| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Erneut watch4-BefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2015, 19:16
| #1 |
 |  Erneut watch4-Befall Argh...der regt mich schon fast selbst auf...vor ein paar Monaten lass ich mir von euch das watch4 Teil rausoperieren, nun kommt die Seite promt wieder zurück geschossen...Problem ist mir mittlerweile bekannt, allerdings hab ich damals nicht aufgepasst, wie man ihn entfernen konnte und in welchem Schritt. Außerdem hatte ich letztens urplötzlich im Browser laut Werbung von einer Seite gehört, keine Ahnung von wo das genau kam. Vermutlich versteckt im Browser... Es handelt sich dabei irgendwie um Adware, die aber auch der AdwCleaner nicht erkannt hat. könntet ihr mir vllt im Prozess genau zeigen, wo sich der Bösewicht versteckt hat? Aus reinem INteresse? Hier die Logs. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von expert pc (Administrator) auf EXPERT (30-11-2015 19:05:45)
Gestartet von C:\Users\expert pc\Desktop
Geladene Profile: expert pc (Verfügbare Profile: expert pc)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-12-03] (Hewlett-Packard )
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-11-02] (Pixart Imaging Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13253952 2015-11-17] (Corsair Components, Inc.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-08]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0AB66A52-9D92-42E0-9CFA-FF38C9E0201B}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7EBC1CF5-BC33-49D9-8E02-79D7EA92BEC3}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{837EC76F-5818-4A49-88FC-31C78F1EE679}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{850EF25E-1338-41D6-ACFB-6ABA8CFDCA47}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{96af2199-8831-487a-87fc-f08f0f7ac314}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a222317e-793e-4a1c-9ac1-8a4ebd92dbd2}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> {61909BC3-BE76-4BDB-A905-689F89D62260} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\expert pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-01] ()
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: BetterTTV - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\firefox@betterttv.net.xpi [2015-11-21]
FF Extension: Adblock Plus - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.)
R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
R3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd)
S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-09] (Realsil Semiconductor Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-11-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 19:05 - 2015-11-30 19:06 - 00023206 _____ C:\Users\expert pc\Desktop\FRST.txt
2015-11-30 19:05 - 2015-11-30 19:05 - 00000000 ____D C:\FRST
2015-11-30 19:04 - 2015-11-30 19:05 - 02350080 _____ (Farbar) C:\Users\expert pc\Desktop\FRST64.exe
2015-11-30 19:03 - 2015-11-30 19:03 - 00016148 _____ C:\WINDOWS\system32\EXPERT_expert pc_HistoryPrediction.bin
2015-11-30 17:21 - 2015-11-30 17:21 - 00000551 _____ C:\Users\expert pc\Desktop\JRT.txt
2015-11-29 19:56 - 2015-11-29 19:56 - 00043838 _____ C:\Users\expert pc\AppData\Local\recently-used.xbel
2015-11-27 00:42 - 2015-11-27 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-11-27 00:41 - 2015-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Corsair
2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-21 13:02 - 2015-11-21 13:02 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-15 13:28 - 2015-11-15 13:28 - 00000000 ____D C:\Users\expert pc\Documents\SavedGames
2015-11-14 00:41 - 2015-11-14 00:41 - 00002123 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\ExpressVPN
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\Program Files (x86)\ExpressVPN
2015-11-13 23:56 - 2015-11-14 00:45 - 00000000 ____D C:\Users\expert pc\AppData\Local\ExpressVPN
2015-11-10 19:32 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:32 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 19:32 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 19:32 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:32 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 19:32 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:32 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 19:32 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 19:32 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 19:32 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:32 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 19:32 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 19:32 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:32 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 19:32 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 19:32 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 19:32 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 19:32 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 19:32 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 19:32 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:32 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 19:32 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 19:32 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 19:32 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:32 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:32 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 19:32 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 19:32 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 19:32 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 19:32 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 19:32 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 19:32 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 19:32 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 19:32 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 19:32 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:32 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 19:32 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 19:32 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 19:32 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 19:32 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 19:32 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:32 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:32 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:32 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:32 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 19:32 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 19:32 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 23:20 - 2015-11-08 23:20 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\LolClient
2015-11-08 22:44 - 2015-11-08 22:44 - 00000000 ____D C:\ProgramData\Riot Games
2015-11-08 22:43 - 2015-11-08 22:44 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Riot Games
2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\Riot Games
2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-11-08 22:43 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-11-08 22:43 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-11-08 22:43 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-11-08 22:32 - 2015-11-08 22:32 - 00000279 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-11-08 22:25 - 2015-11-08 22:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Vivaldi
2015-11-08 20:05 - 2015-11-08 20:08 - 00272644 _____ C:\TDSSKiller.3.1.0.5_08.11.2015_20.05.26_log.txt
2015-11-08 19:58 - 2015-11-30 17:13 - 00000000 ____D C:\AdwCleaner
2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-11-04 20:18 - 2015-11-04 20:18 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys
2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-11-04 20:18 - 2015-11-04 20:18 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-11-04 20:18 - 2015-11-04 20:18 - 00040398 _____ C:\WINDOWS\system32\Repository.reg
2015-11-04 20:18 - 2015-11-04 20:18 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-11-04 20:18 - 2015-11-04 20:18 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-11-03 18:15 - 2015-11-03 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 19:59 - 2015-11-02 19:59 - 00241152 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\TiltWheelMouse.exe
2015-11-02 19:59 - 2015-11-02 19:59 - 00157696 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\mousecpl.dll
2015-11-02 19:59 - 2015-11-02 19:59 - 00006144 _____ C:\WINDOWS\system32\Drivers\t_mouse.sys
2015-11-01 13:25 - 2015-11-01 13:25 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Corsair
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-11-30 19:05 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-30 19:05 - 2014-10-02 22:01 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Skype
2015-11-30 18:40 - 2014-11-11 21:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 17:24 - 2014-10-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 17:22 - 2015-07-31 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-30 17:22 - 2015-07-31 13:33 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 17:22 - 2015-07-10 17:34 - 00848086 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-30 17:22 - 2015-07-10 17:34 - 00186362 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-30 17:22 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-30 17:18 - 2014-10-19 15:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-30 17:15 - 2015-07-31 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 17:15 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 17:15 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 17:14 - 2015-07-31 13:34 - 00000000 ____D C:\Users\expert pc
2015-11-30 16:59 - 2014-06-30 02:26 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{968F1233-CAC6-49C7-9463-8E9C2E9BCE20}
2015-11-29 23:16 - 2014-10-08 18:26 - 00000000 ____D C:\Users\expert pc\AppData\Local\Battle.net
2015-11-29 19:56 - 2015-10-28 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Local\gtk-2.0
2015-11-29 19:56 - 2015-10-28 21:54 - 00000000 ____D C:\Users\expert pc\.gimp-2.8
2015-11-29 19:14 - 2015-10-18 23:05 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\OBS
2015-11-29 02:02 - 2015-09-09 10:47 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job
2015-11-28 21:46 - 2014-10-08 18:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-28 13:43 - 2015-07-31 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Audacity
2015-11-27 19:39 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-26 22:08 - 2015-09-09 11:21 - 00000000 ____D C:\Users\expert pc\Documents\Bandicam
2015-11-25 20:36 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-23 22:10 - 2015-10-05 05:29 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\avidemux
2015-11-23 17:37 - 2015-10-15 17:38 - 00000000 ____D C:\Users\expert pc\Desktop\Bilder
2015-11-22 19:26 - 2014-10-12 13:45 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\TS3Client
2015-11-21 12:54 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 12:44 - 2015-08-26 16:13 - 00000000 ____D C:\Users\expert pc\.oracle_jre_usage
2015-11-21 12:44 - 2014-10-02 10:03 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 12:43 - 2015-10-21 05:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-20 20:41 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-18 11:59 - 2015-10-19 18:40 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\YGOPro DevPro Launcher
2015-11-17 19:34 - 2015-05-19 16:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-14 18:56 - 2014-10-02 10:54 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Mozilla
2015-11-13 23:52 - 2015-09-17 19:55 - 00000000 ____D C:\Users\expert pc\Desktop\Aquarium
2015-11-13 19:55 - 2015-10-18 20:25 - 00000000 ____D C:\Users\expert pc\Desktop\Bearbeitungssoftware
2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-11-12 22:18 - 2014-10-08 17:18 - 00000000 ____D C:\Users\expert pc\AppData\Local\Adobe
2015-11-11 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 20:56 - 2014-10-11 10:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-11 19:40 - 2014-11-11 21:03 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-11 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 20:06 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 20:05 - 2014-10-02 10:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 19:57 - 2014-10-02 10:25 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 19:26 - 2015-10-12 05:49 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-10 06:40 - 2015-07-31 15:05 - 00002373 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-10 06:40 - 2015-07-31 15:05 - 00000000 ___RD C:\Users\expert pc\OneDrive
2015-11-09 20:34 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Local\Hewlett-Packard
2015-11-09 20:34 - 2014-06-21 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-09 20:34 - 2014-06-21 00:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-09 20:26 - 2014-06-21 00:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-09 20:24 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\hpqlog
2015-11-09 20:23 - 2014-04-02 12:27 - 00000000 ____D C:\SWSETUP
2015-11-08 22:45 - 2015-10-15 17:37 - 00000000 ____D C:\Users\expert pc\Desktop\Games
2015-11-04 21:43 - 2015-10-06 21:30 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\vlc
2015-11-03 23:29 - 2014-10-02 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 06:07 - 2014-10-02 22:00 - 00000000 ____D C:\ProgramData\Skype
2015-11-01 13:25 - 2014-11-05 21:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Corsair
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-16 19:48 - 2015-01-16 20:53 - 0000098 _____ () C:\Users\expert pc\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2015-11-29 19:56 - 2015-11-29 19:56 - 0043838 _____ () C:\Users\expert pc\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\expert pc\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\expert pc\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\expert pc\AppData\Local\Temp\sqlite3.dll
C:\Users\expert pc\AppData\Local\Temp\YgoUpdater.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-28 21:21
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:29-11-2015
durchgeführt von expert pc (2015-11-30 19:06:16)
Gestartet von C:\Users\expert pc\Desktop
Windows 10 Home (X64) (2015-07-31 14:00:46)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2350193266-1077779400-760107588-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2350193266-1077779400-760107588-503 - Limited - Disabled)
expert pc (S-1-5-21-2350193266-1077779400-760107588-1001 - Administrator - Enabled) => C:\Users\expert pc
Gast (S-1-5-21-2350193266-1077779400-760107588-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Action Replay PowerSaves 3DS Version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III: Complete Collection (HKLM-x32\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Games)
Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1 - Microsoft Games) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.10.150607 - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.4.1.903 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.5.2.34169 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Corsair Utility Engine (HKLM-x32\...\{C6BECCF7-108F-4676-9471-E98F9AB40ABC}) (Version: 1.12.75 - Corsair)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4230 - CyberLink Corp.)
Dead Space™ 2 (HKLM-x32\...\{C549C2A2-574F-4ABC-933C-BD11D027C16A}) (Version: 1.0.941.0 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.11.64.1020 - Electronic Arts Inc.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dragon Age™ II (HKLM-x32\...\{E1EB9F56-AFE2-4204-B28F-AD8DA793B9F4}) (Version: 1.04.8524.0 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ExpressVPN (HKLM-x32\...\{3517eb4e-a65b-4d39-8a41-1bec9fbaf4d0}) (Version: 4.1.0.378 - ExpressVPN)
ExpressVPN (x32 Version: 4.1.0.378 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.15952.12 - Electronic Arts)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.0.30.219 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.06 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{85BA85A6-9473-4A77-8849-BE6F01F0ABD6}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{B50BBED4-5101-45A1-BA9D-93AEF3A638E3}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Plus (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus Update (Version: 14.0.0.172 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus Update (Version: 14.0.0.183 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
Medal of Honor Allied Assault Warchest (HKLM-x32\...\{D61BA037-2326-4CEF-B3AC-252046D0476A}) (Version: 1.11.0.2 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.315.0 - Tracker Software Products Ltd)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
Ultima 7 (HKLM-x32\...\{4F4D844E-7B08-43A7-9C91-0B7D978EEC4D}) (Version: 1.0.0.1 - Electronic Arts)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Ultimate Tic-Tac-Toe (HKLM-x32\...\Steam App 360870) (Version: - Tigerish Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
Wing Commander IV (HKLM-x32\...\{94230DA4-58A2-477D-9DEA-5807F4F40768}) (Version: 1.0.0.0 - Electronic Arts)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.)
YGOPro DevPro Launcher (HKLM-x32\...\{8D09DD74-E630-4629-80DC-7FB13AE58F3F}) (Version: 2.0.7 - DevPro, LLC)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2350193266-1077779400-760107588-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
17-11-2015 19:33:32 Revo Uninstaller's restore point - Adobe AIR
21-11-2015 12:53:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
21-11-2015 12:54:16 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
27-11-2015 00:39:51 Installed Corsair Utility Engine
30-11-2015 17:18:32 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {177E1FC5-7DD8-4D99-B073-08422BD62594} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {2770ED92-CEDA-450B-B87D-8C4BFE863971} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {37E74874-C9C0-4E41-8436-B6577DC03280} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3CA74456-2D28-42B0-906D-68775F5343B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {4311E0EA-4E04-434A-A8C9-80852F485B05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {513C051D-78DA-462F-89D5-FD7EB2C707DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {53217996-C07C-45A3-A038-0E41DE1F77DB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {5F97399F-AF9A-484D-BF7A-2B08BC550B13} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {6ED2BFEF-B616-4230-8537-1D6051D79A2F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {77B956F6-5D52-4AD3-84AF-071A8547BF5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8DCD45F0-1F3C-4362-BBC3-2C0B967CFBF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {9F0ED30D-73CB-4827-9980-B1F02D1FE3B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {B785DD4D-53F0-4A8B-AB2A-4F365293C0B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {BD96FAB3-7B20-42CA-98FC-BA84EA754660} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {CAC944D0-E54A-4113-B00E-FE56FB963790} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {CC0C9FE2-549A-47E5-9A41-664DE7C6C39A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CE079756-6036-4087-BE88-E895D5DA11B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {E51411D5-D51B-4014-9E6E-F59F8FB1FE2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {E8F26813-C723-4E1A-87DF-4B68C3EF8763} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {EDAE683B-7093-4AA2-862B-498070AA3619} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {F9B34FB8-88D7-4B11-A053-DE133337C03C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-08-11] (Microsoft Corporation)
Task: {FE3CE3FD-1698-467D-8080-4E85E33BC6D1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {FEDBF138-02E9-4148-A9EE-D749D9291238} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-31 14:22 - 2015-07-31 14:22 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-02-07 10:24 - 2014-02-07 10:24 - 02108928 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-02-07 10:21 - 2014-02-07 10:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-02-07 10:40 - 2014-02-07 10:40 - 00368528 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-02-07 10:40 - 2014-02-07 10:40 - 00714128 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-04-28 19:18 - 2015-04-28 19:18 - 00331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2015-08-19 18:11 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-06 20:51 - 2015-11-06 20:51 - 09118632 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2015-10-01 17:23 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 17:23 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-04-08 20:53 - 2015-04-08 20:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-10-01 17:23 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 17:23 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 17:23 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 17:23 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 17:23 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 22:37 - 2015-07-10 22:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-31 22:26 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-12-23 15:54 - 2014-12-23 15:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D6CB94FD-9897-491E-BA0C-65B09CC06D88}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{84F8EAC4-86D9-4D3F-9C6C-92B2BA203E8D}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{7D3B2C10-CB4C-4809-B738-2A338398917A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{D5C72CC0-68F7-4710-A360-055606328231}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7E3CB694-6513-4617-B708-1FBA765513A3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{41289A01-BF96-4C88-8317-40056D1755E8}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{0AD30AFA-AD6A-41B1-8A81-E955534D226D}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{59D35ED1-FED4-476D-9C6D-44F30EE9E9E5}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{A2741DAB-3B12-461C-8F23-FA17FC3F399D}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander IV\wc4dvd.exe
FirewallRules: [{576F59B7-C1AF-4C73-A42B-81D1E271FD6D}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander IV\wc4dvd.exe
FirewallRules: [{EDF4E70E-55FC-4560-A6E6-6B041239D42F}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{31EE3D5F-A5AB-4FE2-83D4-71066A914A74}] => (Allow) C:\Program Files (x86)\Origin Games\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{B032E22A-8134-4EE2-86AC-73B407A746D8}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 7\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{7D469084-3E28-457F-8156-A6DAC4309318}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 7\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{EC2A38FA-40DB-46BF-81EC-E127311E8BFC}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{26C7102F-9927-4326-8E53-48B9F8F7EBD3}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{7CEB49D5-3B18-434A-A7A7-BDAFAB1A2BC2}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{AA6FC60D-260A-432B-BCB3-2BCDAF7ECDE9}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{05158CE6-8B85-4A86-BB54-16DBC94D92D3}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{B3BEC181-671B-4D82-8561-E48D876D1DF4}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{12C4CA9C-5C17-4589-ACE4-B9F3F5C90ABC}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Allied Assault Warchest\MOHAA.exe
FirewallRules: [{BD535880-DA42-4A87-B4BF-588835142E79}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Allied Assault Warchest\MOHAA.exe
FirewallRules: [{946A123E-5B00-489D-B126-1B9E8EB5317D}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{33A88F0E-407D-408D-BA31-B6F3CD28D0D8}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{5ABE1157-FB9B-4282-B741-F46741A10FBA}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 2\deadspace2.exe
FirewallRules: [{39C752EF-5EE5-4265-96A0-61C0569194EA}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 2\deadspace2.exe
FirewallRules: [{CAE67EFF-C348-49FE-9BC5-8F6DF5C47478}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{8AAB3539-6ECA-4964-8327-98565B7941B0}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{1C73F3ED-2195-469B-9DF3-C2986D5E212A}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{39E02A49-7C21-417F-A095-B6DB2F8B6784}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{58234253-C97E-47CA-9DB5-EB237E9EACFB}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{A8A87C12-E672-41D9-A024-8FE2BBB26189}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{7A7F70FB-4CC7-4839-9564-4E145690B09F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe
FirewallRules: [{8E44D954-D9D3-4D2F-9687-61A207B85A04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ultimate Tic-Tac-Toe\UltimTicTacToe.exe
FirewallRules: [{7FB82AA5-DD6A-4893-A2BC-BC49278C19F4}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015 Plus\Videodeluxe.exe
FirewallRules: [{55B481AB-707F-4C93-9488-5AAECE94883E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{4EBDC4C4-1616-43DB-9C4E-10195366F4DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{3244A73B-B119-4407-BB73-61B4F7B81B2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{75F12F7E-929F-4CDA-97E4-52208A1F56A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{FDFEC232-078F-4E64-A4F1-FB22DF67CA36}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D384484-506B-4978-AD87-BECBFEF55013}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA6CBA6A-A9E2-4FA0-8CF2-81255611AFF8}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{94A0E79C-B331-4BE0-B891-8ED2D0FBD7B7}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{8D9268AA-7E51-4B6D-9704-5E522398A546}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2607D659-402D-4BCE-9854-089DBEA40B34}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AB83AC09-6D6E-4AC7-937A-1F8634235AF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{16312C38-9B8D-4084-9FFF-7D86D147730F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C5D74D3-125F-47C0-B315-BBB347C11D2A}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{2E96DE4C-8D2D-4B91-827D-F84A495CAE21}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{F601DC04-4420-4B6D-8344-51AE95819D3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{2F355572-0359-4DF7-9C95-6DC9701EB890}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{08F6735F-E954-436C-80A1-5904ED66BBC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{D8512716-1B12-429F-8599-78EA45D17396}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{1324C759-4307-4C45-9A4A-B6D4C1DCB129}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{931F7E4A-4E91-4A2D-BF89-22A525F660D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{04CD2EC8-E519-41F1-8496-C519B8AA3E70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{106EAA4B-F0D5-4855-A725-2480A6AB6BA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{C4DC971A-FE42-462D-89AE-8068EF96C392}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{3F7DACBA-AA66-44CE-A3EE-0A5EA9183311}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{088BDC9D-AD35-4563-B207-B5BE0F9363C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{C95E3689-A4DC-4D20-89DE-D8BA914264AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{56D3BB6E-7E42-46E7-89BB-7A32CC505D2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{82987AF1-16F1-4DC0-AF7A-2F6B8E429A1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{6BD0AB37-D3D7-49E7-90B7-F61061AB913E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{65DD4B99-FB92-43C1-AB8B-3D79E49838F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{37D7FB19-39BE-465F-9958-ED952D962D06}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe
FirewallRules: [{3E54857E-936C-4E60-9E50-3943DEBD29FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe
FirewallRules: [{A7B0D851-1F84-4855-94D0-63124B62656B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe
FirewallRules: [{5656B070-F04D-4D5E-BDCE-C8EBC631F0BC}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe
FirewallRules: [{572004C6-0DFB-425E-9C6D-9BBB3731A78F}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe
FirewallRules: [{368D6749-3A07-4963-B814-3F4C91FADD25}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe
FirewallRules: [{1B67BBA2-5ABB-422D-BAD2-4B4892F44091}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{70093876-45F8-4EDB-A177-655F4B53C6A6}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{D68C9E22-5982-42E9-B44B-C574F295E8BB}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\FarCry4.exe
FirewallRules: [{351A0AA6-12C9-4C71-9490-F399F0930D52}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 4\bin\FarCry4.exe
FirewallRules: [{6B521553-1357-478C-923C-54553695EC62}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{AF949560-51C3-4449-A069-582E9A64B7C3}] => (Allow) C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{6E7F4990-DC99-4A81-855C-FDA01B0831BA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{AFC2FDE7-D615-4B14-96A2-B92D4EB931F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{9F137FF8-AB1E-4DEC-93FC-6FEA1099AB57}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{35C80DF4-86B5-4FD1-8136-FC67725C2827}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7F1799D2-21ED-4F64-8CC4-EF8D29336D1C}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{4AB351E2-9D2C-4595-BCCD-15849AE33279}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{AC4E2D5E-C987-472F-95A7-491599A9DCAF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{73727312-46A9-4BB4-A985-DD5837BC83A1}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{618C4FE9-C215-45EF-B05F-74CA1720C601}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{3B66C58E-8577-491F-8F3F-B9DC5B78EF80}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{FAF024F2-0C44-460E-8AC8-B917DD2E2645}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{9DB99EFC-F33A-44F8-B386-1540A3A0BD31}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{9943E78E-0D89-4A96-9DA3-B6DE7D89845E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10FBEA05-AB41-4067-B52F-A5A4242682CB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{967CE8F4-D0BB-4337-B24D-C844796867B4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9872D42-00C4-464D-93D4-B3799D2DD632}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FA2B67CF-6704-475B-BCC1-D87E8D9556F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1FF41ADB-0D78-4E1F-9ED7-213EE44AA4AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF536CE0-0C24-4B31-9792-141D6A0DBB9F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{662E3AD1-25BC-4653-947D-864B73EDE3A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F987E67A-1385-4281-9C97-19BC46A73366}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{9766A6CD-C6D9-49D1-9BFD-23304BBD8B05}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{6313DA3D-E0C1-4341-96F3-226BC99B76C7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{43B54012-9435-4C71-B7A6-9706E84AE33F}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{1B5F465D-1E6A-41A9-AFD2-E678303B0019}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{4101B284-E591-4643-8EFB-36ECF5CBEF46}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{FBEF2267-A724-4078-904A-05F2616686F3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{778B20F5-03D0-4BBA-BB1F-4F1ED24AD2A6}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{98BD6EEC-F0E8-4C52-88F2-67331B2BE1BB}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{1E823E38-685A-4DEB-B168-4721BD08D8AC}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{E3E5A016-FEEB-4B82-9B8B-DAD68FFDF643}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{46C16825-83FB-4A38-BC29-CD1CAF7B5D1A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{081F01A1-98D8-4CDF-9D7F-D22D4C1CECC3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{CE803E69-B334-49BF-B960-3999AFF33EDC}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{80487897-7948-4E1F-A56B-D6BF2DDFD384}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{E1194DD6-E760-4228-AC16-8BF979C49461}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Benchmark.exe
FirewallRules: [{6F5882D9-DE42-44E5-979F-BA3BE5D7FE01}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{A162A959-D32F-4A1F-AE15-0CAB64E15467}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\AddonWeb.exe
FirewallRules: [{83D8F721-191D-4B66-AE6D-2B642C247D58}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{171AF101-1095-40D6-8A3F-FDE4B0928412}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\tools\Anno4Web.exe
FirewallRules: [{02F23198-8BDA-4488-8E73-C168CA9F7C94}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{77795AA9-DE95-464C-9CEC-47610180D19B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Addon.exe
FirewallRules: [{2875E03E-A4D4-45D3-847A-19389880BCF4}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{424CFF66-A605-4595-AA6D-AAE82043EAFE}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404 - Königsedition\Anno4.exe
FirewallRules: [{F42A9AF6-CF6A-4748-B183-E0FF456572B4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{6BB243A1-5710-4BF3-A614-0A5B0DA7B423}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{88A80B8B-C7F4-4030-8CB6-AD455C1CC393}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{4251BFCF-E297-4B16-95A5-916159407EBF}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2A98591B-4734-45D9-8048-D753F3666EBF}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{60AED049-FDEC-4D2B-A2D7-A1DD5A74FA69}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{BF677212-BAF3-4F3D-9F6F-7AAFD4B6680E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{9EDCE7E5-3079-424A-9628-E2A640FD995F}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{8F53DB78-2A91-4A77-85F9-649345B86EE7}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{490F51B2-6DA8-43F0-8B60-F4F05C0EE244}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{B9EA867B-3837-4108-8CD9-04174E742748}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{68C6310E-FFB9-414D-B8A3-EE7669E08C7C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{E4D3D348-613E-48EB-9792-39B3816021D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B538490E-19A7-449F-A90E-2CB3CEBD165D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B267F03D-DF7C-46C7-BD71-E605DCE85DCD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD0A31FD-BC2B-4591-8726-8E3D7B2724B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{556939B8-581C-4976-A317-6F2807FAC918}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5613CFF9-032B-4AA4-9EAE-6C03D51191A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{48D2EBA5-E8FF-4B16-AC4F-D890D68661FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{663A619A-D401-40DF-976E-9A242931153F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4FB65421-D737-45AB-8647-18B0EB96ECF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BB98A17D-02A3-46B9-9B5B-E73BAE53DAC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{13A9A403-99BC-4A93-B156-DF79F20A8DB0}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{AC09FB43-1589-47A9-97B7-1D401BBE45A5}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{4575C862-2645-48F3-A05E-5EE6AFDB6EFB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{6EBFD669-1AC0-4367-99D2-65CF5C400220}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{C6D5294C-578D-4FE9-8ED1-7F72B81664DE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E060D43D-8461-4558-86B3-63525E49175A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{73C69E57-595C-4BE8-A784-152787980094}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{63004B94-F08C-4C35-92A2-77F27F3D8B3A}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{A85D6CF9-0A11-4004-BDD3-F1EA4C8396BE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{B574AEAA-994C-4CD3-97C1-40510FCD66CD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4FD087CC-6308-4BC1-8156-D8FB082E958A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{5DEF28FA-0B9B-4712-B2AA-43DFD3E1FB2A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{A1EE2060-4515-4EB0-87BB-1ABB1E26E87E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{D4DA21C5-906E-4BFA-8203-03BC9323C74C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{E68259CF-491B-4DD3-9772-D24348F5D89B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{33233595-C89D-4B6A-A1D9-DBED85E7A12D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [TCP Query User{2DF87985-CAF0-4392-84E9-11AD020A3E6F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8D459437-6B4D-4A9C-9323-4742807C86EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{023BE7B0-B1FF-4668-A65B-0FC3FFD600BD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4CA1D855-FECB-4DB8-AA0B-C63B34A23AC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84D321BD-45B7-4BA9-86BC-F9441E8291DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{235C4041-D11B-4828-A04F-A8C5E0FFAEEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{BAC06AC1-6CF2-4B39-A39E-8C05F4B1D8C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/30/2015 05:22:16 PM) (Source: MsiInstaller) (EventID: 1002) (User: expert)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".
Error: (11/30/2015 05:18:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/30/2015 05:16:02 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
Der Vorgang wurde erfolgreich beendet.
Error: (11/30/2015 05:00:37 PM) (Source: MsiInstaller) (EventID: 1002) (User: expert)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".
Error: (11/30/2015 04:56:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/29/2015 11:18:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/29/2015 11:18:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/29/2015 11:18:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: expert)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/29/2015 03:47:54 PM) (Source: MsiInstaller) (EventID: 1002) (User: expert)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".
Error: (11/29/2015 02:02:13 AM) (Source: MsiInstaller) (EventID: 1002) (User: expert)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".
Systemfehler:
=============
Error: (11/30/2015 05:25:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Xbox Live Authentifizierungs-Manager" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%0
Error: (11/30/2015 05:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (11/30/2015 05:21:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 16323.07 MB
Verfügbarer physikalischer RAM: 13513.29 MB
Summe virtueller Speicher: 18755.07 MB
Verfügbarer virtueller Speicher: 15448.14 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:1848.29 GB) (Free:1415.33 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:12.81 GB) (Free:1.62 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (INTENSO) (Fixed) (Total:931.51 GB) (Free:929.02 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B0DA372C)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 205239D8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Habt ihr ne Ahnung wie ich die da raus kriege? Geändert von DukeYGO (30.11.2015 um 19:21 Uhr) |
|
01.12.2015, 07:39
| #2 |
| /// the machine /// TB-Ausbilder    | Erneut watch4-Befall hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
01.12.2015, 20:59
| #3 |
| | Erneut watch4-BefallCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.12.2015 Suchlaufzeit: 17:04 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.01.04 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: expert pc Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 415503 Abgelaufene Zeit: 21 Min., 3 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 01/12/2015 um 17:27:58
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-11-30.1 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : expert pc - EXPERT
# Gestartet von : C:\Users\expert pc\Desktop\AdwCleaner_5.023.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [624 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by expert pc (Administrator) on 01.12.2015 at 17:29:30,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2015 at 17:30:39,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von expert pc (Administrator) auf EXPERT (01-12-2015 17:32:11)
Gestartet von C:\Users\expert pc\Desktop
Geladene Profile: expert pc (Verfügbare Profile: expert pc)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\expert pc\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\wmi64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-12-03] (Hewlett-Packard )
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-11-02] (Pixart Imaging Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13253952 2015-11-17] (Corsair Components, Inc.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-08]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0AB66A52-9D92-42E0-9CFA-FF38C9E0201B}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7EBC1CF5-BC33-49D9-8E02-79D7EA92BEC3}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{837EC76F-5818-4A49-88FC-31C78F1EE679}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{850EF25E-1338-41D6-ACFB-6ABA8CFDCA47}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{96af2199-8831-487a-87fc-f08f0f7ac314}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a222317e-793e-4a1c-9ac1-8a4ebd92dbd2}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> {61909BC3-BE76-4BDB-A905-689F89D62260} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\expert pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-01] ()
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: BetterTTV - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\firefox@betterttv.net.xpi [2015-11-21]
FF Extension: Adblock Plus - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.)
R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
R3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd)
S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-09] (Realsil Semiconductor Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-11-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-01 17:30 - 2015-12-01 17:31 - 00000551 _____ C:\Users\expert pc\Desktop\JRT.txt
2015-12-01 17:27 - 2015-12-01 17:28 - 00000702 _____ C:\Users\expert pc\Desktop\AdwCleaner[S4].txt
2015-12-01 17:25 - 2015-12-01 17:25 - 00016148 _____ C:\WINDOWS\system32\EXPERT_expert pc_HistoryPrediction.bin
2015-12-01 17:25 - 2015-12-01 17:25 - 00001199 _____ C:\Users\expert pc\Desktop\mbam.txt
2015-12-01 17:00 - 2015-12-01 17:01 - 16563352 _____ (Malwarebytes Corp.) C:\Users\expert pc\Desktop\mbar-1.09.3.1001.exe
2015-12-01 17:00 - 2015-12-01 17:00 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\expert pc\Desktop\tdsskiller.exe
2015-12-01 16:57 - 2015-12-01 17:29 - 01599336 _____ (Malwarebytes) C:\Users\expert pc\Desktop\JRT.exe
2015-12-01 16:56 - 2015-12-01 17:27 - 01736704 _____ C:\Users\expert pc\Desktop\AdwCleaner_5.023.exe
2015-11-30 19:51 - 2015-11-30 19:51 - 00852771 _____ C:\Users\expert pc\Desktop\SecurityCheck.exe
2015-11-30 19:06 - 2015-11-30 19:10 - 00060534 _____ C:\Users\expert pc\Desktop\Addition.txt
2015-11-30 19:05 - 2015-12-01 17:32 - 00023403 _____ C:\Users\expert pc\Desktop\FRST.txt
2015-11-30 19:05 - 2015-12-01 17:32 - 00000000 ____D C:\FRST
2015-11-30 19:04 - 2015-11-30 19:05 - 02350080 _____ (Farbar) C:\Users\expert pc\Desktop\FRST64.exe
2015-11-29 19:56 - 2015-11-29 19:56 - 00043838 _____ C:\Users\expert pc\AppData\Local\recently-used.xbel
2015-11-27 00:42 - 2015-11-27 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-11-27 00:41 - 2015-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Corsair
2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-21 13:02 - 2015-11-21 13:02 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-15 13:28 - 2015-11-15 13:28 - 00000000 ____D C:\Users\expert pc\Documents\SavedGames
2015-11-14 00:41 - 2015-11-14 00:41 - 00002123 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\ExpressVPN
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\Program Files (x86)\ExpressVPN
2015-11-13 23:56 - 2015-11-14 00:45 - 00000000 ____D C:\Users\expert pc\AppData\Local\ExpressVPN
2015-11-10 19:32 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:32 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 19:32 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 19:32 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:32 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 19:32 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:32 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 19:32 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 19:32 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 19:32 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:32 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 19:32 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 19:32 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:32 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 19:32 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 19:32 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 19:32 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 19:32 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 19:32 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 19:32 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:32 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 19:32 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 19:32 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 19:32 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:32 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:32 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 19:32 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 19:32 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 19:32 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 19:32 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 19:32 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 19:32 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 19:32 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 19:32 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 19:32 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:32 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 19:32 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 19:32 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 19:32 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 19:32 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 19:32 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:32 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:32 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:32 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:32 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 19:32 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 19:32 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 23:20 - 2015-11-08 23:20 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\LolClient
2015-11-08 22:44 - 2015-11-08 22:44 - 00000000 ____D C:\ProgramData\Riot Games
2015-11-08 22:43 - 2015-11-08 22:44 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Riot Games
2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\Riot Games
2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-11-08 22:43 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-11-08 22:43 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-11-08 22:43 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-11-08 22:32 - 2015-11-08 22:32 - 00000279 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-11-08 22:25 - 2015-11-08 22:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Vivaldi
2015-11-08 20:05 - 2015-11-08 20:08 - 00272644 _____ C:\TDSSKiller.3.1.0.5_08.11.2015_20.05.26_log.txt
2015-11-08 19:58 - 2015-12-01 17:29 - 00000000 ____D C:\AdwCleaner
2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-11-04 20:18 - 2015-11-04 20:18 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys
2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-11-04 20:18 - 2015-11-04 20:18 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-11-04 20:18 - 2015-11-04 20:18 - 00040398 _____ C:\WINDOWS\system32\Repository.reg
2015-11-04 20:18 - 2015-11-04 20:18 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-11-04 20:18 - 2015-11-04 20:18 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-11-03 18:15 - 2015-11-03 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 19:59 - 2015-11-02 19:59 - 00241152 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\TiltWheelMouse.exe
2015-11-02 19:59 - 2015-11-02 19:59 - 00157696 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\mousecpl.dll
2015-11-02 19:59 - 2015-11-02 19:59 - 00006144 _____ C:\WINDOWS\system32\Drivers\t_mouse.sys
2015-11-01 13:25 - 2015-11-01 13:25 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Corsair
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-01 17:31 - 2015-07-31 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-01 17:26 - 2014-10-02 22:01 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Skype
2015-12-01 17:08 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 17:08 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-01 17:03 - 2014-10-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 16:57 - 2014-06-30 02:26 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{968F1233-CAC6-49C7-9463-8E9C2E9BCE20}
2015-12-01 16:55 - 2014-10-19 15:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-30 22:40 - 2014-11-11 21:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 19:06 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-30 17:22 - 2015-07-31 13:33 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 17:22 - 2015-07-10 17:34 - 00848086 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-30 17:22 - 2015-07-10 17:34 - 00186362 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-30 17:22 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-30 17:15 - 2015-07-31 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 17:15 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 17:15 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 17:14 - 2015-07-31 13:34 - 00000000 ____D C:\Users\expert pc
2015-11-29 23:16 - 2014-10-08 18:26 - 00000000 ____D C:\Users\expert pc\AppData\Local\Battle.net
2015-11-29 19:56 - 2015-10-28 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Local\gtk-2.0
2015-11-29 19:56 - 2015-10-28 21:54 - 00000000 ____D C:\Users\expert pc\.gimp-2.8
2015-11-29 19:14 - 2015-10-18 23:05 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\OBS
2015-11-29 02:02 - 2015-09-09 10:47 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job
2015-11-28 21:46 - 2014-10-08 18:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-28 13:43 - 2015-07-31 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Audacity
2015-11-26 22:08 - 2015-09-09 11:21 - 00000000 ____D C:\Users\expert pc\Documents\Bandicam
2015-11-23 22:10 - 2015-10-05 05:29 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\avidemux
2015-11-23 17:37 - 2015-10-15 17:38 - 00000000 ____D C:\Users\expert pc\Desktop\Bilder
2015-11-22 19:26 - 2014-10-12 13:45 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\TS3Client
2015-11-21 12:54 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 12:44 - 2015-08-26 16:13 - 00000000 ____D C:\Users\expert pc\.oracle_jre_usage
2015-11-21 12:44 - 2014-10-02 10:03 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 12:43 - 2015-10-21 05:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-20 20:41 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-18 11:59 - 2015-10-19 18:40 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\YGOPro DevPro Launcher
2015-11-17 19:34 - 2015-05-19 16:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-14 18:56 - 2014-10-02 10:54 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Mozilla
2015-11-13 23:52 - 2015-09-17 19:55 - 00000000 ____D C:\Users\expert pc\Desktop\Aquarium
2015-11-13 19:55 - 2015-10-18 20:25 - 00000000 ____D C:\Users\expert pc\Desktop\Bearbeitungssoftware
2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-11-12 22:18 - 2014-10-08 17:18 - 00000000 ____D C:\Users\expert pc\AppData\Local\Adobe
2015-11-11 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 20:56 - 2014-10-11 10:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-11 19:40 - 2014-11-11 21:03 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-11 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 20:06 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 20:05 - 2014-10-02 10:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 19:57 - 2014-10-02 10:25 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 19:26 - 2015-10-12 05:49 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-10 06:40 - 2015-07-31 15:05 - 00002373 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-10 06:40 - 2015-07-31 15:05 - 00000000 ___RD C:\Users\expert pc\OneDrive
2015-11-09 20:34 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Local\Hewlett-Packard
2015-11-09 20:34 - 2014-06-21 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-09 20:34 - 2014-06-21 00:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-09 20:26 - 2014-06-21 00:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-09 20:24 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\hpqlog
2015-11-09 20:23 - 2014-04-02 12:27 - 00000000 ____D C:\SWSETUP
2015-11-08 22:45 - 2015-10-15 17:37 - 00000000 ____D C:\Users\expert pc\Desktop\Games
2015-11-04 21:43 - 2015-10-06 21:30 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\vlc
2015-11-03 23:29 - 2014-10-02 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 06:07 - 2014-10-02 22:00 - 00000000 ____D C:\ProgramData\Skype
2015-11-01 13:25 - 2014-11-05 21:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Corsair
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-16 19:48 - 2015-01-16 20:53 - 0000098 _____ () C:\Users\expert pc\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2015-11-29 19:56 - 2015-11-29 19:56 - 0043838 _____ () C:\Users\expert pc\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\expert pc\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\expert pc\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\expert pc\AppData\Local\Temp\YgoUpdater.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-28 21:21
==================== Ende von FRST.txt ============================
Oder besteht keine Gefahr, dass die Passwörter gesammelt wurden. Ist ja in Anführungsstichen nur einfach Adware und nichts im Stile von PUPs. |
|
02.12.2015, 16:42
| #4 |
| /// the machine /// TB-Ausbilder | Erneut watch4-Befall Also bist du der Meinung Adware ist weniger schlimm als PUP?  PW immer ändern. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2015, 20:48
| #5 |
| | Erneut watch4-Befall Na gut. Dann werd ich mich mal daran machen meine 4 dutzend Passwörter handschriftlich zu ändern, damit ich überhaupt mal voran komme. Das ist halt einfach immer nur ätzend. Aber gut, damit muss ich leben. Konnte man denn aus den Logs rauslesen, woran es lag? Wenn ich mal von Aquaristik so viel Ahnung hätte wie von Computern  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=init
# utc_time=2015-12-02 04:33:25
# local_time=2015-12-02 05:33:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27011
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=updated
# utc_time=2015-12-02 04:36:39
# local_time=2015-12-02 05:36:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# engine=27011
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-02 04:53:58
# local_time=2015-12-02 05:53:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 5041 76654068 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 178410 12549250 0 0
# scanned=64055
# found=0
# cleaned=0
# scan_time=1039
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=init
# utc_time=2015-12-02 04:56:52
# local_time=2015-12-02 05:56:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 27011
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=updated
# utc_time=2015-12-02 04:57:07
# local_time=2015-12-02 05:57:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# engine=27011
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-02 07:23:49
# local_time=2015-12-02 08:23:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 10432 76663059 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9766 12558241 0 0
# scanned=462338
# found=0
# cleaned=0
# scan_time=8802
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=init
# utc_time=2015-12-02 04:33:25
# local_time=2015-12-02 05:33:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27011
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=updated
# utc_time=2015-12-02 04:36:39
# local_time=2015-12-02 05:36:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# engine=27011
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-02 04:53:58
# local_time=2015-12-02 05:53:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 5041 76654068 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 178410 12549250 0 0
# scanned=64055
# found=0
# cleaned=0
# scan_time=1039
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=init
# utc_time=2015-12-02 04:56:52
# local_time=2015-12-02 05:56:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 27011
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# end=updated
# utc_time=2015-12-02 04:57:07
# local_time=2015-12-02 05:57:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3543183bf97b8d45b786b2842e454301
# engine=27011
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-02 07:23:49
# local_time=2015-12-02 08:23:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 10432 76663059 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9766 12558241 0 0
# scanned=462338
# found=0
# cleaned=0
# scan_time=8802
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
durchgeführt von expert pc (Administrator) auf EXPERT (02-12-2015 20:47:26)
Gestartet von C:\Users\expert pc\Desktop
Geladene Profile: expert pc (Verfügbare Profile: expert pc)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-12-03] (Hewlett-Packard )
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-11-02] (Pixart Imaging Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13253952 2015-11-17] (Corsair Components, Inc.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515584 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\...\RunOnce: [Uninstall C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\expert pc\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-08]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{0AB66A52-9D92-42E0-9CFA-FF38C9E0201B}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7EBC1CF5-BC33-49D9-8E02-79D7EA92BEC3}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{837EC76F-5818-4A49-88FC-31C78F1EE679}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{850EF25E-1338-41D6-ACFB-6ABA8CFDCA47}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{96af2199-8831-487a-87fc-f08f0f7ac314}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a222317e-793e-4a1c-9ac1-8a4ebd92dbd2}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-2350193266-1077779400-760107588-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK14/4
SearchScopes: HKLM -> {61909BC3-BE76-4BDB-A905-689F89D62260} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\expert pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-09-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2350193266-1077779400-760107588-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-01] ()
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-31] [ist nicht signiert]
FF Extension: BetterTTV - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\firefox@betterttv.net.xpi [2015-11-21]
FF Extension: Adblock Plus - C:\Users\expert pc\AppData\Roaming\Mozilla\Firefox\Profiles\ydr1aiwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [Datei ist nicht signiert]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-02] (Electronic Arts)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.)
R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
R3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd)
S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-09] (Realsil Semiconductor Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-11-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-02 20:39 - 2015-12-02 20:39 - 00000969 _____ C:\Users\expert pc\Desktop\checkup.txt
2015-12-02 20:38 - 2015-12-02 20:38 - 00016148 _____ C:\WINDOWS\system32\EXPERT_expert pc_HistoryPrediction.bin
2015-12-02 17:31 - 2015-12-02 17:33 - 02870984 _____ (ESET) C:\Users\expert pc\Desktop\esetsmartinstaller_deu.exe
2015-12-01 17:30 - 2015-12-01 17:31 - 00000551 _____ C:\Users\expert pc\Desktop\JRT.txt
2015-12-01 17:27 - 2015-12-01 17:28 - 00000702 _____ C:\Users\expert pc\Desktop\AdwCleaner[S4].txt
2015-12-01 17:25 - 2015-12-01 17:25 - 00001199 _____ C:\Users\expert pc\Desktop\mbam.txt
2015-12-01 16:57 - 2015-12-01 17:29 - 01599336 _____ (Malwarebytes) C:\Users\expert pc\Desktop\JRT.exe
2015-12-01 16:56 - 2015-12-01 17:27 - 01736704 _____ C:\Users\expert pc\Desktop\AdwCleaner_5.023.exe
2015-11-30 19:51 - 2015-11-30 19:51 - 00852771 _____ C:\Users\expert pc\Desktop\SecurityCheck.exe
2015-11-30 19:06 - 2015-11-30 19:10 - 00060534 _____ C:\Users\expert pc\Desktop\Addition.txt
2015-11-30 19:05 - 2015-12-02 20:47 - 00024655 _____ C:\Users\expert pc\Desktop\FRST.txt
2015-11-30 19:05 - 2015-12-02 20:47 - 00000000 ____D C:\FRST
2015-11-30 19:04 - 2015-11-30 19:05 - 02350080 _____ (Farbar) C:\Users\expert pc\Desktop\FRST64.exe
2015-11-29 19:56 - 2015-11-29 19:56 - 00043838 _____ C:\Users\expert pc\AppData\Local\recently-used.xbel
2015-11-27 00:42 - 2015-11-27 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-11-27 00:41 - 2015-11-27 00:41 - 00000000 ____D C:\Program Files (x86)\Corsair
2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-21 13:03 - 2015-11-21 13:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-21 13:02 - 2015-11-21 13:02 - 00358168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-15 13:28 - 2015-11-15 13:28 - 00000000 ____D C:\Users\expert pc\Documents\SavedGames
2015-11-14 00:41 - 2015-11-14 00:41 - 00002123 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\ProgramData\ExpressVPN
2015-11-14 00:41 - 2015-11-14 00:41 - 00000000 ____D C:\Program Files (x86)\ExpressVPN
2015-11-13 23:56 - 2015-11-14 00:45 - 00000000 ____D C:\Users\expert pc\AppData\Local\ExpressVPN
2015-11-10 19:32 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:32 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 19:32 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 19:32 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:32 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 19:32 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:32 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 19:32 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 19:32 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 19:32 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:32 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 19:32 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 19:32 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:32 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 19:32 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 19:32 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 19:32 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 19:32 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 19:32 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 19:32 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 19:32 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:32 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 19:32 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 19:32 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 19:32 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:32 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:32 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 19:32 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 19:32 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 19:32 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 19:32 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 19:32 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 19:32 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 19:32 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 19:32 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 19:32 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 19:32 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:32 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 19:32 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 19:32 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 19:32 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 19:32 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 19:32 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:32 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:32 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:32 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:32 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 19:32 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 19:32 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 23:20 - 2015-11-08 23:20 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\LolClient
2015-11-08 22:44 - 2015-11-08 22:44 - 00000000 ____D C:\ProgramData\Riot Games
2015-11-08 22:43 - 2015-11-08 22:44 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Riot Games
2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\Riot Games
2015-11-08 22:43 - 2015-11-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-11-08 22:43 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-11-08 22:43 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-11-08 22:43 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-11-08 22:32 - 2015-11-08 22:32 - 00000279 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-11-08 22:25 - 2015-11-08 22:32 - 00000000 ____D C:\Users\expert pc\AppData\Local\Vivaldi
2015-11-08 20:05 - 2015-11-08 20:08 - 00272644 _____ C:\TDSSKiller.3.1.0.5_08.11.2015_20.05.26_log.txt
2015-11-08 19:58 - 2015-12-01 17:29 - 00000000 ____D C:\AdwCleaner
2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-11-04 20:18 - 2015-11-04 20:18 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys
2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-11-04 20:18 - 2015-11-04 20:18 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-11-04 20:18 - 2015-11-04 20:18 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-11-04 20:18 - 2015-11-04 20:18 - 00040398 _____ C:\WINDOWS\system32\Repository.reg
2015-11-04 20:18 - 2015-11-04 20:18 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-11-04 20:18 - 2015-11-04 20:18 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-11-03 18:15 - 2015-11-03 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 19:59 - 2015-11-02 19:59 - 00241152 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\TiltWheelMouse.exe
2015-11-02 19:59 - 2015-11-02 19:59 - 00157696 _____ (Pixart Imaging Inc) C:\WINDOWS\system32\mousecpl.dll
2015-11-02 19:59 - 2015-11-02 19:59 - 00006144 _____ C:\WINDOWS\system32\Drivers\t_mouse.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-02 20:40 - 2014-11-11 21:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 20:36 - 2014-10-02 22:01 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Skype
2015-12-02 19:57 - 2015-07-31 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-02 19:40 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-02 17:30 - 2014-10-19 15:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-02 16:54 - 2014-06-30 02:26 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{968F1233-CAC6-49C7-9463-8E9C2E9BCE20}
2015-12-01 22:21 - 2015-10-15 17:38 - 00000000 ____D C:\Users\expert pc\Desktop\Bilder
2015-12-01 17:43 - 2015-07-31 13:33 - 01994140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-01 17:43 - 2015-07-10 17:34 - 00848086 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-01 17:43 - 2015-07-10 17:34 - 00186362 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-01 17:43 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-01 17:39 - 2014-10-02 22:00 - 00000000 ____D C:\ProgramData\Skype
2015-12-01 17:37 - 2015-07-31 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-01 17:37 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-01 17:37 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-01 17:08 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 17:03 - 2014-10-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 19:06 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-11-30 17:14 - 2015-07-31 13:34 - 00000000 ____D C:\Users\expert pc
2015-11-29 23:16 - 2014-10-08 18:26 - 00000000 ____D C:\Users\expert pc\AppData\Local\Battle.net
2015-11-29 19:56 - 2015-10-28 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Local\gtk-2.0
2015-11-29 19:56 - 2015-10-28 21:54 - 00000000 ____D C:\Users\expert pc\.gimp-2.8
2015-11-29 19:14 - 2015-10-18 23:05 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\OBS
2015-11-29 02:02 - 2015-09-09 10:47 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForexpert pc.job
2015-11-28 21:46 - 2014-10-08 18:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-28 13:43 - 2015-07-31 21:58 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Audacity
2015-11-26 22:08 - 2015-09-09 11:21 - 00000000 ____D C:\Users\expert pc\Documents\Bandicam
2015-11-23 22:10 - 2015-10-05 05:29 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\avidemux
2015-11-22 19:26 - 2014-10-12 13:45 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\TS3Client
2015-11-21 12:54 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 12:44 - 2015-10-21 05:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 12:44 - 2015-08-26 16:13 - 00000000 ____D C:\Users\expert pc\.oracle_jre_usage
2015-11-21 12:44 - 2014-10-02 10:03 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 12:43 - 2015-10-21 05:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-20 20:41 - 2014-10-10 21:33 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-18 11:59 - 2015-10-19 18:40 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\YGOPro DevPro Launcher
2015-11-17 19:34 - 2015-05-19 16:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-14 18:56 - 2014-10-02 10:54 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\Mozilla
2015-11-13 23:52 - 2015-09-17 19:55 - 00000000 ____D C:\Users\expert pc\Desktop\Aquarium
2015-11-13 19:55 - 2015-10-18 20:25 - 00000000 ____D C:\Users\expert pc\Desktop\Bearbeitungssoftware
2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-11-13 18:56 - 2015-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Bandicam
2015-11-12 22:18 - 2014-10-08 17:18 - 00000000 ____D C:\Users\expert pc\AppData\Local\Adobe
2015-11-11 22:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 20:56 - 2014-10-11 10:59 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-11 19:40 - 2014-11-11 21:03 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-11 03:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 20:06 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 20:05 - 2014-10-02 10:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 19:57 - 2014-10-02 10:25 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 19:26 - 2015-10-12 05:49 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-10 06:40 - 2015-07-31 15:05 - 00002373 _____ C:\Users\expert pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-10 06:40 - 2015-07-31 15:05 - 00000000 ___RD C:\Users\expert pc\OneDrive
2015-11-09 20:34 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Local\Hewlett-Packard
2015-11-09 20:34 - 2014-06-21 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-09 20:34 - 2014-06-21 00:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-09 20:26 - 2014-06-21 00:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-09 20:26 - 2014-06-21 00:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-09 20:24 - 2014-06-27 06:36 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\hpqlog
2015-11-09 20:23 - 2014-04-02 12:27 - 00000000 ____D C:\SWSETUP
2015-11-08 22:45 - 2015-10-15 17:37 - 00000000 ____D C:\Users\expert pc\Desktop\Games
2015-11-04 21:43 - 2015-10-06 21:30 - 00000000 ____D C:\Users\expert pc\AppData\Roaming\vlc
2015-11-03 23:29 - 2014-10-02 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-03 19:20 - 2015-07-10 12:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-01-16 19:48 - 2015-01-16 20:53 - 0000098 _____ () C:\Users\expert pc\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2015-11-29 19:56 - 2015-11-29 19:56 - 0043838 _____ () C:\Users\expert pc\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\expert pc\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\expert pc\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\expert pc\AppData\Local\Temp\YgoUpdater.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-28 21:21
==================== Ende von FRST.txt ============================
|
|
03.12.2015, 15:49
| #6 |
| /// the machine /// TB-Ausbilder | Erneut watch4-Befall Nachvollziehbar ist das nicht, aber sowas kommt immer von Freeware Installationen, Nutzung von so Malwareschleudern wie Chip oder Installation von "Sicherheitssoftware" die von selbst sowas schon mit bringt.
__________________ --> Erneut watch4-Befall |
|
03.12.2015, 17:13
| #7 |
| | Erneut watch4-Befall Dann könnte es an der neulich angelegten Gimp Installation legen, wo ich die doch sogar schon über die reguläre Seite der Firma heruntergeladen habe. Echt ärgerlich diese Dinge. Aber was will man machen. Den Security Log poste ich in einer halben Stunde etwa, eher komme ich nicht dazu, weil ich noch auf Arbeit bin. Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.9016)
Java 8 Update 66
Adobe Flash Player 19.0.0.245
Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Windows Defender MpCmdRun.exe
Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Das Problem tritt im Moment nicht auf. Dafür sagt mir Microsoft bei jedem Start, dass die Firewall deaktiviert wurde und ich sie aktivieren soll. Ich nutze ja Kaspersky. Dort ist die Firewalloption allerdings aktiviert. Ahnung woran das liegen könnte? |
|
04.12.2015, 15:16
| #8 |
| /// the machine /// TB-Ausbilder | Erneut watch4-Befall An WMI bzw Kaspersky. Wenn Kaspersky eine Firewall hat wird ja die Windows-Eigene deaktiviert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2015, 15:22
| #9 |
| | Erneut watch4-Befall Habe Kaspersky neu aufgesetzt. Problem erledigt. Müssen wir jetzt noch irgendwas machen? seit 2 tagen keine vorkommnisse mehr. ich ändere die passwörter dann am ende der ganzen aktion. Kann ich dann die Bearbeitung der Sache mit DelFix beenden? Dann kann ich demnächst mal die passwörter ändern und über Nacht dann auch mal ne Datensicherung durchführen..so wie alle 2 Monate |
|
06.12.2015, 22:04
| #10 |
| /// the machine /// TB-Ausbilder | Erneut watch4-Befall kannste alles machen. Frage: Nutzt Du Skype?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.12.2015, 09:57
| #11 |
| | Erneut watch4-Befall Gut. Dann lehre ich nachher mal meine Cookies & die Temp mit dem CCleaner. Und lasse dann DelFix laufen. Ich nutze Skype. Ist das relevant in irgendeiner Hinsicht? Ich hab gelesen, dass das häufiger mit watch4 in Verbindung gebracht wird. Tatsächlich interessant zu sehen. Wir hatten ja quasi keine Funde auf dem System vorher, richtig? Die Werbung springt immernoch auf. Hat das tatsächlich was mit Skype zu tun? |
|
08.12.2015, 08:01
| #12 |
| /// the machine /// TB-Ausbilder | Erneut watch4-Befall Änderung der Privatsphäre-Einstellungen (Häkchen entfernen)   Bitte lade Dir von hier BlueLifeHosts editor herunter und entpacke die Datei auf Deinem Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Erneut watch4-Befall |
| adware, converter, cpu, dnsapi.dll, entfernen, failed, firefox, flash player, helper, home, installation, kaspersky, launch, mozilla, mp3, onedrive, prozess, prozesse, realtek, registry, rundll, scan, security, software, svchost.exe, system, windows, windows xp |
Linear-Darstellung
