythingLoadHookx64.exe, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\helper.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\hookdll.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\hookdllx64.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\IO.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\Patch.dll, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\SearchBase.exe, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\ServiceEverything.exe, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\uninst.exe, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\net_search\bing.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\net_search\google.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\net_search\parseSearchEngineHtml.js, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\net_search\search_config.ini, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\net_search\yahoo.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\bing.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\caret.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\FileListItem.xml, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\FileListItem_bing.xml, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\FileListItem_google.xml, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\frame.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\frame2.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\FreeFinderView.xml, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\google.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\guide.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\icon_search.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\mainpanel.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\MainPannel.xml, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\search_content_list.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\WndMask.xml, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], PUP.Optional.Everything, C:\Users\Familie\AppData\Everything\skin\yahoo.png, In Quarantäne, [2fa64f32622988aeb5405923e122b14f], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:10 on 25/11/2015 (Familie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
und Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
durchgeführt von Familie (2015-11-25 22:12:51)
Gestartet von C:\Users\Familie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-29 09:09:17)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3384283812-1466990917-1528834233-500 - Administrator - Disabled)
Familie (S-1-5-21-3384283812-1466990917-1528834233-1003 - Administrator - Enabled) => C:\Users\Familie
Gast (S-1-5-21-3384283812-1466990917-1528834233-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3384283812-1466990917-1528834233-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
AirXonix version 1.37G (HKLM-x32\...\AirXonix_is1) (Version: - )
Algobox (HKLM-x32\...\Algobox) (Version: - )
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2241 - AVAST Software)
BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version: - )
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2821 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dofus (HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\...\2744A393-554C-4E35-A24F-DEF0392B4484-2) (Version: - Ankama)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreeStyle Auto-Assist Neo (HKLM-x32\...\FreeStyle Auto-Assist Neo 1.2) (Version: 1.21 - Abbott Diabetes Care)
Fritz und Fertig 1 (HKLM-x32\...\Fritz und Fertig 1) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.7.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{54B0845F-5540-4492-9939-CD8880ABABF0}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.)
LG SP USB Driver (HKLM-x32\...\{E2AE8456-CCFE-46C0-8629-71CC507660FC}) (Version: 1.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.02 - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6368 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9599 - SoftEther VPN Project)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.45 - Crawler.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TI Connect 1.6 (HKLM-x32\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
USB 2.0 PC Camera (HKLM-x32\...\{68258A46-B8CD-4B84-924C-FF1FF343810B}) (Version: 1.0.0.2 - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XMedia Recode Version 3.2.6.3 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.6.3 - XMedia Recode)
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY (HKLM-x32\...\{3571656A-575D-4CED-809D-5547587121FF}) (Version: 1.00.0000 - KONAMI)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3384283812-1466990917-1528834233-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Familie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3384283812-1466990917-1528834233-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Familie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3384283812-1466990917-1528834233-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Familie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3384283812-1466990917-1528834233-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Familie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Wiederherstellungspunkte =========================
20-08-2015 20:00:59 avast! antivirus system restore point
20-08-2015 20:45:22 Windows Update
20-08-2015 20:46:50 Windows Modules Installer
20-08-2015 21:01:18 Windows Update
20-08-2015 22:29:40 Windows Update
22-08-2015 15:27:24 Installed Universal Adb Driver
22-08-2015 16:49:59 Removed Universal Adb Driver
24-08-2015 11:24:38 Windows Update
27-08-2015 14:28:03 Windows Update
31-08-2015 11:04:13 Windows Update
03-09-2015 16:07:51 Windows Update
07-09-2015 17:22:47 Windows Update
09-09-2015 18:35:58 Windows Update
09-09-2015 21:42:56 Windows Update
15-09-2015 21:13:58 Windows Update
19-09-2015 15:49:34 Windows Update
22-09-2015 20:10:04 Windows Update
22-09-2015 21:16:35 Windows Update
28-09-2015 20:46:00 avast! antivirus system restore point
29-09-2015 18:06:57 Windows Update
06-10-2015 18:33:31 Windows Update
10-10-2015 11:44:05 Windows Update
11-10-2015 00:02:10 Windows Update
11-10-2015 15:11:09 Windows Modules Installer
13-10-2015 19:52:28 Windows Update
15-10-2015 18:07:56 Windows Update
20-10-2015 16:27:44 Windows Update
20-10-2015 22:43:50 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
21-10-2015 14:02:38 Gerätetreiber-Paketinstallation: SoftEther Corporation Netzwerkadapter
27-10-2015 11:49:26 Windows Update
31-10-2015 17:15:33 Windows Update
03-11-2015 18:58:12 Windows Update
10-11-2015 19:43:29 Windows Update
10-11-2015 19:55:37 Windows Update
10-11-2015 22:51:57 Windows Update
12-11-2015 17:22:02 Removed Java 8 Update 65
12-11-2015 18:00:56 Windows Update
14-11-2015 12:45:01 Installed Helium
14-11-2015 12:49:29 Removed Helium
14-11-2015 12:58:56 Installed Helium
18-11-2015 16:30:41 Windows Update
19-11-2015 18:44:57 Installed iTunes
21-11-2015 17:04:32 Windows Update
23-11-2015 23:52:14 Removed Helium
24-11-2015 19:10:42 Windows Update
24-11-2015 22:15:32 Removed Apple Application Support (64-Bit)
24-11-2015 22:16:55 Removed Bonjour
24-11-2015 22:17:36 Removed iTunes
24-11-2015 22:20:04 Removed Apple Application Support (32-Bit)
24-11-2015 22:21:22 Removed Apple Mobile Device Support
24-11-2015 22:25:35 Removed Apple Software Update
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {13053D13-D426-49E2-8576-20FEDA24BCF0} - System32\Tasks\{A214AC79-77AA-4839-AEE3-A2E6711D2E6A} => pcalua.exe -a E:\RM_Setup_DX8.exe -d E:\
Task: {17D87E64-1C1B-4D5E-821B-635350929886} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {236018B4-4D78-4824-8748-8EB302C3EA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {313A2DCB-9021-4E5B-AE57-2B401268B096} - System32\Tasks\{D4E7B583-4D0F-4912-82B3-4719E8E54E18} => pcalua.exe -a C:\Users\Familie\Downloads\840-deu-nt4infu.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {33E527AE-E6B1-45D3-8581-57BDD3DFF437} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {3D60E338-CB9F-42A2-8583-CDABB4B753D5} - System32\Tasks\{C4BD2622-A987-4C16-83D6-E1EE5F051E97} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {412F6513-909C-4AD6-B6E1-C8E343DCAD25} - System32\Tasks\{FFC17DD2-AEE7-4F00-9B9A-AF9A66AC229E} => E:\Start.exe
Task: {4518E2E6-7480-46D7-91F6-692194023BF2} - System32\Tasks\{D94D596F-FF19-4F41-8C2C-2E97A86E236E} => Firefox.exe
Task: {652EEBCF-D519-478A-8FF9-4FFBB7A226FA} - System32\Tasks\AdobeAAMUpdater-1.0-Familie-PC-Familie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {8D60AF81-26FF-4097-A4A3-05DA4363970F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {91665B0C-A1BB-4219-8383-2D6A0D7C9178} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-24] (AVAST Software)
Task: {B33DB8BA-1E09-4F0A-A2E4-6E14EF919087} - System32\Tasks\{DB1DB765-ECA5-457B-B586-1A4A9E30DFBA} => pcalua.exe -a C:\Users\Familie\Downloads\ticonnect_eng.exe -d C:\Users\Familie\Downloads
Task: {C5DE51E5-5EA3-44AB-ADB9-14F2558BEB96} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {CAE15E7F-42EC-4273-9A1B-FAD428AD8881} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {D22034D4-CEA3-474C-9228-5F8E4DE825D6} - System32\Tasks\{FC19A323-9D85-45C0-AE35-F49270C5501F} => pcalua.exe -a E:\dxsetup.exe -d E:\
Task: {ED29A6A3-F3FE-48BA-A5F1-4F3639392F35} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {F7CA17C5-2205-46F0-A621-83E111553F5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-06 09:14 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2011-07-08 07:36 - 2011-07-08 07:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-07 12:30 - 2014-07-11 01:57 - 00080384 _____ () C:\Program Files (x86)\FreeStyle Auto-Assist Neo\adcalneo.exe
2011-07-08 07:36 - 2011-07-08 07:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-08 07:44 - 2011-07-08 07:44 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-11-25 22:10 - 2015-11-25 22:10 - 00050477 _____ () C:\Users\Familie\Downloads\Defogger.exe
2015-11-24 19:37 - 2015-11-24 19:37 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-24 19:37 - 2015-11-24 19:37 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-25 00:03 - 2015-11-25 00:03 - 02994688 _____ () C:\Program Files\AVAST Software\Avast\defs\15112402\algo.dll
2015-11-24 19:37 - 2015-11-24 19:37 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-25 20:42 - 2015-11-25 20:42 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112501\algo.dll
2015-11-24 19:38 - 2015-11-24 19:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-06-14 21:11 - 2012-06-14 21:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3384283812-1466990917-1528834233-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Familie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Familie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: autoassistneomasexe => C:\Program Files (x86)\FreeStyle Auto-Assist Neo\adcmal.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
MSCONFIG\startupreg: lxebmon.exe => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
MSCONFIG\startupreg: MedionReminder => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
MSCONFIG\startupreg: snp2std => C:\Windows\vsnp2std.exe
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{A5D02DFB-D2D3-476D-B3BF-42996628F632}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83A7B532-4A8C-4918-B91B-56FFB8586E94}] => (Allow) LPort=2869
FirewallRules: [{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}] => (Allow) LPort=1900
FirewallRules: [{16207F27-E370-4AFD-A963-EEA943D13737}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F8BA434F-3751-4264-BB64-81A691281D5C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9D12BD16-4C61-47E3-A85E-B91D5B8B408F}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{0F9F8CA9-762D-43E9-96B1-766466C26D4B}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{74BBF60F-BE41-4C5A-8FBF-D0225547943B}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{B4041533-13DD-49E9-831C-7F3F09A0E5EC}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [TCP Query User{B8388D72-F5F8-4DE6-A45E-D8CBF8D2617C}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{A1E5E362-C3EC-4583-AF16-AAD581786C6D}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [TCP Query User{010B2271-290E-4FB5-AAC6-64A458175B45}I:\need for speed the run\need for speed the run.exe] => (Block) I:\need for speed the run\need for speed the run.exe
FirewallRules: [UDP Query User{EE2A08DD-255A-4244-A7C9-2D9E7BEE8DDD}I:\need for speed the run\need for speed the run.exe] => (Block) I:\need for speed the run\need for speed the run.exe
FirewallRules: [{7EBDB822-EC10-4D8C-9B5A-2CCCA117BB24}] => (Allow) C:\WINDOWS\SYSTEM32\LXEBCOMS.EXE
FirewallRules: [{C0F458A6-4DE2-428D-BB14-46472E45EEAF}] => (Allow) C:\Windows\system32\LXEBcoms.exe
FirewallRules: [{511793DB-BA4C-4E7C-9D6F-3C273BF0C648}] => (Allow) C:\Windows\system32\LXEBcoms.exe
FirewallRules: [{BBB1A3E3-4BCA-4AA6-91D4-660529ED4046}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A4719D69-D496-4EC7-A1A1-7543F60C8C7C}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{19E65D39-9F54-4BA2-A989-22D03118E656}] => (Allow) C:\Windows\system32\LXEBcoms.exe
FirewallRules: [{BFFC46EC-4D5C-4CA4-B5E3-D2AAB3BC0F5D}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
FirewallRules: [{10BD2828-3501-4B4F-866E-DB4F776ED924}] => (Allow) C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
FirewallRules: [{29F8211B-DAAF-4D95-8A1F-159C3B3AD573}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{CFFAAA1A-DCEB-4C98-A616-0C9EDBB7DCA3}] => (Allow) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
FirewallRules: [{CAECB91B-339B-43BF-A977-CCD6E9BBB4FD}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{224C0896-9FA6-4AA0-94B6-FBED609E29E4}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{1B8B91A7-2AE5-4DCA-838E-2CE6843FE424}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{8913EE65-BFE0-4029-AF0C-BFE39E4CE019}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{BA79C524-1E31-4251-AB5E-767B91604B57}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{25CB3ED5-8761-443A-98DF-F80DFEC459EB}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{000C0C1B-B463-4552-AAFF-0552370C762E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{64C99FB9-0B38-4E7C-9C94-D7CE328A6415}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [TCP Query User{60DAD322-98A3-43AD-81CF-513E07FB55DD}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{E2564A83-452B-4277-9695-306E555F7A31}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{7BB628D8-19A9-4821-BE12-E33FE6ECF8C8}J:\need for speed the run\need for speed the run.exe] => (Block) J:\need for speed the run\need for speed the run.exe
FirewallRules: [UDP Query User{F4BE267C-2DE5-4B05-AC3D-4966BF3D81B8}J:\need for speed the run\need for speed the run.exe] => (Block) J:\need for speed the run\need for speed the run.exe
FirewallRules: [TCP Query User{8AB660EF-B34F-4A37-A130-A3721D9F47C7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{2A09EB03-FBB6-4C1C-9F0D-ADBE408A54B8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E2505993-C73A-46A1-BEA5-145483998BB2}C:\program files (x86)\free music zilla\fmzilla.exe] => (Allow) C:\program files (x86)\free music zilla\fmzilla.exe
FirewallRules: [UDP Query User{33A37ABA-636E-4952-A8C0-7A0F082A06C0}C:\program files (x86)\free music zilla\fmzilla.exe] => (Allow) C:\program files (x86)\free music zilla\fmzilla.exe
FirewallRules: [TCP Query User{56E6237B-144E-4B74-9F72-584CAC366E61}C:\program files (x86)\free music zilla\fmzilla.exe] => (Block) C:\program files (x86)\free music zilla\fmzilla.exe
FirewallRules: [UDP Query User{6A20A3B7-73F0-488A-AFE7-63F460679DED}C:\program files (x86)\free music zilla\fmzilla.exe] => (Block) C:\program files (x86)\free music zilla\fmzilla.exe
FirewallRules: [{71D41D21-74E9-4003-AB94-2E943EFE4F1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E43FAC9B-777D-4EC9-9A48-FC8895AD60B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6AC8869A-40E6-4AD6-B147-BEF3E7FEACD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{2284DF3B-561C-4968-B8E9-0BF5B904A48C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{25A71DEA-EEF7-4916-9825-B3877D024A9B}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins\Rayman Origins.exe
FirewallRules: [{4AB677ED-85FF-4DEB-AB50-7954930A59CE}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins\Rayman Origins.exe
FirewallRules: [{FCD64811-8B2A-4A1D-9484-F528912C59FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins\gu.exe
FirewallRules: [{8A50C101-9915-41CE-8D2D-2F12D8E2445D}] => (Allow) C:\Program Files (x86)\Ubisoft\Rayman Origins\gu.exe
FirewallRules: [{A483D3B0-0F47-4CC9-B5F7-7863B091BE11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{A090478A-BE1E-4EB9-B091-3C38B4728032}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [TCP Query User{C6D19E5F-68D8-470A-9297-E513B26DD7E4}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{5A2E38B0-091C-4237-AF10-A2D7E7AAAAAF}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{F7A11952-DDE0-4ADC-8A32-325466734E8F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{73BCC54A-7F8A-4E7C-BF7F-6B5F98D6FFBD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2B99DC39-B654-4352-89BE-DECC972423FC}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{7B63B1F3-AEDA-44DF-960C-BBE332DD6D51}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{B37E4E8F-2600-4EBA-8C7C-761AD743F69A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF0AB026-625C-4DF1-94E4-28D4013F65B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68D2895A-1D30-44E3-B995-7818ED6A2BA2}] => (Allow) C:\Users\Familie\AppData\Local\Temp\nswDF3E.tmp\CnetInstaller-10046243.exe
FirewallRules: [{4534F58C-9FAB-4FA8-AC76-C57B4771B9CF}] => (Allow) C:\Users\Familie\AppData\Local\Temp\nswDF3E.tmp\CnetInstaller-10046243.exe
FirewallRules: [{0509C25E-2CC4-4C00-BE53-1DE1AC124F95}] => (Allow) C:\Users\Familie\AppData\Local\Apps\2.0\R882E5W4.V69\33EJ0LWM.TV7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
FirewallRules: [{589CC4A4-D4B0-416A-8D53-DB19851835D1}] => (Allow) C:\Users\Familie\AppData\Local\Apps\2.0\R882E5W4.V69\33EJ0LWM.TV7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
FirewallRules: [TCP Query User{787A1F98-70C5-4FE7-92AF-D84FD4A04407}C:\program files (x86)\rootgenius\shuamedownloader.exe] => (Allow) C:\program files (x86)\rootgenius\shuamedownloader.exe
FirewallRules: [UDP Query User{8B0F0060-B328-4C28-93E5-CCEAE99A479B}C:\program files (x86)\rootgenius\shuamedownloader.exe] => (Allow) C:\program files (x86)\rootgenius\shuamedownloader.exe
FirewallRules: [{55EAE167-E74E-4001-9865-52692B105126}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\132\tencentdl.exe
FirewallRules: [{066F6FB3-4894-41F0-AD35-DFC407CA4F09}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\132\bugreport_xf.exe
FirewallRules: [TCP Query User{486A59F8-4975-4E72-B742-95BB00A69700}C:\users\familie\desktop\flatout 2\flatout2.exe] => (Block) C:\users\familie\desktop\flatout 2\flatout2.exe
FirewallRules: [UDP Query User{969137C5-BF2B-4964-ACD4-9DF23D64C493}C:\users\familie\desktop\flatout 2\flatout2.exe] => (Block) C:\users\familie\desktop\flatout 2\flatout2.exe
FirewallRules: [TCP Query User{C256C033-66DC-4DA0-AABC-FB0FF876E8A8}C:\users\familie\desktop\warcraft iii - frozen throne - 1.22.0.6328\war3.exe] => (Block) C:\users\familie\desktop\warcraft iii - frozen throne - 1.22.0.6328\war3.exe
FirewallRules: [UDP Query User{ADA21462-29BE-4BFA-A1C6-E7F9B76B37A2}C:\users\familie\desktop\warcraft iii - frozen throne - 1.22.0.6328\war3.exe] => (Block) C:\users\familie\desktop\warcraft iii - frozen throne - 1.22.0.6328\war3.exe
FirewallRules: [TCP Query User{8847F17A-A33A-4B5E-9CB0-DFF4DB96CC1A}C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\empires2.exe] => (Block) C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\empires2.exe
FirewallRules: [UDP Query User{BFBEA13A-E5E5-49C5-8753-E27E80C0DAC5}C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\empires2.exe] => (Block) C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\empires2.exe
FirewallRules: [TCP Query User{D6562759-9BF8-4593-8ECE-DFFFA0EAF964}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2F4A10DD-0716-4A4A-B21D-C2559C5C964C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{36475961-1D24-45E9-B1FA-A698E62780DB}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{BC845404-2222-45BE-8C25-D94D85A296A2}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D4DFFC47-76EA-4792-87E0-AD91E44D679D}C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\age2_x1.exe] => (Block) C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\age2_x1.exe
FirewallRules: [UDP Query User{0B8057DD-986A-4F1F-80AA-7DA971A6A6D9}C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\age2_x1.exe] => (Block) C:\users\familie\desktop\age of empires 2 - the conquerers - 1.0\age2_x1.exe
FirewallRules: [TCP Query User{9A74F377-F9D7-43EF-89B3-F0DD94227606}C:\program files (x86)\age of empires 2 - the conquerers - 1.0\age2_x1.exe] => (Block) C:\program files (x86)\age of empires 2 - the conquerers - 1.0\age2_x1.exe
FirewallRules: [UDP Query User{87B53BCF-B26F-4F0F-8FE3-E7A77CB7C761}C:\program files (x86)\age of empires 2 - the conquerers - 1.0\age2_x1.exe] => (Block) C:\program files (x86)\age of empires 2 - the conquerers - 1.0\age2_x1.exe
FirewallRules: [{D24DDA7F-F971-478D-B298-260670592693}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{EB072CF7-F7E2-4620-9C5B-81A27DE86533}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{FAD2E2DD-9E62-43DB-A92D-CCDF590366A1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{7919485F-37B8-4A3F-94E5-E49A17187A49}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{AD4F6044-409F-4083-B1D4-28E5376EC055}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{8F8EF3C1-3A38-4AF7-BA71-E487DA089CA3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{6E67FAB5-0A2F-4FC3-8834-48F4E747B285}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E804B34-65DF-44E0-BD03-80B506420935}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3883EEC7-87B8-40CF-A1A4-202A9A1F2678}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CF995788-7EBB-45EE-A2B8-A288E9ADB3BA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/25/2015 07:17:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (11/25/2015 06:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SpywareTerminator.exe, Version 3.0.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e64
Startzeit: 01d12798acad1756
Endzeit: 2
Anwendungspfad: C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
Berichts-ID:
Error: (11/25/2015 04:41:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (11/24/2015 10:16:48 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Familie-PC)
Description: Die Anwendung oder der Dienst "Apple Mobile Device Service" konnte nicht neu gestartet werden.
Error: (11/24/2015 08:04:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (11/24/2015 07:06:53 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (11/24/2015 00:11:46 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (11/24/2015 00:09:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2015 00:09:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/24/2015 00:09:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Systemfehler:
=============
Error: (11/25/2015 10:09:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/25/2015 10:09:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/25/2015 10:09:11 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (11/25/2015 10:09:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/25/2015 10:09:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/25/2015 10:09:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (11/25/2015 10:09:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (11/25/2015 10:09:01 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (11/25/2015 10:09:01 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (11/25/2015 10:08:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
==================== Speicherinformationen ===========================
Prozessor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3576.13 MB
Verfügbarer physikalischer RAM: 1325.77 MB
Summe virtueller Speicher: 7150.47 MB
Verfügbarer virtueller Speicher: 4112.03 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:515.87 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:19.52 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende von Addition.txt ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-25 22:35:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD10 rev.80.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Familie\AppData\Local\Temp\kgliyfod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[340] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076528781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cc1401 2 bytes JMP 7654b21b C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cc1419 2 bytes JMP 7654b346 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cc1431 2 bytes JMP 765c8fd1 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cc144a 2 bytes CALL 7652489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cc14dd 2 bytes JMP 765c88c4 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cc14f5 2 bytes JMP 765c8aa0 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cc150d 2 bytes JMP 765c87ba C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cc1525 2 bytes JMP 765c8b8a C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cc153d 2 bytes JMP 7653fca8 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cc1555 2 bytes JMP 765468ef C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cc156d 2 bytes JMP 765c9089 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cc1585 2 bytes JMP 765c8bea C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cc159d 2 bytes JMP 765c877e C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cc15b5 2 bytes JMP 7653fd41 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cc15cd 2 bytes JMP 7654b2dc C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cc16b2 2 bytes JMP 765c8f4c C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cc16bd 2 bytes JMP 765c8713 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cc1401 2 bytes JMP 7654b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cc1419 2 bytes JMP 7654b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cc1431 2 bytes JMP 765c8fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cc144a 2 bytes CALL 7652489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cc14dd 2 bytes JMP 765c88c4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cc14f5 2 bytes JMP 765c8aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cc150d 2 bytes JMP 765c87ba C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cc1525 2 bytes JMP 765c8b8a C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cc153d 2 bytes JMP 7653fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cc1555 2 bytes JMP 765468ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cc156d 2 bytes JMP 765c9089 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cc1585 2 bytes JMP 765c8bea C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cc159d 2 bytes JMP 765c877e C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cc15b5 2 bytes JMP 7653fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cc15cd 2 bytes JMP 7654b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cc16b2 2 bytes JMP 765c8f4c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Familie\Downloads\Defogger.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cc16bd 2 bytes JMP 765c8713 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Microsoft\Windows\WER\wermgr.exe (*** suspicious ***) @ C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [4264] (Windows Problem Reporting/Microsoft Corporation)(2015-01-09 12:16:56) 0000000000400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft-ISATAP-Adapter 1?3?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind \Device\Smb_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Smb_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Smb_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Smb_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Smb_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Smb_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Smb_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Smb_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Smb_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\NetbiosSmb?\Dev
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route "Smb" "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Smb" "Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Smb" "Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Smb" "Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Smb" "Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"Smb" "Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Smb" "Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Smb" "Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Smb" "Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"NetbiosSmb"?"NetBT" "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"NetBT"
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\LanmanServer_Smb_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\LanmanServer_Smb_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\LanmanServer_Smb_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\LanmanServer_Smb_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\LanmanServer_Smb_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\LanmanServer_Smb_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\LanmanServer_Smb_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\LanmanServer_Smb_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\LanmanServer_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\LanmanServer_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\LanmanServer_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\LanmanServer_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\LanmanServer_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\LanmanServer_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC23
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind \Device\Smb_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Smb_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Smb_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Smb_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Smb_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Smb_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Smb_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Smb_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Smb_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\NetbiosSmb?\Dev
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route "Smb" "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Smb" "Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Smb" "Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Smb" "Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Smb" "Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"Smb" "Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Smb" "Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Smb" "Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Smb" "Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"NetbiosSmb"?"NetBT" "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"NetBT"
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\LanmanWorkstation_Smb_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\LanmanWorkstation_Smb_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\LanmanWorkstation_Smb_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\LanmanWorkstation_Smb_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\LanmanWorkstation_Smb_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\LanmanWorkstation_Smb_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\LanmanWorkstation_Smb_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\LanmanWorkstation_Smb_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\LanmanWorkstation_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\LanmanWorkstation_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\LanmanWorkstation_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\LanmanWorkstation_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\LanmanWorkstation_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-6
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\NetBT_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\NetBT_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\NetBT_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\NetBT_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\NetBT_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\NetBT_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\NetBT_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\NetBT_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"NetBT" "Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"NetBT" "Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"NetBT" "Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"NetBT" "Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"NetBT" "Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"NetBT" "Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"NetBT" "Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"NetBT" "Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\NetBIOS_NetBT_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\NetBIOS_NetBT_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\NetBIOS_NetBT_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\NetBIOS_NetBT_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\NetBIOS_NetBT_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\NetBIOS_NetBT_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\NetBIOS_NetBT_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\NetBIOS_NetBT_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters@MaxLana 8
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind \Device\Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip6_{2C389440-DD35-4490-8837-BF956CB2483E}?\Device\Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip6" "{2C389440-DD35-4490-8837-BF956CB2483E}"?"Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\NetBT_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\NetBT_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\NetBT_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\NetBT_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\NetBT_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\NetBT_Tcpip6_{2C389440-DD35-4490-8837-BF956CB2483E}?\Device\NetBT_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\NetBT_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\NetBT_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 19481
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind \Device\Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip6_{2C389440-DD35-4490-8837-BF956CB2483E}?\Device\Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route "Tcpip" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?"Tcpip6" "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"Tcpip6" "{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"Tcpip6" "{2C389440-DD35-4490-8837-BF956CB2483E}"?"Tcpip6" "{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"Tcpip6" "{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"Tcpip6" "{E94F8658-7079-4071-AA59-FB256BF9D92F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export \Device\Smb_Tcpip_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Smb_Tcpip_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Smb_Tcpip_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Smb_Tcpip_{E94F8658-7079-4071-AA59-FB256BF9D92F}?\Device\Smb_Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Smb_Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Smb_Tcpip6_{2C389440-DD35-4490-8837-BF956CB2483E}?\Device\Smb_Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Smb_Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Smb_Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind \Device\{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\{2C389440-DD35-4490-8837-BF956CB2483E}?\Device\{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route "{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}"?"{108EFF4D-1C4E-444F-BD85-BC239B551349}"?"{2C389440-DD35-4490-8837-BF956CB2483E}"?"{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}"?"{E402F878-83D6-4346-B616-4923CEF8C0AC}"?"{E94F8658-7079-4071-AA59-FB256BF9D92F}"?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export \Device\Tcpip6_{7A12E6D2-DDD0-46D1-8D48-68EA8133A5E7}?\Device\Tcpip6_{108EFF4D-1C4E-444F-BD85-BC239B551349}?\Device\Tcpip6_{2C389440-DD35-4490-8837-BF956CB2483E}?\Device\Tcpip6_{AD31151B-4B1C-406B-82E9-E2B59FFF66E4}?\Device\Tcpip6_{E402F878-83D6-4346-B616-4923CEF8C0AC}?\Device\Tcpip6_{E94F8658-7079-4071-AA59-FB256BF9D92F}?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{108eff4d-1c4e-444f-bd85-bc239b551349}@Dhcpv6State 0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Hoffe ich habe alles befolgt, LG Malwarehater Geändert von Malwarehater (25.11.2015 um 23:25 Uhr) Grund: Detaillierung |
| Themen zu Windows 7: Automatisches öffnen von Werbeseiten. |
| adware, antivirus, automatische werbefenster, automatisches öffnen, defender, desktop, explorer, firefox, firewall, flash player, installation, internet explorer, photoshop, problem, pup.optional.babylon, pup.optional.crossrider, pup.optional.everything, registry, seiten, server, software, tunnel, werbung, windows |
Baum-Darstellung