|
Plagegeister aller Art und deren Bekämpfung: Erneut watch4-BefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.11.2015, 19:16 | #1 |
| Erneut watch4-Befall Argh...der regt mich schon fast selbst auf...vor ein paar Monaten lass ich mir von euch das watch4 Teil rausoperieren, nun kommt die Seite promt wieder zurück geschossen...Problem ist mir mittlerweile bekannt, allerdings hab ich damals nicht aufgepasst, wie man ihn entfernen konnte und in welchem Schritt. Außerdem hatte ich letztens urplötzlich im Browser laut Werbung von einer Seite gehört, keine Ahnung von wo das genau kam. Vermutlich versteckt im Browser... Es handelt sich dabei irgendwie um Adware, die aber auch der AdwCleaner nicht erkannt hat. könntet ihr mir vllt im Prozess genau zeigen, wo sich der Bösewicht versteckt hat? Aus reinem INteresse? Hier die Logs. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 durchgeführt von expert pc (Administrator) auf EXPERT (30-11-2015 19:05:45) Gestartet von C:\Users\expert pc\Desktop Geladene Profile: expert pc (Verfügbare Profile: expert pc) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-12-03] (Hewlett-Packard ) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-11-02] (Pixart Imaging Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13253952 2015-11-17] (Corsair Components, Inc.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-08] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0AB66A52-9D92-42E0-9CFA-FF38C9E0201B}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{7EBC1CF5-BC33-49D9-8E02-79D7EA92BEC3}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{837EC76F-5818-4A49-88FC-31C78F1EE679}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{850EF25E-1338-41D6-ACFB-6ABA8CFDCA47}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{96af2199-8831-487a-87fc-f08f0f7ac314}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{a222317e-793e-4a1c-9ac1-8a4ebd92dbd2}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4 HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4 HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4 SearchScopes: HKLM -> {61909BC3-BE76-4BDB-A905-689F89D62260} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\expert pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-01] () FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: BetterTTV - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\firefox@betterttv.net.xpi [2015-11-21] FF Extension: Adblock Plus - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [Datei ist nicht signiert] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.) R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER) R3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd) S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.) R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair) R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-09] (Realsil Semiconductor Corporation) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-11-02] () S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 19:05 - 2015-11-30 19:06 - 00023206 _____ C:\Users\expert pc\Desktop\FRST.txt 2015-11-30 19:05 - 2015-11-30 19:05 - 00000000 ____D C:\FRST 2015-11-30 19:04 - 2015-11-30 19:05 - 02350080 _____ (Farbar) C:\Users\expert pc\Desktop\FRST64.exe 2015-11-30 19:03 - 2015-11-30 19:03 - 00016148 _____ C:\WINDOWS\system32\EXPERT_expert pc_HistoryPrediction.bin 2015-11-30 17:21 - 2015-11-30 17:21 - 00000551 _____ C:\Users\expert pc\Desktop\JRT.txt 2015-11-29 19:56 - 2015-11-29 19:56 - 00043838 _____ C:\Users\expert pc\AppData\Local\recently-used.xbel 2015-11-27 00:42 - 2015-11-27 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine 2015-11-27 00:41 - 2015-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Corsair 2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-21 13:02 - 2015-11-21 13:02 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-15 13:28 - 2015-11-15 13:28 - 00000000 ____D C:\Users\expert pc\Documents\SavedGames 2015-11-14 00:41 - 2015-11-14 00:41 - 00002123 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\ExpressVPN 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\Program Files (x86)\ExpressVPN 2015-11-13 23:56 - 2015-11-14 00:45 - 00000000 ____D C:\Users\expert pc\AppData\Local\ExpressVPN 2015-11-10 19:32 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-10 19:32 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-10 19:32 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-10 19:32 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-10 19:32 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-10 19:32 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-10 19:32 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-10 19:32 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-10 19:32 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-10 19:32 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-10 19:32 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-10 19:32 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-10 19:32 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-10 19:32 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-10 19:32 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-10 19:32 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-10 19:32 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-10 19:32 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-10 19:32 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-10 19:32 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-10 19:32 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-10 19:32 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-10 19:32 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-10 19:32 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-10 19:32 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-10 19:32 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-10 19:32 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-10 19:32 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-10 19:32 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-10 19:32 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-10 19:32 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-10 19:32 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-10 19:32 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-10 19:32 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-10 19:32 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-10 19:32 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-10 19:32 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-10 19:32 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-10 19:32 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-10 19:32 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-10 19:32 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-10 19:32 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-10 19:32 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-10 19:32 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-10 19:32 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-10 19:32 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-10 19:32 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-08 23:20 - 2015-11-08 23:20 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\LolClient 2015-11-08 22:44 - 2015-11-08 22:44 - 00000000 ____D C:\ProgramData\Riot Games 2015-11-08 22:43 - 2015-11-08 22:44 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Riot Games 2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\Riot Games 2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-11-08 22:43 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-11-08 22:43 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-11-08 22:43 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-11-08 22:32 - 2015-11-08 22:32 - 00000279 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-11-08 22:25 - 2015-11-08 22:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Vivaldi 2015-11-08 20:05 - 2015-11-08 20:08 - 00272644 _____ C:\TDSSKiller.3.1.0.5_08.11.2015_20.05.26_log.txt 2015-11-08 19:58 - 2015-11-30 17:13 - 00000000 ____D C:\AdwCleaner 2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys 2015-11-04 20:18 - 2015-11-04 20:18 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys 2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg 2015-11-04 20:18 - 2015-11-04 20:18 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe 2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe 2015-11-04 20:18 - 2015-11-04 20:18 - 00040398 _____ C:\WINDOWS\system32\Repository.reg 2015-11-04 20:18 - 2015-11-04 20:18 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini 2015-11-04 20:18 - 2015-11-04 20:18 - 00000000 ____D C:\Program Files\Common Files\logishrd 2015-11-03 18:15 - 2015-11-03 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 19:59 - 2015-11-02 19:59 - 00241152 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\TiltWheelMouse.exe 2015-11-02 19:59 - 2015-11-02 19:59 - 00157696 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\mousecpl.dll 2015-11-02 19:59 - 2015-11-02 19:59 - 00006144 _____ C:\WINDOWS\system32\Drivers\t_mouse.sys 2015-11-01 13:25 - 2015-11-01 13:25 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Corsair ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 19:05 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-11-30 19:05 - 2014-10-02 22:01 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Skype 2015-11-30 18:40 - 2014-11-11 21:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-30 17:24 - 2014-10-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-30 17:22 - 2015-07-31 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-11-30 17:22 - 2015-07-31 13:33 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-30 17:22 - 2015-07-10 17:34 - 00848086 _____ C:\WINDOWS\system32\perfh007.dat 2015-11-30 17:22 - 2015-07-10 17:34 - 00186362 _____ C:\WINDOWS\system32\perfc007.dat 2015-11-30 17:22 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-11-30 17:18 - 2014-10-19 15:53 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-30 17:15 - 2015-07-31 13:31 - 00000000 ____D C:\ProgramData\NVIDIA 2015-11-30 17:15 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-30 17:15 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-11-30 17:14 - 2015-07-31 13:34 - 00000000 ____D C:\Users\expert pc 2015-11-30 16:59 - 2014-06-30 02:26 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{968F1233-CAC6-49C7-9463-8E9C2E9BCE20} 2015-11-29 23:16 - 2014-10-08 18:26 - 00000000 ____D C:\Users\expert pc\AppData\Local\Battle.net 2015-11-29 19:56 - 2015-10-28 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Local\gtk-2.0 2015-11-29 19:56 - 2015-10-28 21:54 - 00000000 ____D C:\Users\expert pc\.gimp-2.8 2015-11-29 19:14 - 2015-10-18 23:05 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\OBS 2015-11-29 02:02 - 2015-09-09 10:47 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job 2015-11-28 21:46 - 2014-10-08 18:26 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-11-28 13:43 - 2015-07-31 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Audacity 2015-11-27 19:39 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-11-26 22:08 - 2015-09-09 11:21 - 00000000 ____D C:\Users\expert pc\Documents\Bandicam 2015-11-25 20:36 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-23 22:10 - 2015-10-05 05:29 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\avidemux 2015-11-23 17:37 - 2015-10-15 17:38 - 00000000 ____D C:\Users\expert pc\Desktop\Bilder 2015-11-22 19:26 - 2014-10-12 13:45 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\TS3Client 2015-11-21 12:54 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-21 12:44 - 2015-08-26 16:13 - 00000000 ____D C:\Users\expert pc\.oracle_jre_usage 2015-11-21 12:44 - 2014-10-02 10:03 - 00000000 ____D C:\ProgramData\Oracle 2015-11-21 12:43 - 2015-10-21 05:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-11-20 20:41 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\Diablo III 2015-11-18 11:59 - 2015-10-19 18:40 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\YGOPro DevPro Launcher 2015-11-17 19:34 - 2015-05-19 16:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-14 18:56 - 2014-10-02 10:54 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Mozilla 2015-11-13 23:52 - 2015-09-17 19:55 - 00000000 ____D C:\Users\expert pc\Desktop\Aquarium 2015-11-13 19:55 - 2015-10-18 20:25 - 00000000 ____D C:\Users\expert pc\Desktop\Bearbeitungssoftware 2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1 2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Bandicam 2015-11-12 22:18 - 2014-10-08 17:18 - 00000000 ____D C:\Users\expert pc\AppData\Local\Adobe 2015-11-11 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-11 20:56 - 2014-10-11 10:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-11-11 19:40 - 2014-11-11 21:03 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-11 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-10 20:06 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-10 20:05 - 2014-10-02 10:25 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-10 19:57 - 2014-10-02 10:25 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-10 19:26 - 2015-10-12 05:49 - 00000000 ____D C:\WINDOWS\Minidump 2015-11-10 06:40 - 2015-07-31 15:05 - 00002373 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-10 06:40 - 2015-07-31 15:05 - 00000000 ___RD C:\Users\expert pc\OneDrive 2015-11-09 20:34 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Local\Hewlett-Packard 2015-11-09 20:34 - 2014-06-21 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2015-11-09 20:34 - 2014-06-21 00:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-09 20:26 - 2014-06-21 00:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-11-09 20:24 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\hpqlog 2015-11-09 20:23 - 2014-04-02 12:27 - 00000000 ____D C:\SWSETUP 2015-11-08 22:45 - 2015-10-15 17:37 - 00000000 ____D C:\Users\expert pc\Desktop\Games 2015-11-04 21:43 - 2015-10-06 21:30 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\vlc 2015-11-03 23:29 - 2014-10-02 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-02 06:07 - 2014-10-02 22:00 - 00000000 ____D C:\ProgramData\Skype 2015-11-01 13:25 - 2014-11-05 21:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Corsair ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-01-16 19:48 - 2015-01-16 20:53 - 0000098 _____ () C:\Users\expert pc\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg 2015-11-29 19:56 - 2015-11-29 19:56 - 0043838 _____ () C:\Users\expert pc\AppData\Local\recently-used.xbel Einige Dateien in TEMP: ==================== C:\Users\expert pc\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll C:\Users\expert pc\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\expert pc\AppData\Local\Temp\sqlite3.dll C:\Users\expert pc\AppData\Local\Temp\YgoUpdater.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-28 21:21 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015 durchgeführt von expert pc (2015-11-30 19:06:16) Gestartet von C:\Users\expert pc\Desktop Windows 10 Home (X64) (2015-07-31 14:00:46) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2350193266-1077779400-760107588-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2350193266-1077779400-760107588-503 - Limited - Disabled) expert pc (S-1-5-21-2350193266-1077779400-760107588-1001 - Administrator - Enabled) => C:\Users\expert pc Gast (S-1-5-21-2350193266-1077779400-760107588-501 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - ) Action Replay PowerSaves 3DS Version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Age of Empires III: Complete Collection (HKLM-x32\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Games) Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1 - Microsoft Games) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft) ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.10.150607 - ) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.4.1.903 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.5.2.34169 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - ) Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.) Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia) CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts) Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Corsair Utility Engine (HKLM-x32\...\{C6BECCF7-108F-4676-9471-E98F9AB40ABC}) (Version: 1.12.75 - Corsair) Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4230 - CyberLink Corp.) Dead Space™ 2 (HKLM-x32\...\{C549C2A2-574F-4ABC-933C-BD11D027C16A}) (Version: 1.0.941.0 - Electronic Arts) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.11.64.1020 - Electronic Arts Inc.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts) Dragon Age™ II (HKLM-x32\...\{E1EB9F56-AFE2-4204-B28F-AD8DA793B9F4}) (Version: 1.04.8524.0 - Electronic Arts) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) ExpressVPN (HKLM-x32\...\{3517eb4e-a65b-4d39-8a41-1bec9fbaf4d0}) (Version: 4.1.0.378 - ExpressVPN) ExpressVPN (x32 Version: 4.1.0.378 - ExpressVPN) Hidden ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.15952.12 - Electronic Arts) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT) Inst5675 (Version: 8.01.06 - Softex Inc.) Hidden Inst5676 (Version: 8.01.06 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{85BA85A6-9473-4A77-8849-BE6F01F0ABD6}) (Version: 7.0.2.6 - MAGIX Software GmbH) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{B50BBED4-5101-45A1-BA9D-93AEF3A638E3}) (Version: 14.0.0.140 - MAGIX Software GmbH) MAGIX Video deluxe 2015 Plus (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden MAGIX Video deluxe 2015 Plus Update (Version: 14.0.0.172 - MAGIX Software GmbH) Hidden MAGIX Video deluxe 2015 Plus Update (Version: 14.0.0.183 - MAGIX Software GmbH) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts) Medal of Honor Allied Assault Warchest (HKLM-x32\...\{D61BA037-2326-4CEF-B3AC-252046D0476A}) (Version: 1.11.0.2 - Electronic Arts) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.315.0 - Tracker Software Products Ltd) Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games) RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - ) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts) Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo) Ultima 7 (HKLM-x32\...\{4F4D844E-7B08-43A7-9C91-0B7D978EEC4D}) (Version: 1.0.0.1 - Electronic Arts) Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts) Ultimate Tic-Tac-Toe (HKLM-x32\...\Steam App 360870) (Version: - Tigerish Games) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts) Wing Commander IV (HKLM-x32\...\{94230DA4-58A2-477D-9DEA-5807F4F40768}) (Version: 1.0.0.0 - Electronic Arts) Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd) Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.) YGOPro DevPro Launcher (HKLM-x32\...\{8D09DD74-E630-4629-80DC-7FB13AE58F3F}) (Version: 2.0.7 - DevPro, LLC) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2350193266-1077779400-760107588-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= 17-11-2015 19:33:32 Revo Uninstaller's restore point - Adobe AIR 21-11-2015 12:53:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 21-11-2015 12:54:16 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 27-11-2015 00:39:51 Installed Corsair Utility Engine 30-11-2015 17:18:32 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {177E1FC5-7DD8-4D99-B073-08422BD62594} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {2770ED92-CEDA-450B-B87D-8C4BFE863971} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {37E74874-C9C0-4E41-8436-B6577DC03280} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {3CA74456-2D28-42B0-906D-68775F5343B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {4311E0EA-4E04-434A-A8C9-80852F485B05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {513C051D-78DA-462F-89D5-FD7EB2C707DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {53217996-C07C-45A3-A038-0E41DE1F77DB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {5F97399F-AF9A-484D-BF7A-2B08BC550B13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {6ED2BFEF-B616-4230-8537-1D6051D79A2F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {77B956F6-5D52-4AD3-84AF-071A8547BF5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {8DCD45F0-1F3C-4362-BBC3-2C0B967CFBF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {9F0ED30D-73CB-4827-9980-B1F02D1FE3B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {B785DD4D-53F0-4A8B-AB2A-4F365293C0B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) Task: {BD96FAB3-7B20-42CA-98FC-BA84EA754660} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated) Task: {CAC944D0-E54A-4113-B00E-FE56FB963790} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {CC0C9FE2-549A-47E5-9A41-664DE7C6C39A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {CE079756-6036-4087-BE88-E895D5DA11B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {E51411D5-D51B-4014-9E6E-F59F8FB1FE2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {E8F26813-C723-4E1A-87DF-4B68C3EF8763} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {EDAE683B-7093-4AA2-862B-498070AA3619} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {F9B34FB8-88D7-4B11-A053-DE133337C03C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-08-11] (Microsoft Corporation) Task: {FE3CE3FD-1698-467D-8080-4E85E33BC6D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {FEDBF138-02E9-4148-A9EE-D749D9291238} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-07-31 14:22 - 2015-07-31 14:22 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2014-02-07 10:24 - 2014-02-07 10:24 - 02108928 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-02-07 10:21 - 2014-02-07 10:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-02-07 10:21 - 2014-02-07 10:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-02-07 10:21 - 2014-02-07 10:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-02-07 10:40 - 2014-02-07 10:40 - 00368528 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-02-07 10:40 - 2014-02-07 10:40 - 00714128 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2015-04-28 19:18 - 2015-04-28 19:18 - 00331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe 2015-08-19 18:11 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-11-06 20:51 - 2015-11-06 20:51 - 09118632 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe 2015-10-01 17:23 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 17:23 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-04-08 20:53 - 2015-04-08 20:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-10-01 17:23 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-01 17:23 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-01 17:23 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-01 17:23 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-01 17:23 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 22:37 - 2015-07-10 22:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-07-31 22:26 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2014-12-23 15:54 - 2014-12-23 15:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll 2014-12-23 15:54 - 2014-12-23 15:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-12-23 15:54 - 2014-12-23 15:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll 2014-12-23 15:54 - 2014-12-23 15:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D6CB94FD-9897-491E-BA0C-65B09CC06D88}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{84F8EAC4-86D9-4D3F-9C6C-92B2BA203E8D}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{7D3B2C10-CB4C-4809-B738-2A338398917A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{D5C72CC0-68F7-4710-A360-055606328231}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{7E3CB694-6513-4617-B708-1FBA765513A3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{41289A01-BF96-4C88-8317-40056D1755E8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{0AD30AFA-AD6A-41B1-8A81-E955534D226D}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{59D35ED1-FED4-476D-9C6D-44F30EE9E9E5}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{A2741DAB-3B12-461C-8F23-FA17FC3F399D}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander IV\wc4dvd.exe FirewallRules: [{576F59B7-C1AF-4C73-A42B-81D1E271FD6D}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander IV\wc4dvd.exe FirewallRules: [{EDF4E70E-55FC-4560-A6E6-6B041239D42F}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{31EE3D5F-A5AB-4FE2-83D4-71066A914A74}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{B032E22A-8134-4EE2-86AC-73B407A746D8}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 7\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{7D469084-3E28-457F-8156-A6DAC4309318}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 7\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{EC2A38FA-40DB-46BF-81EC-E127311E8BFC}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{26C7102F-9927-4326-8E53-48B9F8F7EBD3}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{7CEB49D5-3B18-434A-A7A7-BDAFAB1A2BC2}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe FirewallRules: [{AA6FC60D-260A-432B-BCB3-2BCDAF7ECDE9}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe FirewallRules: [{05158CE6-8B85-4A86-BB54-16DBC94D92D3}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe FirewallRules: [{B3BEC181-671B-4D82-8561-E48D876D1DF4}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe FirewallRules: [{12C4CA9C-5C17-4589-ACE4-B9F3F5C90ABC}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Allied Assault Warchest\MOHAA.exe FirewallRules: [{BD535880-DA42-4A87-B4BF-588835142E79}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Allied Assault Warchest\MOHAA.exe FirewallRules: [{946A123E-5B00-489D-B126-1B9E8EB5317D}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe FirewallRules: [{33A88F0E-407D-408D-BA31-B6F3CD28D0D8}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe FirewallRules: [{5ABE1157-FB9B-4282-B741-F46741A10FBA}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 2\deadspace2.exe FirewallRules: [{39C752EF-5EE5-4265-96A0-61C0569194EA}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 2\deadspace2.exe FirewallRules: [{CAE67EFF-C348-49FE-9BC5-8F6DF5C47478}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe FirewallRules: [{8AAB3539-6ECA-4964-8327-98565B7941B0}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe FirewallRules: [{1C73F3ED-2195-469B-9DF3-C2986D5E212A}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe FirewallRules: [{39E02A49-7C21-417F-A095-B6DB2F8B6784}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe FirewallRules: [{58234253-C97E-47CA-9DB5-EB237E9EACFB}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{A8A87C12-E672-41D9-A024-8FE2BBB26189}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe FirewallRules: [{7A7F70FB-4CC7-4839-9564-4E145690B09F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe FirewallRules: [{8E44D954-D9D3-4D2F-9687-61A207B85A04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe FirewallRules: [{7FB82AA5-DD6A-4893-A2BC-BC49278C19F4}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015 Plus\Videodeluxe.exe FirewallRules: [{55B481AB-707F-4C93-9488-5AAECE94883E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe FirewallRules: [{4EBDC4C4-1616-43DB-9C4E-10195366F4DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe FirewallRules: [{3244A73B-B119-4407-BB73-61B4F7B81B2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{75F12F7E-929F-4CDA-97E4-52208A1F56A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{FDFEC232-078F-4E64-A4F1-FB22DF67CA36}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3D384484-506B-4978-AD87-BECBFEF55013}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CA6CBA6A-A9E2-4FA0-8CF2-81255611AFF8}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{94A0E79C-B331-4BE0-B891-8ED2D0FBD7B7}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{8D9268AA-7E51-4B6D-9704-5E522398A546}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{2607D659-402D-4BCE-9854-089DBEA40B34}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{AB83AC09-6D6E-4AC7-937A-1F8634235AF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{16312C38-9B8D-4084-9FFF-7D86D147730F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{0C5D74D3-125F-47C0-B315-BBB347C11D2A}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe FirewallRules: [{2E96DE4C-8D2D-4B91-827D-F84A495CAE21}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe FirewallRules: [{F601DC04-4420-4B6D-8344-51AE95819D3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe FirewallRules: [{2F355572-0359-4DF7-9C95-6DC9701EB890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe FirewallRules: [{08F6735F-E954-436C-80A1-5904ED66BBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe FirewallRules: [{D8512716-1B12-429F-8599-78EA45D17396}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe FirewallRules: [{1324C759-4307-4C45-9A4A-B6D4C1DCB129}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{931F7E4A-4E91-4A2D-BF89-22A525F660D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{04CD2EC8-E519-41F1-8496-C519B8AA3E70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe FirewallRules: [{106EAA4B-F0D5-4855-A725-2480A6AB6BA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe FirewallRules: [{C4DC971A-FE42-462D-89AE-8068EF96C392}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe FirewallRules: [{3F7DACBA-AA66-44CE-A3EE-0A5EA9183311}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe FirewallRules: [{088BDC9D-AD35-4563-B207-B5BE0F9363C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{C95E3689-A4DC-4D20-89DE-D8BA914264AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{56D3BB6E-7E42-46E7-89BB-7A32CC505D2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe FirewallRules: [{82987AF1-16F1-4DC0-AF7A-2F6B8E429A1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe FirewallRules: [{6BD0AB37-D3D7-49E7-90B7-F61061AB913E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{65DD4B99-FB92-43C1-AB8B-3D79E49838F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{37D7FB19-39BE-465F-9958-ED952D962D06}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe FirewallRules: [{3E54857E-936C-4E60-9E50-3943DEBD29FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe FirewallRules: [{A7B0D851-1F84-4855-94D0-63124B62656B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe FirewallRules: [{5656B070-F04D-4D5E-BDCE-C8EBC631F0BC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe FirewallRules: [{572004C6-0DFB-425E-9C6D-9BBB3731A78F}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe FirewallRules: [{368D6749-3A07-4963-B814-3F4C91FADD25}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe FirewallRules: [{1B67BBA2-5ABB-422D-BAD2-4B4892F44091}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\IGE_WPF64.exe FirewallRules: [{70093876-45F8-4EDB-A177-655F4B53C6A6}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\IGE_WPF64.exe FirewallRules: [{D68C9E22-5982-42E9-B44B-C574F295E8BB}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\FarCry4.exe FirewallRules: [{351A0AA6-12C9-4C71-9490-F399F0930D52}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\FarCry4.exe FirewallRules: [{6B521553-1357-478C-923C-54553695EC62}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{AF949560-51C3-4449-A069-582E9A64B7C3}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe FirewallRules: [{6E7F4990-DC99-4A81-855C-FDA01B0831BA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{AFC2FDE7-D615-4B14-96A2-B92D4EB931F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{9F137FF8-AB1E-4DEC-93FC-6FEA1099AB57}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{35C80DF4-86B5-4FD1-8136-FC67725C2827}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{7F1799D2-21ED-4F64-8CC4-EF8D29336D1C}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe FirewallRules: [{4AB351E2-9D2C-4595-BCCD-15849AE33279}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe FirewallRules: [{AC4E2D5E-C987-472F-95A7-491599A9DCAF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe FirewallRules: [{73727312-46A9-4BB4-A985-DD5837BC83A1}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe FirewallRules: [{618C4FE9-C215-45EF-B05F-74CA1720C601}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe FirewallRules: [{3B66C58E-8577-491F-8F3F-B9DC5B78EF80}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe FirewallRules: [{FAF024F2-0C44-460E-8AC8-B917DD2E2645}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe FirewallRules: [{9DB99EFC-F33A-44F8-B386-1540A3A0BD31}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe FirewallRules: [{9943E78E-0D89-4A96-9DA3-B6DE7D89845E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{10FBEA05-AB41-4067-B52F-A5A4242682CB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{967CE8F4-D0BB-4337-B24D-C844796867B4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E9872D42-00C4-464D-93D4-B3799D2DD632}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{FA2B67CF-6704-475B-BCC1-D87E8D9556F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1FF41ADB-0D78-4E1F-9ED7-213EE44AA4AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FF536CE0-0C24-4B31-9792-141D6A0DBB9F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{662E3AD1-25BC-4653-947D-864B73EDE3A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F987E67A-1385-4281-9C97-19BC46A73366}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe FirewallRules: [{9766A6CD-C6D9-49D1-9BFD-23304BBD8B05}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe FirewallRules: [{6313DA3D-E0C1-4341-96F3-226BC99B76C7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe FirewallRules: [{43B54012-9435-4C71-B7A6-9706E84AE33F}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe FirewallRules: [{1B5F465D-1E6A-41A9-AFD2-E678303B0019}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe FirewallRules: [{4101B284-E591-4643-8EFB-36ECF5CBEF46}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe FirewallRules: [{FBEF2267-A724-4078-904A-05F2616686F3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe FirewallRules: [{778B20F5-03D0-4BBA-BB1F-4F1ED24AD2A6}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe FirewallRules: [{98BD6EEC-F0E8-4C52-88F2-67331B2BE1BB}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe FirewallRules: [{1E823E38-685A-4DEB-B168-4721BD08D8AC}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe FirewallRules: [{E3E5A016-FEEB-4B82-9B8B-DAD68FFDF643}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe FirewallRules: [{46C16825-83FB-4A38-BC29-CD1CAF7B5D1A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe FirewallRules: [{081F01A1-98D8-4CDF-9D7F-D22D4C1CECC3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe FirewallRules: [{CE803E69-B334-49BF-B960-3999AFF33EDC}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe FirewallRules: [{80487897-7948-4E1F-A56B-D6BF2DDFD384}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe FirewallRules: [{E1194DD6-E760-4228-AC16-8BF979C49461}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe FirewallRules: [{6F5882D9-DE42-44E5-979F-BA3BE5D7FE01}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe FirewallRules: [{A162A959-D32F-4A1F-AE15-0CAB64E15467}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe FirewallRules: [{83D8F721-191D-4B66-AE6D-2B642C247D58}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe FirewallRules: [{171AF101-1095-40D6-8A3F-FDE4B0928412}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe FirewallRules: [{02F23198-8BDA-4488-8E73-C168CA9F7C94}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe FirewallRules: [{77795AA9-DE95-464C-9CEC-47610180D19B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe FirewallRules: [{2875E03E-A4D4-45D3-847A-19389880BCF4}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe FirewallRules: [{424CFF66-A605-4595-AA6D-AAE82043EAFE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe FirewallRules: [{F42A9AF6-CF6A-4748-B183-E0FF456572B4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{6BB243A1-5710-4BF3-A614-0A5B0DA7B423}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{88A80B8B-C7F4-4030-8CB6-AD455C1CC393}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{4251BFCF-E297-4B16-95A5-916159407EBF}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{2A98591B-4734-45D9-8048-D753F3666EBF}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe FirewallRules: [{60AED049-FDEC-4D2B-A2D7-A1DD5A74FA69}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe FirewallRules: [{BF677212-BAF3-4F3D-9F6F-7AAFD4B6680E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe FirewallRules: [{9EDCE7E5-3079-424A-9628-E2A640FD995F}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe FirewallRules: [{8F53DB78-2A91-4A77-85F9-649345B86EE7}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe FirewallRules: [{490F51B2-6DA8-43F0-8B60-F4F05C0EE244}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe FirewallRules: [{B9EA867B-3837-4108-8CD9-04174E742748}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{68C6310E-FFB9-414D-B8A3-EE7669E08C7C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [UDP Query User{E4D3D348-613E-48EB-9792-39B3816021D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{B538490E-19A7-449F-A90E-2CB3CEBD165D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B267F03D-DF7C-46C7-BD71-E605DCE85DCD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DD0A31FD-BC2B-4591-8726-8E3D7B2724B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{556939B8-581C-4976-A317-6F2807FAC918}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{5613CFF9-032B-4AA4-9EAE-6C03D51191A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{48D2EBA5-E8FF-4B16-AC4F-D890D68661FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{663A619A-D401-40DF-976E-9A242931153F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{4FB65421-D737-45AB-8647-18B0EB96ECF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{BB98A17D-02A3-46B9-9B5B-E73BAE53DAC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{13A9A403-99BC-4A93-B156-DF79F20A8DB0}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe FirewallRules: [{AC09FB43-1589-47A9-97B7-1D401BBE45A5}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe FirewallRules: [{4575C862-2645-48F3-A05E-5EE6AFDB6EFB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{6EBFD669-1AC0-4367-99D2-65CF5C400220}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{C6D5294C-578D-4FE9-8ED1-7F72B81664DE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{E060D43D-8461-4558-86B3-63525E49175A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{73C69E57-595C-4BE8-A784-152787980094}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{63004B94-F08C-4C35-92A2-77F27F3D8B3A}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{A85D6CF9-0A11-4004-BDD3-F1EA4C8396BE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{B574AEAA-994C-4CD3-97C1-40510FCD66CD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{4FD087CC-6308-4BC1-8156-D8FB082E958A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{5DEF28FA-0B9B-4712-B2AA-43DFD3E1FB2A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{A1EE2060-4515-4EB0-87BB-1ABB1E26E87E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe FirewallRules: [{D4DA21C5-906E-4BFA-8203-03BC9323C74C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe FirewallRules: [{E68259CF-491B-4DD3-9772-D24348F5D89B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe FirewallRules: [{33233595-C89D-4B6A-A1D9-DBED85E7A12D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe FirewallRules: [TCP Query User{2DF87985-CAF0-4392-84E9-11AD020A3E6F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{8D459437-6B4D-4A9C-9323-4742807C86EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{023BE7B0-B1FF-4668-A65B-0FC3FFD600BD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{4CA1D855-FECB-4DB8-AA0B-C63B34A23AC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{84D321BD-45B7-4BA9-86BC-F9441E8291DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{235C4041-D11B-4828-A04F-A8C5E0FFAEEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe FirewallRules: [{BAC06AC1-6CF2-4B39-A39E-8C05F4B1D8C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/30/2015 05:22:16 PM) (Source: MsiInstaller) (EventID: 1002) (User: expert) Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList". Error: (11/30/2015 05:18:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (11/30/2015 05:16:02 PM) (Source: nssm) (EventID: 1018) (User: ) Description: Failed to read registry value AppDirectory: Der Vorgang wurde erfolgreich beendet. Error: (11/30/2015 05:00:37 PM) (Source: MsiInstaller) (EventID: 1002) (User: expert) Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList". Error: (11/30/2015 04:56:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert) Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (11/29/2015 11:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert) Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (11/29/2015 11:18:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (11/29/2015 11:18:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (11/29/2015 03:47:54 PM) (Source: MsiInstaller) (EventID: 1002) (User: expert) Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList". Error: (11/29/2015 02:02:13 AM) (Source: MsiInstaller) (EventID: 1002) (User: expert) Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList". Systemfehler: ============= Error: (11/30/2015 05:25:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Xbox Live Authentifizierungs-Manager" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%0 Error: (11/30/2015 05:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/30/2015 05:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz Prozentuale Nutzung des RAM: 17% Installierter physikalischer RAM: 16323.07 MB Verfügbarer physikalischer RAM: 13513.29 MB Summe virtueller Speicher: 18755.07 MB Verfügbarer virtueller Speicher: 15448.14 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:1848.29 GB) (Free:1415.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Recovery Image) (Fixed) (Total:12.81 GB) (Free:1.62 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive f: (INTENSO) (Fixed) (Total:931.51 GB) (Free:929.02 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: B0DA372C) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 205239D8) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Habt ihr ne Ahnung wie ich die da raus kriege? Geändert von DukeYGO (30.11.2015 um 19:21 Uhr) |
01.12.2015, 07:39 | #2 |
/// the machine /// TB-Ausbilder | Erneut watch4-Befall hi,
__________________Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
01.12.2015, 20:59 | #3 |
| Erneut watch4-BefallCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.12.2015 Suchlaufzeit: 17:04 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.01.04 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: expert pc Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 415503 Abgelaufene Zeit: 21 Min., 3 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 01/12/2015 um 17:27:58 # Aktualisiert am 30/11/2015 von Xplode # Datenbank : 2015-11-30.1 [Server] # Betriebssystem : Windows 10 Home (x64) # Benutzername : expert pc - EXPERT # Gestartet von : C:\Users\expert pc\Desktop\AdwCleaner_5.023.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [624 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 10 Home x64 Ran by expert pc (Administrator) on 01.12.2015 at 17:29:30,61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.12.2015 at 17:30:39,85 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 durchgeführt von expert pc (Administrator) auf EXPERT (01-12-2015 17:32:11) Gestartet von C:\Users\expert pc\Desktop Geladene Profile: expert pc (Verfügbare Profile: expert pc) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Users\expert pc\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\wmi64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-12-03] (Hewlett-Packard ) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-11-02] (Pixart Imaging Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13253952 2015-11-17] (Corsair Components, Inc.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-08] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0AB66A52-9D92-42E0-9CFA-FF38C9E0201B}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{7EBC1CF5-BC33-49D9-8E02-79D7EA92BEC3}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{837EC76F-5818-4A49-88FC-31C78F1EE679}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{850EF25E-1338-41D6-ACFB-6ABA8CFDCA47}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{96af2199-8831-487a-87fc-f08f0f7ac314}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{a222317e-793e-4a1c-9ac1-8a4ebd92dbd2}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4 HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4 HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4 SearchScopes: HKLM -> {61909BC3-BE76-4BDB-A905-689F89D62260} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\expert pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-01] () FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: BetterTTV - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\firefox@betterttv.net.xpi [2015-11-21] FF Extension: Adblock Plus - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [Datei ist nicht signiert] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.) R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER) R3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd) S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.) R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair) R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-09] (Realsil Semiconductor Corporation) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-11-02] () S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-01 17:30 - 2015-12-01 17:31 - 00000551 _____ C:\Users\expert pc\Desktop\JRT.txt 2015-12-01 17:27 - 2015-12-01 17:28 - 00000702 _____ C:\Users\expert pc\Desktop\AdwCleaner[S4].txt 2015-12-01 17:25 - 2015-12-01 17:25 - 00016148 _____ C:\WINDOWS\system32\EXPERT_expert pc_HistoryPrediction.bin 2015-12-01 17:25 - 2015-12-01 17:25 - 00001199 _____ C:\Users\expert pc\Desktop\mbam.txt 2015-12-01 17:00 - 2015-12-01 17:01 - 16563352 _____ (Malwarebytes Corp.) C:\Users\expert pc\Desktop\mbar-1.09.3.1001.exe 2015-12-01 17:00 - 2015-12-01 17:00 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\expert pc\Desktop\tdsskiller.exe 2015-12-01 16:57 - 2015-12-01 17:29 - 01599336 _____ (Malwarebytes) C:\Users\expert pc\Desktop\JRT.exe 2015-12-01 16:56 - 2015-12-01 17:27 - 01736704 _____ C:\Users\expert pc\Desktop\AdwCleaner_5.023.exe 2015-11-30 19:51 - 2015-11-30 19:51 - 00852771 _____ C:\Users\expert pc\Desktop\SecurityCheck.exe 2015-11-30 19:06 - 2015-11-30 19:10 - 00060534 _____ C:\Users\expert pc\Desktop\Addition.txt 2015-11-30 19:05 - 2015-12-01 17:32 - 00023403 _____ C:\Users\expert pc\Desktop\FRST.txt 2015-11-30 19:05 - 2015-12-01 17:32 - 00000000 ____D C:\FRST 2015-11-30 19:04 - 2015-11-30 19:05 - 02350080 _____ (Farbar) C:\Users\expert pc\Desktop\FRST64.exe 2015-11-29 19:56 - 2015-11-29 19:56 - 00043838 _____ C:\Users\expert pc\AppData\Local\recently-used.xbel 2015-11-27 00:42 - 2015-11-27 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine 2015-11-27 00:41 - 2015-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Corsair 2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-21 13:02 - 2015-11-21 13:02 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-15 13:28 - 2015-11-15 13:28 - 00000000 ____D C:\Users\expert pc\Documents\SavedGames 2015-11-14 00:41 - 2015-11-14 00:41 - 00002123 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\ExpressVPN 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\Program Files (x86)\ExpressVPN 2015-11-13 23:56 - 2015-11-14 00:45 - 00000000 ____D C:\Users\expert pc\AppData\Local\ExpressVPN 2015-11-10 19:32 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-10 19:32 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-10 19:32 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-10 19:32 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-10 19:32 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-10 19:32 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-10 19:32 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-10 19:32 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-10 19:32 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-10 19:32 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-10 19:32 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-10 19:32 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-10 19:32 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-10 19:32 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-10 19:32 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-10 19:32 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-10 19:32 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-10 19:32 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-10 19:32 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-10 19:32 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-10 19:32 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-10 19:32 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-10 19:32 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-10 19:32 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-10 19:32 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-10 19:32 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-10 19:32 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-10 19:32 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-10 19:32 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-10 19:32 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-10 19:32 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-10 19:32 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-10 19:32 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-10 19:32 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-10 19:32 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-10 19:32 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-10 19:32 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-10 19:32 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-10 19:32 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-10 19:32 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-10 19:32 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-10 19:32 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-10 19:32 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-10 19:32 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-10 19:32 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-10 19:32 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-10 19:32 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-08 23:20 - 2015-11-08 23:20 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\LolClient 2015-11-08 22:44 - 2015-11-08 22:44 - 00000000 ____D C:\ProgramData\Riot Games 2015-11-08 22:43 - 2015-11-08 22:44 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Riot Games 2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\Riot Games 2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-11-08 22:43 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-11-08 22:43 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-11-08 22:43 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-11-08 22:32 - 2015-11-08 22:32 - 00000279 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-11-08 22:25 - 2015-11-08 22:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Vivaldi 2015-11-08 20:05 - 2015-11-08 20:08 - 00272644 _____ C:\TDSSKiller.3.1.0.5_08.11.2015_20.05.26_log.txt 2015-11-08 19:58 - 2015-12-01 17:29 - 00000000 ____D C:\AdwCleaner 2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys 2015-11-04 20:18 - 2015-11-04 20:18 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys 2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg 2015-11-04 20:18 - 2015-11-04 20:18 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe 2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe 2015-11-04 20:18 - 2015-11-04 20:18 - 00040398 _____ C:\WINDOWS\system32\Repository.reg 2015-11-04 20:18 - 2015-11-04 20:18 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini 2015-11-04 20:18 - 2015-11-04 20:18 - 00000000 ____D C:\Program Files\Common Files\logishrd 2015-11-03 18:15 - 2015-11-03 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 19:59 - 2015-11-02 19:59 - 00241152 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\TiltWheelMouse.exe 2015-11-02 19:59 - 2015-11-02 19:59 - 00157696 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\mousecpl.dll 2015-11-02 19:59 - 2015-11-02 19:59 - 00006144 _____ C:\WINDOWS\system32\Drivers\t_mouse.sys 2015-11-01 13:25 - 2015-11-01 13:25 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Corsair ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-01 17:31 - 2015-07-31 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-12-01 17:26 - 2014-10-02 22:01 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Skype 2015-12-01 17:08 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 17:08 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-01 17:03 - 2014-10-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-01 16:57 - 2014-06-30 02:26 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{968F1233-CAC6-49C7-9463-8E9C2E9BCE20} 2015-12-01 16:55 - 2014-10-19 15:53 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-30 22:40 - 2014-11-11 21:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-30 19:06 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-11-30 17:22 - 2015-07-31 13:33 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-30 17:22 - 2015-07-10 17:34 - 00848086 _____ C:\WINDOWS\system32\perfh007.dat 2015-11-30 17:22 - 2015-07-10 17:34 - 00186362 _____ C:\WINDOWS\system32\perfc007.dat 2015-11-30 17:22 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-11-30 17:15 - 2015-07-31 13:31 - 00000000 ____D C:\ProgramData\NVIDIA 2015-11-30 17:15 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-30 17:15 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-11-30 17:14 - 2015-07-31 13:34 - 00000000 ____D C:\Users\expert pc 2015-11-29 23:16 - 2014-10-08 18:26 - 00000000 ____D C:\Users\expert pc\AppData\Local\Battle.net 2015-11-29 19:56 - 2015-10-28 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Local\gtk-2.0 2015-11-29 19:56 - 2015-10-28 21:54 - 00000000 ____D C:\Users\expert pc\.gimp-2.8 2015-11-29 19:14 - 2015-10-18 23:05 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\OBS 2015-11-29 02:02 - 2015-09-09 10:47 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job 2015-11-28 21:46 - 2014-10-08 18:26 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-11-28 13:43 - 2015-07-31 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Audacity 2015-11-26 22:08 - 2015-09-09 11:21 - 00000000 ____D C:\Users\expert pc\Documents\Bandicam 2015-11-23 22:10 - 2015-10-05 05:29 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\avidemux 2015-11-23 17:37 - 2015-10-15 17:38 - 00000000 ____D C:\Users\expert pc\Desktop\Bilder 2015-11-22 19:26 - 2014-10-12 13:45 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\TS3Client 2015-11-21 12:54 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-21 12:44 - 2015-08-26 16:13 - 00000000 ____D C:\Users\expert pc\.oracle_jre_usage 2015-11-21 12:44 - 2014-10-02 10:03 - 00000000 ____D C:\ProgramData\Oracle 2015-11-21 12:43 - 2015-10-21 05:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-11-20 20:41 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\Diablo III 2015-11-18 11:59 - 2015-10-19 18:40 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\YGOPro DevPro Launcher 2015-11-17 19:34 - 2015-05-19 16:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-14 18:56 - 2014-10-02 10:54 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Mozilla 2015-11-13 23:52 - 2015-09-17 19:55 - 00000000 ____D C:\Users\expert pc\Desktop\Aquarium 2015-11-13 19:55 - 2015-10-18 20:25 - 00000000 ____D C:\Users\expert pc\Desktop\Bearbeitungssoftware 2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1 2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Bandicam 2015-11-12 22:18 - 2014-10-08 17:18 - 00000000 ____D C:\Users\expert pc\AppData\Local\Adobe 2015-11-11 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-11 20:56 - 2014-10-11 10:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-11-11 19:40 - 2014-11-11 21:03 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-11 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-10 20:06 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-10 20:05 - 2014-10-02 10:25 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-10 19:57 - 2014-10-02 10:25 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-10 19:26 - 2015-10-12 05:49 - 00000000 ____D C:\WINDOWS\Minidump 2015-11-10 06:40 - 2015-07-31 15:05 - 00002373 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-10 06:40 - 2015-07-31 15:05 - 00000000 ___RD C:\Users\expert pc\OneDrive 2015-11-09 20:34 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Local\Hewlett-Packard 2015-11-09 20:34 - 2014-06-21 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2015-11-09 20:34 - 2014-06-21 00:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-09 20:26 - 2014-06-21 00:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-11-09 20:24 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\hpqlog 2015-11-09 20:23 - 2014-04-02 12:27 - 00000000 ____D C:\SWSETUP 2015-11-08 22:45 - 2015-10-15 17:37 - 00000000 ____D C:\Users\expert pc\Desktop\Games 2015-11-04 21:43 - 2015-10-06 21:30 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\vlc 2015-11-03 23:29 - 2014-10-02 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-02 06:07 - 2014-10-02 22:00 - 00000000 ____D C:\ProgramData\Skype 2015-11-01 13:25 - 2014-11-05 21:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Corsair ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-01-16 19:48 - 2015-01-16 20:53 - 0000098 _____ () C:\Users\expert pc\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg 2015-11-29 19:56 - 2015-11-29 19:56 - 0043838 _____ () C:\Users\expert pc\AppData\Local\recently-used.xbel Einige Dateien in TEMP: ==================== C:\Users\expert pc\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll C:\Users\expert pc\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\expert pc\AppData\Local\Temp\YgoUpdater.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-28 21:21 ==================== Ende von FRST.txt ============================ Oder besteht keine Gefahr, dass die Passwörter gesammelt wurden. Ist ja in Anführungsstichen nur einfach Adware und nichts im Stile von PUPs. |
02.12.2015, 16:42 | #4 |
/// the machine /// TB-Ausbilder | Erneut watch4-Befall Also bist du der Meinung Adware ist weniger schlimm als PUP? PW immer ändern. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2015, 20:48 | #5 |
| Erneut watch4-Befall Na gut. Dann werd ich mich mal daran machen meine 4 dutzend Passwörter handschriftlich zu ändern, damit ich überhaupt mal voran komme. Das ist halt einfach immer nur ätzend. Aber gut, damit muss ich leben. Konnte man denn aus den Logs rauslesen, woran es lag? Wenn ich mal von Aquaristik so viel Ahnung hätte wie von Computern Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=init # utc_time=2015-12-02 04:33:25 # local_time=2015-12-02 05:33:25 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 27011 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=updated # utc_time=2015-12-02 04:36:39 # local_time=2015-12-02 05:36:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # engine=27011 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-02 04:53:58 # local_time=2015-12-02 05:53:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1302 16777213 100 100 5041 76654068 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 178410 12549250 0 0 # scanned=64055 # found=0 # cleaned=0 # scan_time=1039 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=init # utc_time=2015-12-02 04:56:52 # local_time=2015-12-02 05:56:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 27011 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=updated # utc_time=2015-12-02 04:57:07 # local_time=2015-12-02 05:57:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # engine=27011 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-02 07:23:49 # local_time=2015-12-02 08:23:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1302 16777213 100 100 10432 76663059 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 9766 12558241 0 0 # scanned=462338 # found=0 # cleaned=0 # scan_time=8802 Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=init # utc_time=2015-12-02 04:33:25 # local_time=2015-12-02 05:33:25 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 27011 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=updated # utc_time=2015-12-02 04:36:39 # local_time=2015-12-02 05:36:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # engine=27011 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-02 04:53:58 # local_time=2015-12-02 05:53:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1302 16777213 100 100 5041 76654068 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 178410 12549250 0 0 # scanned=64055 # found=0 # cleaned=0 # scan_time=1039 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=init # utc_time=2015-12-02 04:56:52 # local_time=2015-12-02 05:56:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 27011 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # end=updated # utc_time=2015-12-02 04:57:07 # local_time=2015-12-02 05:57:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=3543183bf97b8d45b786b2842e454301 # engine=27011 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-02 07:23:49 # local_time=2015-12-02 08:23:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1302 16777213 100 100 10432 76663059 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 9766 12558241 0 0 # scanned=462338 # found=0 # cleaned=0 # scan_time=8802 Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015 durchgeführt von expert pc (Administrator) auf EXPERT (02-12-2015 20:47:26) Gestartet von C:\Users\expert pc\Desktop Geladene Profile: expert pc (Verfügbare Profile: expert pc) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-12-03] (Hewlett-Packard ) HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-11-02] (Pixart Imaging Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13253952 2015-11-17] (Corsair Components, Inc.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515584 2015-11-17] (Skype Technologies S.A.) HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-08] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0AB66A52-9D92-42E0-9CFA-FF38C9E0201B}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{7EBC1CF5-BC33-49D9-8E02-79D7EA92BEC3}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{837EC76F-5818-4A49-88FC-31C78F1EE679}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{850EF25E-1338-41D6-ACFB-6ABA8CFDCA47}: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{96af2199-8831-487a-87fc-f08f0f7ac314}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{a222317e-793e-4a1c-9ac1-8a4ebd92dbd2}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4 HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4 HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4 SearchScopes: HKLM -> {61909BC3-BE76-4BDB-A905-689F89D62260} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\expert pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-01] () FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] [ist nicht signiert] FF Extension: BetterTTV - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\firefox@betterttv.net.xpi [2015-11-21] FF Extension: Adblock Plus - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [Datei ist nicht signiert] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.) R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER) R3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd) S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.) R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair) R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-09] (Realsil Semiconductor Corporation) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-11-02] () S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-02 20:39 - 2015-12-02 20:39 - 00000969 _____ C:\Users\expert pc\Desktop\checkup.txt 2015-12-02 20:38 - 2015-12-02 20:38 - 00016148 _____ C:\WINDOWS\system32\EXPERT_expert pc_HistoryPrediction.bin 2015-12-02 17:31 - 2015-12-02 17:33 - 02870984 _____ (ESET) C:\Users\expert pc\Desktop\esetsmartinstaller_deu.exe 2015-12-01 17:30 - 2015-12-01 17:31 - 00000551 _____ C:\Users\expert pc\Desktop\JRT.txt 2015-12-01 17:27 - 2015-12-01 17:28 - 00000702 _____ C:\Users\expert pc\Desktop\AdwCleaner[S4].txt 2015-12-01 17:25 - 2015-12-01 17:25 - 00001199 _____ C:\Users\expert pc\Desktop\mbam.txt 2015-12-01 16:57 - 2015-12-01 17:29 - 01599336 _____ (Malwarebytes) C:\Users\expert pc\Desktop\JRT.exe 2015-12-01 16:56 - 2015-12-01 17:27 - 01736704 _____ C:\Users\expert pc\Desktop\AdwCleaner_5.023.exe 2015-11-30 19:51 - 2015-11-30 19:51 - 00852771 _____ C:\Users\expert pc\Desktop\SecurityCheck.exe 2015-11-30 19:06 - 2015-11-30 19:10 - 00060534 _____ C:\Users\expert pc\Desktop\Addition.txt 2015-11-30 19:05 - 2015-12-02 20:47 - 00024655 _____ C:\Users\expert pc\Desktop\FRST.txt 2015-11-30 19:05 - 2015-12-02 20:47 - 00000000 ____D C:\FRST 2015-11-30 19:04 - 2015-11-30 19:05 - 02350080 _____ (Farbar) C:\Users\expert pc\Desktop\FRST64.exe 2015-11-29 19:56 - 2015-11-29 19:56 - 00043838 _____ C:\Users\expert pc\AppData\Local\recently-used.xbel 2015-11-27 00:42 - 2015-11-27 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine 2015-11-27 00:41 - 2015-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Corsair 2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-21 13:02 - 2015-11-21 13:02 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-15 13:28 - 2015-11-15 13:28 - 00000000 ____D C:\Users\expert pc\Documents\SavedGames 2015-11-14 00:41 - 2015-11-14 00:41 - 00002123 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\ExpressVPN 2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\Program Files (x86)\ExpressVPN 2015-11-13 23:56 - 2015-11-14 00:45 - 00000000 ____D C:\Users\expert pc\AppData\Local\ExpressVPN 2015-11-10 19:32 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-10 19:32 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-10 19:32 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-10 19:32 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-10 19:32 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-10 19:32 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-10 19:32 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-10 19:32 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-10 19:32 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-10 19:32 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-10 19:32 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-10 19:32 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-10 19:32 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-10 19:32 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-10 19:32 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-10 19:32 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-10 19:32 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-10 19:32 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-10 19:32 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-10 19:32 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-10 19:32 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-10 19:32 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-10 19:32 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-10 19:32 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-10 19:32 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-10 19:32 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-10 19:32 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-10 19:32 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-10 19:32 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-10 19:32 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-10 19:32 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-10 19:32 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-10 19:32 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-10 19:32 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-10 19:32 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-10 19:32 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-10 19:32 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-10 19:32 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-10 19:32 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-10 19:32 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-10 19:32 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-10 19:32 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-10 19:32 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-10 19:32 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-10 19:32 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-10 19:32 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-10 19:32 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-10 19:32 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-10 19:32 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-08 23:20 - 2015-11-08 23:20 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\LolClient 2015-11-08 22:44 - 2015-11-08 22:44 - 00000000 ____D C:\ProgramData\Riot Games 2015-11-08 22:43 - 2015-11-08 22:44 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Riot Games 2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\Riot Games 2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-11-08 22:43 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2015-11-08 22:43 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2015-11-08 22:43 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2015-11-08 22:32 - 2015-11-08 22:32 - 00000279 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-11-08 22:25 - 2015-11-08 22:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Vivaldi 2015-11-08 20:05 - 2015-11-08 20:08 - 00272644 _____ C:\TDSSKiller.3.1.0.5_08.11.2015_20.05.26_log.txt 2015-11-08 19:58 - 2015-12-01 17:29 - 00000000 ____D C:\AdwCleaner 2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys 2015-11-04 20:18 - 2015-11-04 20:18 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys 2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg 2015-11-04 20:18 - 2015-11-04 20:18 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll 2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe 2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe 2015-11-04 20:18 - 2015-11-04 20:18 - 00040398 _____ C:\WINDOWS\system32\Repository.reg 2015-11-04 20:18 - 2015-11-04 20:18 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini 2015-11-04 20:18 - 2015-11-04 20:18 - 00000000 ____D C:\Program Files\Common Files\logishrd 2015-11-03 18:15 - 2015-11-03 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 19:59 - 2015-11-02 19:59 - 00241152 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\TiltWheelMouse.exe 2015-11-02 19:59 - 2015-11-02 19:59 - 00157696 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\mousecpl.dll 2015-11-02 19:59 - 2015-11-02 19:59 - 00006144 _____ C:\WINDOWS\system32\Drivers\t_mouse.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-02 20:40 - 2014-11-11 21:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-02 20:36 - 2014-10-02 22:01 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Skype 2015-12-02 19:57 - 2015-07-31 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-12-02 19:40 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-02 17:30 - 2014-10-19 15:53 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-02 16:54 - 2014-06-30 02:26 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{968F1233-CAC6-49C7-9463-8E9C2E9BCE20} 2015-12-01 22:21 - 2015-10-15 17:38 - 00000000 ____D C:\Users\expert pc\Desktop\Bilder 2015-12-01 17:43 - 2015-07-31 13:33 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-01 17:43 - 2015-07-10 17:34 - 00848086 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-01 17:43 - 2015-07-10 17:34 - 00186362 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-01 17:43 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-01 17:39 - 2014-10-02 22:00 - 00000000 ____D C:\ProgramData\Skype 2015-12-01 17:37 - 2015-07-31 13:31 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-01 17:37 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-01 17:37 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-01 17:08 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 17:03 - 2014-10-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-30 19:06 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-11-30 17:14 - 2015-07-31 13:34 - 00000000 ____D C:\Users\expert pc 2015-11-29 23:16 - 2014-10-08 18:26 - 00000000 ____D C:\Users\expert pc\AppData\Local\Battle.net 2015-11-29 19:56 - 2015-10-28 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Local\gtk-2.0 2015-11-29 19:56 - 2015-10-28 21:54 - 00000000 ____D C:\Users\expert pc\.gimp-2.8 2015-11-29 19:14 - 2015-10-18 23:05 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\OBS 2015-11-29 02:02 - 2015-09-09 10:47 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job 2015-11-28 21:46 - 2014-10-08 18:26 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-11-28 13:43 - 2015-07-31 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Audacity 2015-11-26 22:08 - 2015-09-09 11:21 - 00000000 ____D C:\Users\expert pc\Documents\Bandicam 2015-11-23 22:10 - 2015-10-05 05:29 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\avidemux 2015-11-22 19:26 - 2014-10-12 13:45 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\TS3Client 2015-11-21 12:54 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-21 12:44 - 2015-08-26 16:13 - 00000000 ____D C:\Users\expert pc\.oracle_jre_usage 2015-11-21 12:44 - 2014-10-02 10:03 - 00000000 ____D C:\ProgramData\Oracle 2015-11-21 12:43 - 2015-10-21 05:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-11-20 20:41 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\Diablo III 2015-11-18 11:59 - 2015-10-19 18:40 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\YGOPro DevPro Launcher 2015-11-17 19:34 - 2015-05-19 16:27 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-14 18:56 - 2014-10-02 10:54 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Mozilla 2015-11-13 23:52 - 2015-09-17 19:55 - 00000000 ____D C:\Users\expert pc\Desktop\Aquarium 2015-11-13 19:55 - 2015-10-18 20:25 - 00000000 ____D C:\Users\expert pc\Desktop\Bearbeitungssoftware 2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1 2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Bandicam 2015-11-12 22:18 - 2014-10-08 17:18 - 00000000 ____D C:\Users\expert pc\AppData\Local\Adobe 2015-11-11 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-11 20:56 - 2014-10-11 10:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-11-11 19:40 - 2014-11-11 21:03 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-11 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-10 20:06 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-10 20:05 - 2014-10-02 10:25 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-10 19:57 - 2014-10-02 10:25 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-10 19:26 - 2015-10-12 05:49 - 00000000 ____D C:\WINDOWS\Minidump 2015-11-10 06:40 - 2015-07-31 15:05 - 00002373 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-10 06:40 - 2015-07-31 15:05 - 00000000 ___RD C:\Users\expert pc\OneDrive 2015-11-09 20:34 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Local\Hewlett-Packard 2015-11-09 20:34 - 2014-06-21 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2015-11-09 20:34 - 2014-06-21 00:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-09 20:26 - 2014-06-21 00:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-11-09 20:24 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\hpqlog 2015-11-09 20:23 - 2014-04-02 12:27 - 00000000 ____D C:\SWSETUP 2015-11-08 22:45 - 2015-10-15 17:37 - 00000000 ____D C:\Users\expert pc\Desktop\Games 2015-11-04 21:43 - 2015-10-06 21:30 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\vlc 2015-11-03 23:29 - 2014-10-02 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-01-16 19:48 - 2015-01-16 20:53 - 0000098 _____ () C:\Users\expert pc\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg 2015-11-29 19:56 - 2015-11-29 19:56 - 0043838 _____ () C:\Users\expert pc\AppData\Local\recently-used.xbel Einige Dateien in TEMP: ==================== C:\Users\expert pc\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll C:\Users\expert pc\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\expert pc\AppData\Local\Temp\YgoUpdater.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-28 21:21 ==================== Ende von FRST.txt ============================ |
03.12.2015, 15:49 | #6 |
/// the machine /// TB-Ausbilder | Erneut watch4-Befall Nachvollziehbar ist das nicht, aber sowas kommt immer von Freeware Installationen, Nutzung von so Malwareschleudern wie Chip oder Installation von "Sicherheitssoftware" die von selbst sowas schon mit bringt.
__________________ --> Erneut watch4-Befall |
03.12.2015, 17:13 | #7 |
| Erneut watch4-Befall Dann könnte es an der neulich angelegten Gimp Installation legen, wo ich die doch sogar schon über die reguläre Seite der Firma heruntergeladen habe. Echt ärgerlich diese Dinge. Aber was will man machen. Den Security Log poste ich in einer halben Stunde etwa, eher komme ich nicht dazu, weil ich noch auf Arbeit bin. Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9016) Java 8 Update 66 Adobe Flash Player 19.0.0.245 Mozilla Firefox (42.0) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Windows Defender MSASCui.exe Windows Defender MpCmdRun.exe Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Das Problem tritt im Moment nicht auf. Dafür sagt mir Microsoft bei jedem Start, dass die Firewall deaktiviert wurde und ich sie aktivieren soll. Ich nutze ja Kaspersky. Dort ist die Firewalloption allerdings aktiviert. Ahnung woran das liegen könnte? |
04.12.2015, 15:16 | #8 |
/// the machine /// TB-Ausbilder | Erneut watch4-Befall An WMI bzw Kaspersky. Wenn Kaspersky eine Firewall hat wird ja die Windows-Eigene deaktiviert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.12.2015, 15:22 | #9 |
| Erneut watch4-Befall Habe Kaspersky neu aufgesetzt. Problem erledigt. Müssen wir jetzt noch irgendwas machen? seit 2 tagen keine vorkommnisse mehr. ich ändere die passwörter dann am ende der ganzen aktion. Kann ich dann die Bearbeitung der Sache mit DelFix beenden? Dann kann ich demnächst mal die passwörter ändern und über Nacht dann auch mal ne Datensicherung durchführen..so wie alle 2 Monate |
06.12.2015, 22:04 | #10 |
/// the machine /// TB-Ausbilder | Erneut watch4-Befall kannste alles machen. Frage: Nutzt Du Skype?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.12.2015, 09:57 | #11 |
| Erneut watch4-Befall Gut. Dann lehre ich nachher mal meine Cookies & die Temp mit dem CCleaner. Und lasse dann DelFix laufen. Ich nutze Skype. Ist das relevant in irgendeiner Hinsicht? Ich hab gelesen, dass das häufiger mit watch4 in Verbindung gebracht wird. Tatsächlich interessant zu sehen. Wir hatten ja quasi keine Funde auf dem System vorher, richtig? Die Werbung springt immernoch auf. Hat das tatsächlich was mit Skype zu tun? |
08.12.2015, 08:01 | #12 |
/// the machine /// TB-Ausbilder | Erneut watch4-Befall Änderung der Privatsphäre-Einstellungen (Häkchen entfernen) Bitte lade Dir von hier BlueLifeHosts editor herunter und entpacke die Datei auf Deinem Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Erneut watch4-Befall |
adware, converter, cpu, dnsapi.dll, entfernen, failed, firefox, flash player, helper, home, installation, kaspersky, launch, mozilla, mp3, onedrive, prozess, prozesse, realtek, registry, rundll, scan, security, software, svchost.exe, system, windows, windows xp |