|
Plagegeister aller Art und deren Bekämpfung: Watch4 VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.12.2015, 16:28 | #1 |
| Watch4 Virus Hallo, heute nach dem Mittagessen sah ich, dass sich in Chrome ein neuer Tab geöffnet hatte, der keinen Inhalt hatte und in dessen Adresszeile etwas von watch4 stand (die genaue Adresse habe ich mir nicht gemerkt). Ohne Bedenken schloss ich den Tab. Später hörte ich eine Werbung abspielen und wunderte mich wo diese herkam. Über den Lautstärkemixer stellte sich heraus, dass diese von Skype kam. Währendessen hatte sich wieder dieser watch4 Tab geöffnet, sodass ich misstrauisch wurde und googelte. Zudem lud ich mir JRT runter und startete den adw Cleaner. Der fand 3 Regestry-Keys und als ich den löschen Button betätigte kam eine Windows Fehlermeldung heraus, dass Cortana nicht mehr funktioniere und dass ich mich abmelden solle. Zeitgleich sagte mir adw Cleaner, dass ich den PC neustarten solle, wass ich dann auch tat. Nach dem Neustart startete ich JRT, was leider keine Ergebnisse lieferte und Malewarebyte`s Anti Maleware. Auch fiel mir auf, dass ich nun keine Internetverbindung hatte (Ich schreibe gerade an meinem uralten Laptop). Später zeigte Anti Maleware ebenfalls keine Ergebnisse an, sodass ich verwundert diesen Thread startete und euch um Hilfe bitte. Gruß fefl PS: Ich nutze Windows 10 PPS: Das mit dem Internet hat sich wohl geklärt. Hamachi hatte das wohl blockiert?. Ich vergleiche mit änlichen Threads und werde versuchen gleich die Logfiles hier reinzustellen FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015 durchgeführt von Florian (Administrator) auf SN_1402860 (05-12-2015 16:17:48) Gestartet von C:\Users\Florian\Desktop\Antivirenzeug Geladene Profile: Florian (Verfügbare Profile: Florian) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) D:\Programme\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Hi-Rez Studios) D:\Programme\Hi-Rez Studios\HiPatchService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Adobe Systems, Inc.) D:\Programme\Adobe\Adobe Bridge CS4\Bridge.exe (Spotify Ltd) C:\Users\Florian\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Spotify Ltd) C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (Spotify Ltd) C:\Users\Florian\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe (AVAST Software) D:\Programme\Avast\AvastUI.exe (Spotify Ltd) C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Inc.) D:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (EJIE Technology) C:\Program Files (x86)\Clover\clover.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] () HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [7021880 2015-12-02] (AVAST Software) HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc) HKLM-x32\...\Run: [RoccatKonePureOptical] => C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe [561152 2014-01-20] (ROCCAT GmbH) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [AdobeBridge] => D:\Programme\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Spotify Web Helper] => C:\Users\Florian\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-11-27] (Spotify Ltd) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50143872 2015-11-17] (Skype Technologies S.A.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Spotify] => C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-11-27] (Spotify Ltd) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei [ ] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll [2015-12-02] (AVAST Software) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-17] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\..\Interfaces\{00b8752d-135d-4ff7-8453-242fedd2975c}: [NameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-26] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll [2015-12-02] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll => Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-26] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll [2015-12-02] (AVAST Software) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programme\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.1.5157423\npmathplugin.dll [2014-09-09] (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF FF Extension: Avast Online Security - D:\Programme\Avast\WebRep\FF [2015-12-02] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - D:\Programme\Avast\SafePrice\FF FF Extension: Avast SafePrice - D:\Programme\Avast\SafePrice\FF [2015-12-02] Chrome: ======= CHR HomePage: Default -> hxxps://de.yahoo.com?fr=hp-avast&type=prc265 CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://de.yahoo.com?fr=hp-avast&type=prc265" CHR Session Restore: Default -> ist aktiviert. CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Keine Datei CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Keine Datei CHR Profile: C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14] CHR Extension: (Google Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Battlefield Heroes) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-10-02] CHR Extension: (Adblock Plus) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05] CHR Extension: (Avast Online Security) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03] CHR Extension: (Plants vs Zombies) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-02-11] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-02] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [226440 2015-12-02] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-09-30] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation) R2 HiPatchService; D:\Programme\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [Datei ist nicht signiert] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.) S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation) S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [2057736 2015-09-16] (Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S3 AvastVBoxSvc; "D:\Programme\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 amdiommu; C:\Windows\System32\drivers\amdkiomd.sys [77312 2013-12-06] (Advanced Micro Devices, Inc.) S3 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-02] (AVAST Software) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-05] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S2 VBoxAswDrv; \??\D:\Programme\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-05 16:17 - 2015-12-05 16:17 - 00000000 ____D C:\FRST 2015-12-05 16:15 - 2015-12-05 16:15 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Downloads\tdsskiller.exe 2015-12-05 16:14 - 2015-12-05 16:14 - 02369024 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe 2015-12-05 16:11 - 2015-12-05 16:11 - 00016148 _____ C:\WINDOWS\system32\SN_1402860_Florian_HistoryPrediction.bin 2015-12-05 16:08 - 2015-12-05 16:17 - 00000000 ____D C:\Users\Florian\Desktop\Antivirenzeug 2015-12-05 16:08 - 2015-12-05 16:08 - 00050477 _____ C:\Users\Florian\Downloads\Defogger.exe 2015-12-05 15:55 - 2015-11-17 20:39 - 00450863 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151205-155503.backup 2015-12-05 11:28 - 2015-12-05 11:28 - 00000000 ___HD C:\OneDriveTemp 2015-12-02 21:18 - 2015-12-02 21:18 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-12-02 21:18 - 2015-12-02 21:18 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-11-29 00:39 - 2015-11-29 00:39 - 00877568 _____ C:\Users\Florian\Downloads\setup-x86_64.exe 2015-11-24 12:36 - 2015-11-24 12:36 - 00007606 _____ C:\Users\Florian\AppData\Local\Resmon.ResmonCfg 2015-11-24 12:29 - 2015-11-24 12:29 - 00006794 _____ C:\Users\Florian\Downloads\Brechungsgesetz.ggb 2015-11-24 12:29 - 2015-11-24 12:29 - 00006794 _____ C:\Users\Florian\Downloads\Brechungsgesetz (1).ggb 2015-11-24 12:28 - 2015-11-24 12:28 - 00000791 _____ C:\Users\Public\Desktop\GeoGebra.lnk 2015-11-24 12:28 - 2015-11-24 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5 2015-11-24 12:19 - 2015-11-24 12:27 - 50552792 _____ (International GeoGebra Institute) C:\Users\Florian\Downloads\GeoGebra-Windows-Installer-5-0-175-0.exe 2015-11-22 20:16 - 2015-11-22 20:16 - 00000819 _____ C:\Users\Public\Desktop\WarThunder.lnk 2015-11-22 20:16 - 2015-11-22 20:16 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2015-11-22 20:15 - 2015-11-22 20:16 - 05079176 _____ (Gaijin Entertainment ) C:\Users\Florian\Downloads\wt_launcher_1.0.1.571.exe 2015-11-21 19:23 - 2015-11-21 19:23 - 00002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2015-11-21 19:22 - 2015-12-05 11:29 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1D020E9A-2A23-4A20-ABD3-84517DE41149} 2015-11-21 19:22 - 2015-11-21 19:22 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-11-21 19:22 - 2015-11-14 07:12 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-11-21 19:21 - 2015-11-16 04:54 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 37881976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 22345848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 18390832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 14844112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 13533608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 02496632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 01016544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00877688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00823232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00674096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00503416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00501056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00446584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00422752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00413816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00369456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00177600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2015-11-21 18:43 - 2015-11-21 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-21 18:43 - 2015-11-21 18:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-21 18:31 - 2015-11-12 19:37 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2015-11-17 20:39 - 2015-11-17 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-11-17 20:39 - 2015-11-17 20:39 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-11-12 09:06 - 2015-11-12 09:07 - 00000725 _____ C:\Users\Florian\Desktop\musik.lnk 2015-11-11 18:03 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-11 18:03 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-11 18:03 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-11 18:03 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-11 18:03 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-11 18:03 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-11 18:03 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-11 18:03 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-11 18:03 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-11 18:03 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-11 18:03 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-11 18:03 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-11 18:03 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-11 18:03 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-11 18:03 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-11 18:03 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-11 18:03 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-11 18:03 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-11 18:03 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-11 18:03 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-11 18:03 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-11 18:03 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-11 18:03 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-11 18:03 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-11 18:03 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-11 18:03 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-11 18:03 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-11 18:03 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-11 18:03 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-11 18:03 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-11 18:03 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-11 18:03 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-11 18:03 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-11 18:03 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-11 18:03 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-11 18:03 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-11 18:03 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-11 18:03 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-11 18:03 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-11 18:03 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-11 18:03 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-11 18:03 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-11 18:03 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-11 18:03 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-11 18:03 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-11 18:03 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-11 18:03 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-11 18:02 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-11 18:02 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-11 18:02 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-11 18:02 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-11 18:02 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-11 18:02 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-06 20:28 - 2015-11-06 20:28 - 03913517 _____ C:\Users\Florian\Downloads\4114_Loesungen_QM.pdf 2015-11-06 20:19 - 2015-12-04 14:22 - 00001543 _____ C:\Users\Florian\AppData\Roaming\gnuplot_history 2015-11-06 19:55 - 2015-11-06 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gnuplot 2015-11-06 19:51 - 2015-11-06 19:53 - 19264059 _____ (gnuplot development team ) C:\Users\Florian\Downloads\gp501-win32-mingw.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-05 16:17 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-05 16:16 - 2015-08-07 01:34 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-05 16:16 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-05 16:16 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-05 16:16 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-05 16:16 - 2014-02-12 19:26 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Spotify 2015-12-05 16:12 - 2014-07-16 20:40 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Raptr 2015-12-05 16:12 - 2014-03-17 13:44 - 00000000 __RDO C:\Users\Florian\SkyDrive 2015-12-05 16:12 - 2014-02-15 17:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Skype 2015-12-05 16:12 - 2014-02-12 21:34 - 00000000 ____D C:\Users\Florian\AppData\Local\LogMeIn Hamachi 2015-12-05 16:11 - 2015-08-07 02:15 - 00000000 __SHD C:\Users\Florian\IntelGraphicsProfiles 2015-12-05 16:11 - 2015-08-07 01:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-05 16:11 - 2014-07-17 23:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-05 16:11 - 2014-02-12 19:27 - 00000000 ____D C:\Users\Florian\AppData\Local\Spotify 2015-12-05 16:11 - 2014-02-11 18:59 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-05 16:11 - 2014-02-11 18:59 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-05 16:10 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-05 16:10 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-05 16:10 - 2014-02-10 12:14 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-05 16:09 - 2015-02-09 20:17 - 00000000 ____D C:\AdwCleaner 2015-12-05 16:02 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-05 15:45 - 2014-03-04 20:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-05 15:25 - 2014-02-11 19:59 - 00004242 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-12-05 14:50 - 2015-09-15 11:55 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-05 14:50 - 2014-08-05 09:33 - 00000000 ____D C:\Users\Florian\AppData\Roaming\TS3Client 2015-12-04 21:40 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-04 21:40 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-04 15:06 - 2014-02-11 18:59 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-04 15:06 - 2014-02-11 18:59 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 21:34 - 2014-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\Raptr 2015-12-02 21:18 - 2014-05-31 02:11 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-12-01 22:12 - 2014-07-29 02:30 - 00000000 ____D C:\Users\Florian\AppData\Local\Battle.net 2015-12-01 21:08 - 2014-08-28 15:14 - 00000000 ____D C:\Users\Florian\Documents\ProfileCache 2015-12-01 21:07 - 2014-08-28 15:14 - 00000000 ____D C:\Users\Florian\Documents\The Crew 2015-11-30 17:50 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-11-29 01:06 - 2015-05-10 15:31 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Telegram Desktop 2015-11-29 00:20 - 2015-11-01 21:06 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Notepad++ 2015-11-28 23:37 - 2014-06-27 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-28 23:37 - 2014-06-27 17:17 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-27 21:19 - 2015-10-31 20:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 19:56 - 2014-06-07 21:24 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Audacity 2015-11-22 20:16 - 2014-02-12 04:44 - 00000000 ____D C:\Users\Florian\Documents\My Games 2015-11-21 22:58 - 2014-05-20 10:31 - 00000000 ____D C:\Users\Florian\AppData\Local\Arma 3 2015-11-21 19:23 - 2015-08-07 01:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-11-21 19:23 - 2014-11-20 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\LocalLow\EmieUserList 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\LocalLow\EmieSiteList 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\Local\EmieUserList 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\Local\EmieSiteList 2015-11-21 18:31 - 2014-11-20 22:30 - 00000000 ____D C:\Users\Florian\AppData\Local\NVIDIA Corporation 2015-11-21 16:33 - 2014-12-01 13:25 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-11-18 23:34 - 2014-02-15 17:42 - 00000000 ____D C:\ProgramData\Skype 2015-11-17 20:39 - 2015-08-04 18:23 - 00001979 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-11-17 11:32 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-17 07:27 - 2015-08-07 02:51 - 11228816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2015-11-16 04:54 - 2015-08-13 18:24 - 15839200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2015-11-16 04:54 - 2015-08-07 02:59 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2015-11-16 04:54 - 2015-08-07 02:59 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2015-11-16 04:54 - 2015-08-07 02:51 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 12870192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 03540544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb 2015-11-15 22:17 - 2015-08-07 01:27 - 00000000 ____D C:\Users\Florian 2015-11-15 00:49 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-14 18:13 - 2014-03-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-14 18:12 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-14 07:20 - 2015-08-07 02:57 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-11-14 07:20 - 2015-08-07 02:57 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-11-13 21:52 - 2015-04-22 10:52 - 00000000 ____D C:\Users\Florian\Desktop\Papa schicken 2015-11-12 19:37 - 2014-11-20 22:30 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-11-12 19:37 - 2014-11-20 22:30 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-11-12 19:37 - 2014-11-20 22:30 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-11-12 19:37 - 2014-11-20 22:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-11-11 18:22 - 2014-02-17 19:16 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-11 18:22 - 2014-02-17 19:16 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-10 19:45 - 2014-03-04 20:02 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-10 09:05 - 2015-07-28 15:27 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.TXT 2015-11-07 22:51 - 2014-02-12 19:01 - 00000000 ____D C:\Users\Florian\AppData\Roaming\.minecraft 2015-11-06 19:55 - 2015-08-05 07:37 - 00000000 ____D C:\Program Files (x86)\gnuplot ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-06 20:19 - 2015-12-04 14:22 - 0001543 _____ () C:\Users\Florian\AppData\Roaming\gnuplot_history 2015-11-24 12:36 - 2015-11-24 12:36 - 0007606 _____ () C:\Users\Florian\AppData\Local\Resmon.ResmonCfg 2015-08-07 01:26 - 2015-08-07 01:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-12 23:09 - 2014-12-12 23:09 - 0000093 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Einige Dateien in TEMP: ==================== C:\Users\Florian\AppData\Local\Temp\Quarantine.exe C:\Users\Florian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-29 13:55 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015 durchgeführt von Florian (2015-12-05 16:18:10) Gestartet von C:\Users\Florian\Desktop\Antivirenzeug Windows 10 Home (X64) (2015-08-07 01:15:39) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1274701302-3454042151-3049584581-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1274701302-3454042151-3049584581-503 - Limited - Disabled) Florian (S-1-5-21-1274701302-3454042151-3049584581-1001 - Administrator - Enabled) => C:\Users\Florian Gast (S-1-5-21-1274701302-3454042151-3049584581-501 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) A Game of Thrones version 1.0 (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 1.0 - AGOT TEAM) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated) Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Assassin's Creed(R) III v1.04 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.04 - Ubisoft) Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield Heroes (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward) Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland) Cartes du Ciel V3.10 (HKLM-x32\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.24.20150630 - Landesfinanzdirektion Thüringen) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Flixster (x32 Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Hidden GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.175.0 - International GeoGebra Institute) gnuplot 5.0 patchlevel 1 (HKLM-x32\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 5.0 patchlevel 1 - gnuplot development team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation) Keep Talking and Nobody Explodes (HKLM-x32\...\Steam App 341800) (Version: - Steel Crate Games) Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.1.0.3 - GOG.com) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.) Medal of Honor(TM) Multiplayer (HKLM-x32\...\Steam App 47830) (Version: - Electronic Arts) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.5.0.15 - GOG.com) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.00 - NVIDIA Corporation) NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation) NVIDIA Grafiktreiber 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version: - Moon Studios GmbH) Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{db19eca9-528e-475f-9260-e56831abfad0}) (Version: latest - ppy Pty Ltd) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) ROCCAT Kone Pure Optical Mouse Driver (HKLM-x32\...\{22D40E66-0D41-45A3-A8A1-90B8A38D9A68}) (Version: - Roccat GmbH) ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games) SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games) Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.19.3116.2 - Hi-Rez Studios) Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version: - City Interactive) Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Telegram Desktop version 0.9.13 (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.13 - Telegram Messenger LLP) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.6.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft) USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: - ) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) War Thunder Launcher 1.0.1.571 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) WinZip 18.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. ) Wolfram Extras 10.0 (5157423) (HKLM\...\A-WIN-Extras 10.0.1 5157423_is1) (Version: 10.0.1 - Wolfram Research, Inc.) Wolfram Mathematica 10 (M-WIN-L 10.0.1 5157734) (HKLM\...\M-WIN-L 10.0.1 5157734_is1) (Version: 10.0.1 - Wolfram Research, Inc.) Worms Revolution (HKLM-x32\...\Steam App 200170) (Version: - Team17 Digital Ltd.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-12-05 15:55 - 00450863 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Da befinden sich 15464 zusätzliche Einträge. ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0891CDAC-24AC-46E7-8ED5-846A0B9A888A} - System32\Tasks\{C85A94F3-3425-4FDC-8FD3-88A08CB3004F} => pcalua.exe -a "D:\Programme\Ubisoft\Ubisoft Game Launcher\Uplay.exe" -c uplay://uninstall/750 Task: {13C13C87-3E88-42DB-BE39-3CAF37A74C13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.) Task: {417D94CE-C13E-48DF-B1B0-921F7E6CE17E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {48B9DE0F-86F2-4A48-93BE-A2253FD4FB1C} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast\AvastEmUpdate.exe [2015-12-02] (AVAST Software) Task: {533FEC54-55B2-43DD-89CC-1BD0CF3D785E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {699FBD71-67AA-4CE0-89CE-07BB87C256AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {6B40E16E-BF63-4FA6-B632-E1B2D5E8687A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {716EA70A-EB53-4179-92F4-D443FE9C734F} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe Task: {7274F107-5DB8-47B1-AAC6-5CD0DB8D856A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation) Task: {73DE3684-E7BB-439B-B660-0A13D52FC0D5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {7416F2FE-447D-4268-837A-5CB1A40CFA75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {74EB9A21-8438-4F06-B8BD-54DE43A8C1FF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {77869D6C-AAB7-4765-B9A8-65239AF1F7D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {77F72D61-A4B1-4D83-B1D4-1CC7C2A8273F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {7FD65435-8EA9-43BC-B6AA-986743A05975} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.) Task: {90E0189E-C667-4A6A-AC1A-EC9ADD436A2E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {9DD166C9-EE79-47BA-B2B5-A6BE0EF71CB4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {AE007107-8C7E-4E23-87CE-ECE3B57FD4CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {B98B0C8E-FCA4-45D8-B55F-B38405C48464} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {BFA285AC-0522-43E9-9318-C7E2FA860B31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {CACA0A95-0027-45A1-8D52-27D495484BAC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.) Task: {CF84F592-4DF8-465B-9611-B39FF9B10D49} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {D4179BD1-FC33-4FC0-B58D-04872762C5E5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {D9919C1C-2187-43A9-B87F-4F064462F91C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-08-07 02:19 - 2015-08-07 02:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-08-07 02:57 - 2015-11-14 07:20 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-19 14:53 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-01 17:33 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 17:33 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-01 17:33 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-01 17:33 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-01 17:33 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-01 17:33 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-01 17:33 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-11-20 22:30 - 2015-11-12 19:39 - 00708912 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2014-11-20 22:30 - 2015-11-12 19:39 - 00854320 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2015-07-17 18:34 - 2015-07-17 18:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 00103888 _____ () D:\Programme\Avast\log.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 00125512 _____ () D:\Programme\Avast\JsonRpcServer.dll 2015-12-05 14:43 - 2015-12-05 14:43 - 02803200 _____ () D:\Programme\Avast\defs\15120500\algo.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 00469008 _____ () D:\Programme\Avast\ffl2.dll 2015-08-07 11:58 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-08-07 11:58 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-08-07 11:58 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-08-07 11:58 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-04-07 19:25 - 2015-11-12 19:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2008-08-28 16:53 - 2008-08-28 16:53 - 00073728 _____ () D:\Programme\Adobe\Adobe Bridge CS4\Symlib.dll 2008-08-28 16:47 - 2008-08-28 16:47 - 02748416 _____ () D:\Programme\Adobe\Adobe Bridge CS4\LIBMYSQLD.dll 2008-08-28 16:54 - 2008-08-28 16:54 - 00502272 _____ () D:\Programme\Adobe\Adobe Bridge CS4\AdobeXMPFiles.dll 2008-08-28 16:54 - 2008-08-28 16:54 - 00424960 _____ () D:\Programme\Adobe\Adobe Bridge CS4\AdobeXMP.dll 2008-08-28 16:54 - 2008-08-28 16:54 - 00891904 _____ () D:\Programme\Adobe\Adobe Bridge CS4\FileInfo.dll 2015-03-10 21:39 - 2015-11-27 14:06 - 50679920 _____ () C:\Users\Florian\AppData\Roaming\Spotify\libcef.dll 2015-03-10 21:39 - 2015-11-27 14:06 - 01882224 _____ () C:\Users\Florian\AppData\Roaming\Spotify\libglesv2.dll 2015-03-10 21:39 - 2015-11-27 14:06 - 00082544 _____ () C:\Users\Florian\AppData\Roaming\Spotify\libegl.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 40539648 _____ () D:\Programme\Avast\libcef.dll 2015-11-11 23:06 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll 2015-11-11 23:06 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll 2014-11-26 12:17 - 2012-10-01 18:53 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\hiddriver.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll 2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00024064 _____ () C:\Program Files (x86)\Raptr\win32pipe.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7866 mehr Seiten. IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{B53672C9-1522-4402-BDB8-95561B5D8CB4}] => (Allow) D:\Programme\Steam\Steam.exe FirewallRules: [{76363BEE-248A-4EBE-A279-B826AA290C89}] => (Allow) D:\Programme\Steam\Steam.exe FirewallRules: [{C2F1784C-36CE-4B04-86AD-860040F3C5F2}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe FirewallRules: [{64BD7FFE-8C40-4A33-9D99-952854062CEB}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{A28096FA-10F9-47D6-B24E-C33059558666}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{07613F22-3A97-4C55-A893-2515BBBEE63D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{2CB5AC22-7F36-4517-9B02-19212FDC64C5}C:\users\florian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\florian\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{98E1E5DC-D6D7-4430-895E-249876D6DB58}C:\users\florian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\florian\appdata\roaming\spotify\spotify.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: LogMeIn Hamachi Virtual Ethernet Adapter #2 Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/05/2015 03:56:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/05/2015 02:58:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/05/2015 02:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/05/2015 02:55:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2d84 Startzeit: 01d12f648cc098a1 Beendigungszeit: 3 Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe Berichts-ID: db5be769-9b57-11e5-835c-94de8078c2d4 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (12/05/2015 02:54:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: clover.exe, Version: 3.0.406.0, Zeitstempel: 0x52e0f76d Name des fehlerhaften Moduls: clover.dll, Version: 3.0.406.0, Zeitstempel: 0x52e0f75f Ausnahmecode: 0x80000003 Fehleroffset: 0x00106c90 ID des fehlerhaften Prozesses: 0x2a40 Startzeit der fehlerhaften Anwendung: 0xclover.exe0 Pfad der fehlerhaften Anwendung: clover.exe1 Pfad des fehlerhaften Moduls: clover.exe2 Berichtskennung: clover.exe3 Vollständiger Name des fehlerhaften Pakets: clover.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: clover.exe5 Error: (12/05/2015 02:48:48 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (3664) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032. Error: (12/05/2015 02:48:48 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (3664) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Error: (12/05/2015 02:48:38 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (3664) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032. Error: (12/05/2015 02:48:38 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (3664) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Error: (12/05/2015 02:48:27 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (3664) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032. Systemfehler: ============= Error: (12/05/2015 04:14:18 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/05/2015 04:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (12/05/2015 04:10:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/05/2015 04:10:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/05/2015 04:10:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Kontaktdaten_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/05/2015 04:10:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/05/2015 04:02:35 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/05/2015 03:56:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_Session1 erreicht. Error: (12/05/2015 03:56:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdatenspeicher _Session1 erreicht. Error: (12/05/2015 03:56:45 PM) (Source: DCOM) (EventID: 10010) (User: SN_1402860) Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz Prozentuale Nutzung des RAM: 22% Installierter physikalischer RAM: 16267.55 MB Verfügbarer physikalischer RAM: 12590.64 MB Summe virtueller Speicher: 18699.55 MB Verfügbarer virtueller Speicher: 14218.12 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:111.57 GB) (Free:37.47 GB) NTFS Drive d: () (Fixed) (Total:1863.02 GB) (Free:736.95 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: 7C9DF0AC) Partition: GPT. ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 7C9DF0A9) Partition: GPT. ==================== Ende von Addition.txt ============================ Geändert von fefl (05.12.2015 um 16:07 Uhr) |
05.12.2015, 16:28 | #2 |
| Watch4 Virus TDSSKiller:
__________________Code:
ATTFilter 16:19:59.0877 0x2254 TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04 16:19:59.0877 0x2254 UEFI system 16:20:03.0057 0x2254 ============================================================ 16:20:03.0057 0x2254 Current date / time: 2015/12/05 16:20:03.0057 16:20:03.0057 0x2254 SystemInfo: 16:20:03.0057 0x2254 16:20:03.0057 0x2254 OS Version: 10.0.10240 ServicePack: 0.0 16:20:03.0057 0x2254 Product type: Workstation 16:20:03.0057 0x2254 ComputerName: SN_1402860 16:20:03.0057 0x2254 UserName: Florian 16:20:03.0057 0x2254 Windows directory: C:\WINDOWS 16:20:03.0057 0x2254 System windows directory: C:\WINDOWS 16:20:03.0057 0x2254 Running under WOW64 16:20:03.0057 0x2254 Processor architecture: Intel x64 16:20:03.0057 0x2254 Number of processors: 4 16:20:03.0057 0x2254 Page size: 0x1000 16:20:03.0057 0x2254 Boot type: Normal boot 16:20:03.0057 0x2254 ============================================================ 16:20:03.0141 0x2254 KLMD registered as C:\WINDOWS\system32\drivers\99176134.sys 16:20:03.0252 0x2254 System UUID: {2C2DBCF6-2981-3690-FCA2-BEA1EF8710AC} 16:20:03.0630 0x2254 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:20:03.0630 0x2254 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:20:03.0641 0x2254 ============================================================ 16:20:03.0641 0x2254 \Device\Harddisk0\DR0: 16:20:03.0641 0x2254 GPT partitions: 16:20:03.0642 0x2254 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9C9821B9-9A4D-4228-BDED-EF84CCE6FFC3}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000 16:20:03.0642 0x2254 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6048C1F5-ABBC-4A74-94F1-C8B80D1DAB03}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000 16:20:03.0642 0x2254 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BDC1DBF5-2752-4350-A94A-342FF1117E61}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xDF22000 16:20:03.0642 0x2254 MBR partitions: 16:20:03.0642 0x2254 \Device\Harddisk1\DR1: 16:20:03.0642 0x2254 GPT partitions: 16:20:03.0642 0x2254 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8830645D-3521-4276-8440-A3D9243E77E0}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE8E08000 16:20:03.0642 0x2254 MBR partitions: 16:20:03.0642 0x2254 ============================================================ 16:20:03.0643 0x2254 C: <-> \Device\Harddisk0\DR0\Partition3 16:20:03.0676 0x2254 D: <-> \Device\Harddisk1\DR1\Partition1 16:20:03.0676 0x2254 ============================================================ 16:20:03.0676 0x2254 Initialize success 16:20:03.0676 0x2254 ============================================================ 16:20:11.0159 0x0a88 ============================================================ 16:20:11.0159 0x0a88 Scan started 16:20:11.0159 0x0a88 Mode: Manual; 16:20:11.0159 0x0a88 ============================================================ 16:20:11.0159 0x0a88 KSN ping started 16:20:13.0538 0x0a88 KSN ping finished: true 16:20:14.0015 0x0a88 ================ Scan system memory ======================== 16:20:14.0015 0x0a88 System memory - ok 16:20:14.0015 0x0a88 ================ Scan services ============================= 16:20:14.0049 0x0a88 1394ohci - ok 16:20:14.0051 0x0a88 3ware - ok 16:20:14.0054 0x0a88 ACPI - ok 16:20:14.0056 0x0a88 acpiex - ok 16:20:14.0060 0x0a88 acpipagr - ok 16:20:14.0063 0x0a88 AcpiPmi - ok 16:20:14.0065 0x0a88 acpitime - ok 16:20:14.0068 0x0a88 [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\WINDOWS\system32\drivers\adfs.sys 16:20:14.0070 0x0a88 adfs - ok 16:20:14.0088 0x0a88 [ 57A3B9A69F14414ACE12AFD6BA701773, E17FD004315B666E3A880C987A83A2B6C6156C3D6E9550AAC6F686348F7CE7AC ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe 16:20:14.0092 0x0a88 Adobe Version Cue CS4 - ok 16:20:14.0096 0x0a88 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:20:14.0097 0x0a88 AdobeARMservice - ok 16:20:14.0119 0x0a88 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:20:14.0123 0x0a88 AdobeFlashPlayerUpdateSvc - ok 16:20:14.0127 0x0a88 ADP80XX - ok 16:20:14.0133 0x0a88 AFD - ok 16:20:14.0135 0x0a88 agp440 - ok 16:20:14.0137 0x0a88 ahcache - ok 16:20:14.0139 0x0a88 AJRouter - ok 16:20:14.0144 0x0a88 ALG - ok 16:20:14.0148 0x0a88 [ D4AE4A75771DBD0EBF078685B76C4093, CBF41127608B0DE853C57445E6E0220305065762083C201C842EC277900649B5 ] amdiommu C:\WINDOWS\System32\drivers\amdkiomd.sys 16:20:14.0150 0x0a88 amdiommu - ok 16:20:14.0152 0x0a88 AmdK8 - ok 16:20:14.0155 0x0a88 [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd C:\WINDOWS\System32\drivers\amdkmafd.sys 16:20:14.0155 0x0a88 amdkmafd - ok 16:20:14.0159 0x0a88 [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys 16:20:14.0160 0x0a88 amdkmpfd - ok 16:20:14.0162 0x0a88 AmdPPM - ok 16:20:14.0164 0x0a88 amdsata - ok 16:20:14.0166 0x0a88 amdsbs - ok 16:20:14.0168 0x0a88 amdxata - ok 16:20:14.0171 0x0a88 AppID - ok 16:20:14.0173 0x0a88 AppIDSvc - ok 16:20:14.0177 0x0a88 Appinfo - ok 16:20:14.0187 0x0a88 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:20:14.0188 0x0a88 Apple Mobile Device Service - ok 16:20:14.0193 0x0a88 AppReadiness - ok 16:20:14.0196 0x0a88 AppXSvc - ok 16:20:14.0198 0x0a88 arcsas - ok 16:20:14.0201 0x0a88 [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys 16:20:14.0201 0x0a88 aswHwid - ok 16:20:14.0205 0x0a88 [ 82065730918234A15A3A7AD6153FF8F2, 8426FF72512F7C7456E9A648100BFD35AC43FA8C01F98493B036F78F13C1F2C8 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys 16:20:14.0206 0x0a88 aswMonFlt - ok 16:20:14.0212 0x0a88 [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys 16:20:14.0213 0x0a88 aswRdr - ok 16:20:14.0217 0x0a88 [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys 16:20:14.0218 0x0a88 aswRvrt - ok 16:20:14.0236 0x0a88 [ A428CC308673A5E74F91D92E4A2B205D, 0A768AA4BD1CD22B5181EDA692F7CB9A43F627BB4FFEEFBB8CBC77A45107A443 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys 16:20:14.0248 0x0a88 aswSnx - ok 16:20:14.0260 0x0a88 [ 5C0C4440A27074BBABC5D572DD29CA9B, 9545498B55994D427DB71F67B28C24804FECFE6BF225B24B067A7F0658429EDF ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys 16:20:14.0265 0x0a88 aswSP - ok 16:20:14.0270 0x0a88 [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys 16:20:14.0272 0x0a88 aswStm - ok 16:20:14.0279 0x0a88 [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys 16:20:14.0284 0x0a88 aswVmm - ok 16:20:14.0287 0x0a88 AsyncMac - ok 16:20:14.0289 0x0a88 atapi - ok 16:20:14.0293 0x0a88 AudioEndpointBuilder - ok 16:20:14.0295 0x0a88 Audiosrv - ok 16:20:14.0336 0x0a88 [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus D:\Programme\Avast\AvastSvc.exe 16:20:14.0339 0x0a88 avast! Antivirus - ok 16:20:14.0341 0x0a88 AvastVBoxSvc - ok 16:20:14.0344 0x0a88 AxInstSV - ok 16:20:14.0346 0x0a88 b06bdrv - ok 16:20:14.0349 0x0a88 BasicDisplay - ok 16:20:14.0351 0x0a88 BasicRender - ok 16:20:14.0354 0x0a88 bcmfn2 - ok 16:20:14.0357 0x0a88 BDESVC - ok 16:20:14.0361 0x0a88 Beep - ok 16:20:14.0386 0x0a88 [ 12A7660F0666033B98510A1C45EE0C34, 280350B3E960479A0CE4848916804950CF241846162955EB9D12E725CFF0ADD7 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 16:20:14.0401 0x0a88 BEService - ok 16:20:14.0404 0x0a88 BFE - ok 16:20:14.0407 0x0a88 BITS - ok 16:20:14.0417 0x0a88 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:20:14.0423 0x0a88 Bonjour Service - ok 16:20:14.0426 0x0a88 bowser - ok 16:20:14.0427 0x0a88 BrokerInfrastructure - ok 16:20:14.0429 0x0a88 Browser - ok 16:20:14.0432 0x0a88 BthAvrcpTg - ok 16:20:14.0435 0x0a88 BthHFEnum - ok 16:20:14.0437 0x0a88 bthhfhid - ok 16:20:14.0440 0x0a88 BthHFSrv - ok 16:20:14.0442 0x0a88 BTHMODEM - ok 16:20:14.0446 0x0a88 bthserv - ok 16:20:14.0448 0x0a88 buttonconverter - ok 16:20:14.0450 0x0a88 CapImg - ok 16:20:14.0452 0x0a88 cdfs - ok 16:20:14.0455 0x0a88 CDPSvc - ok 16:20:14.0457 0x0a88 cdrom - ok 16:20:14.0461 0x0a88 CertPropSvc - ok 16:20:14.0463 0x0a88 circlass - ok 16:20:14.0465 0x0a88 CLFS - ok 16:20:14.0467 0x0a88 ClipSVC - ok 16:20:14.0473 0x0a88 CmBatt - ok 16:20:14.0476 0x0a88 CNG - ok 16:20:14.0478 0x0a88 cnghwassist - ok 16:20:14.0491 0x0a88 CompositeBus - ok 16:20:14.0493 0x0a88 COMSysApp - ok 16:20:14.0495 0x0a88 condrv - ok 16:20:14.0498 0x0a88 CoreMessagingRegistrar - ok 16:20:14.0520 0x0a88 [ A6B9FD89353D6005DD74485F591F2A83, 1148FDAC0C4B01E9F7C925E22F0E13CA0ECA3DB8AE13F3303E99AB03D4E7B644 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe 16:20:14.0525 0x0a88 cphs - ok 16:20:14.0529 0x0a88 CryptSvc - ok 16:20:14.0531 0x0a88 dam - ok 16:20:14.0534 0x0a88 DcomLaunch - ok 16:20:14.0536 0x0a88 DcpSvc - ok 16:20:14.0538 0x0a88 defragsvc - ok 16:20:14.0541 0x0a88 DeviceAssociationService - ok 16:20:14.0543 0x0a88 DeviceInstall - ok 16:20:14.0545 0x0a88 DevQueryBroker - ok 16:20:14.0547 0x0a88 Dfsc - ok 16:20:14.0549 0x0a88 Dhcp - ok 16:20:14.0552 0x0a88 diagnosticshub.standardcollector.service - ok 16:20:14.0554 0x0a88 DiagTrack - ok 16:20:14.0557 0x0a88 disk - ok 16:20:14.0561 0x0a88 DmEnrollmentSvc - ok 16:20:14.0563 0x0a88 dmvsc - ok 16:20:14.0565 0x0a88 dmwappushservice - ok 16:20:14.0567 0x0a88 Dnscache - ok 16:20:14.0570 0x0a88 dot3svc - ok 16:20:14.0572 0x0a88 DPS - ok 16:20:14.0576 0x0a88 drmkaud - ok 16:20:14.0578 0x0a88 DsmSvc - ok 16:20:14.0580 0x0a88 DsSvc - ok 16:20:14.0583 0x0a88 DXGKrnl - ok 16:20:14.0585 0x0a88 Eaphost - ok 16:20:14.0587 0x0a88 ebdrv - ok 16:20:14.0589 0x0a88 EFS - ok 16:20:14.0593 0x0a88 EhStorClass - ok 16:20:14.0595 0x0a88 EhStorTcgDrv - ok 16:20:14.0597 0x0a88 embeddedmode - ok 16:20:14.0599 0x0a88 EntAppSvc - ok 16:20:14.0602 0x0a88 ErrDev - ok 16:20:14.0606 0x0a88 EventSystem - ok 16:20:14.0608 0x0a88 exfat - ok 16:20:14.0611 0x0a88 fastfat - ok 16:20:14.0613 0x0a88 Fax - ok 16:20:14.0615 0x0a88 fcvsc - ok 16:20:14.0617 0x0a88 fdc - ok 16:20:14.0619 0x0a88 fdPHost - ok 16:20:14.0622 0x0a88 FDResPub - ok 16:20:14.0624 0x0a88 fhsvc - ok 16:20:14.0626 0x0a88 FileCrypt - ok 16:20:14.0628 0x0a88 FileInfo - ok 16:20:14.0630 0x0a88 Filetrace - ok 16:20:14.0645 0x0a88 [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:20:14.0652 0x0a88 FLEXnet Licensing Service - ok 16:20:14.0675 0x0a88 [ 1C3FB052A0BB72EDAED90785C34D6EED, 5300A82D1A79EBA1768F545E73974E3B8CE189AB39CDF905BF42AFA2E497186B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 16:20:14.0687 0x0a88 FLEXnet Licensing Service 64 - ok 16:20:14.0690 0x0a88 flpydisk - ok 16:20:14.0693 0x0a88 FltMgr - ok 16:20:14.0695 0x0a88 FontCache - ok 16:20:14.0698 0x0a88 FontCache3.0.0.0 - ok 16:20:14.0700 0x0a88 FsDepends - ok 16:20:14.0702 0x0a88 Fs_Rec - ok 16:20:14.0704 0x0a88 fvevol - ok 16:20:14.0706 0x0a88 gagp30kx - ok 16:20:14.0709 0x0a88 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 16:20:14.0710 0x0a88 GEARAspiWDM - ok 16:20:14.0713 0x0a88 gencounter - ok 16:20:14.0715 0x0a88 genericusbfn - ok 16:20:14.0735 0x0a88 [ 5E42BDFF22707E577AD82BE4C43C3BCE, 4C0BBF6AAA7EB30A789D91A4F29726C2A6D941D457B59CF376EF96571F3E1BB4 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 16:20:14.0748 0x0a88 GfExperienceService - ok 16:20:14.0751 0x0a88 GPIOClx0101 - ok 16:20:14.0753 0x0a88 gpsvc - ok 16:20:14.0755 0x0a88 GpuEnergyDrv - ok 16:20:14.0762 0x0a88 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:20:14.0764 0x0a88 gupdate - ok 16:20:14.0767 0x0a88 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:20:14.0769 0x0a88 gupdatem - ok 16:20:14.0773 0x0a88 [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi C:\WINDOWS\system32\DRIVERS\Hamdrv.sys 16:20:14.0774 0x0a88 Hamachi - ok 16:20:14.0816 0x0a88 [ C0EF69A59C13D9204D1D70434AA3D00C, 56BD4F7C74B2A36665677C32F30C4E1839DB9AAAC82FFA4A2622B4D261D865F2 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 16:20:14.0845 0x0a88 Hamachi2Svc - ok 16:20:14.0852 0x0a88 HDAudBus - ok 16:20:14.0853 0x0a88 HidBatt - ok 16:20:14.0856 0x0a88 HidBth - ok 16:20:14.0860 0x0a88 hidi2c - ok 16:20:14.0864 0x0a88 hidinterrupt - ok 16:20:14.0866 0x0a88 HidIr - ok 16:20:14.0867 0x0a88 hidserv - ok 16:20:14.0869 0x0a88 HidUsb - ok 16:20:14.0903 0x0a88 [ 7D8A3C3D22CE3826693DC7E600EFC1D7, C7B4585BEBB9E0E3628D922859DA3BFE6CCC2612ED31C7FDCB541116483F3046 ] HiPatchService D:\Programme\Hi-Rez Studios\HiPatchService.exe 16:20:14.0903 0x0a88 HiPatchService - ok 16:20:14.0906 0x0a88 HomeGroupListener - ok 16:20:14.0909 0x0a88 HomeGroupProvider - ok 16:20:14.0912 0x0a88 HpSAMD - ok 16:20:14.0914 0x0a88 HTTP - ok 16:20:14.0916 0x0a88 hwpolicy - ok 16:20:14.0918 0x0a88 hyperkbd - ok 16:20:14.0920 0x0a88 HyperVideo - ok 16:20:14.0922 0x0a88 i8042prt - ok 16:20:14.0925 0x0a88 iaLPSSi_GPIO - ok 16:20:14.0927 0x0a88 iaLPSSi_I2C - ok 16:20:14.0941 0x0a88 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys 16:20:14.0949 0x0a88 iaStorA - ok 16:20:14.0953 0x0a88 iaStorAV - ok 16:20:14.0956 0x0a88 iaStorV - ok 16:20:14.0960 0x0a88 ibbus - ok 16:20:14.0966 0x0a88 [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe 16:20:14.0968 0x0a88 ICCS - ok 16:20:14.0971 0x0a88 icssvc - ok 16:20:14.0973 0x0a88 IEEtwCollectorService - ok 16:20:15.0080 0x0a88 [ 6FFC445E0D38C3C880125F2C201C9BC6, 488A427239B55394359751FCB8CBAEA8E2AE1CB2AE03C04590E7B8C80EF3F709 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys 16:20:15.0152 0x0a88 igfx - ok 16:20:15.0168 0x0a88 [ AC4F72ABB5ED596A0F3D9D1EDDC4B27C, F48BFF192B523709DEF64578EA7217EED59E2C1D2627E7BD54E59DABC25B8C36 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe 16:20:15.0175 0x0a88 igfxCUIService2.0.0.0 - ok 16:20:15.0178 0x0a88 IKEEXT - ok 16:20:15.0181 0x0a88 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys 16:20:15.0182 0x0a88 intaud_WaveExtensible - ok 16:20:15.0257 0x0a88 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys 16:20:15.0306 0x0a88 IntcAzAudAddService - ok 16:20:15.0322 0x0a88 [ B375D8686E1BD2B79C0F00E3868A8C3B, A15D99F04B69FB37ED3AC0C3BBA464BF6D6EB1873D4AE1062983120E3BD1C4DB ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 16:20:15.0328 0x0a88 IntcDAud - ok 16:20:15.0330 0x0a88 intelide - ok 16:20:15.0333 0x0a88 intelpep - ok 16:20:15.0335 0x0a88 intelppm - ok 16:20:15.0338 0x0a88 IoQos - ok 16:20:15.0340 0x0a88 IpFilterDriver - ok 16:20:15.0343 0x0a88 iphlpsvc - ok 16:20:15.0345 0x0a88 IPMIDRV - ok 16:20:15.0347 0x0a88 IPNAT - ok 16:20:15.0360 0x0a88 [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:20:15.0367 0x0a88 iPod Service - ok 16:20:15.0370 0x0a88 IRENUM - ok 16:20:15.0372 0x0a88 isapnp - ok 16:20:15.0375 0x0a88 iScsiPrt - ok 16:20:15.0378 0x0a88 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys 16:20:15.0379 0x0a88 iwdbus - ok 16:20:15.0381 0x0a88 kbdclass - ok 16:20:15.0384 0x0a88 kbdhid - ok 16:20:15.0386 0x0a88 kdnic - ok 16:20:15.0388 0x0a88 KeyIso - ok 16:20:15.0390 0x0a88 KSecDD - ok 16:20:15.0393 0x0a88 KSecPkg - ok 16:20:15.0394 0x0a88 ksthunk - ok 16:20:15.0397 0x0a88 KtmRm - ok 16:20:15.0399 0x0a88 LanmanServer - ok 16:20:15.0401 0x0a88 LanmanWorkstation - ok 16:20:15.0405 0x0a88 lfsvc - ok 16:20:15.0407 0x0a88 LicenseManager - ok 16:20:15.0409 0x0a88 lltdio - ok 16:20:15.0411 0x0a88 lltdsvc - ok 16:20:15.0413 0x0a88 lmhosts - ok 16:20:15.0422 0x0a88 [ D6BF6FD055BD719F3D62E51B90857159, A7777D18E404164B4DA531AD94D2A712D9CC6A9288795B7388037752A558E96F ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe 16:20:15.0427 0x0a88 LMIGuardianSvc - ok 16:20:15.0431 0x0a88 LSI_SAS - ok 16:20:15.0433 0x0a88 LSI_SAS2i - ok 16:20:15.0435 0x0a88 LSI_SAS3i - ok 16:20:15.0436 0x0a88 LSI_SSS - ok 16:20:15.0439 0x0a88 LSM - ok 16:20:15.0441 0x0a88 luafv - ok 16:20:15.0444 0x0a88 MapsBroker - ok 16:20:15.0448 0x0a88 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 16:20:15.0449 0x0a88 MBAMProtector - ok 16:20:15.0474 0x0a88 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe 16:20:15.0491 0x0a88 MBAMScheduler - ok 16:20:15.0512 0x0a88 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 16:20:15.0525 0x0a88 MBAMService - ok 16:20:15.0533 0x0a88 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 16:20:15.0535 0x0a88 MBAMSwissArmy - ok 16:20:15.0540 0x0a88 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys 16:20:15.0541 0x0a88 MBAMWebAccessControl - ok 16:20:15.0549 0x0a88 [ E1C4AE452E1F6C6571CE5F8A6937EAF4, CB3C89BD5C6C0197A033C8A6B834FD3326728BA5D7364E64AE2E8F42AAD91D23 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe 16:20:15.0553 0x0a88 McComponentHostService - ok 16:20:15.0556 0x0a88 megasas - ok 16:20:15.0558 0x0a88 megasr - ok 16:20:15.0562 0x0a88 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys 16:20:15.0563 0x0a88 MEIx64 - ok 16:20:15.0604 0x0a88 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 16:20:15.0605 0x0a88 Microsoft Office Groove Audit Service - ok 16:20:15.0608 0x0a88 mlx4_bus - ok 16:20:15.0610 0x0a88 MMCSS - ok 16:20:15.0612 0x0a88 Modem - ok 16:20:15.0614 0x0a88 monitor - ok 16:20:15.0616 0x0a88 mouclass - ok 16:20:15.0618 0x0a88 mouhid - ok 16:20:15.0621 0x0a88 mountmgr - ok 16:20:15.0625 0x0a88 mpsdrv - ok 16:20:15.0627 0x0a88 MpsSvc - ok 16:20:15.0629 0x0a88 MRxDAV - ok 16:20:15.0630 0x0a88 mrxsmb - ok 16:20:15.0632 0x0a88 mrxsmb10 - ok 16:20:15.0635 0x0a88 mrxsmb20 - ok 16:20:15.0637 0x0a88 MsBridge - ok 16:20:15.0639 0x0a88 MSDTC - ok 16:20:15.0646 0x0a88 Msfs - ok 16:20:15.0649 0x0a88 msgpiowin32 - ok 16:20:15.0650 0x0a88 mshidkmdf - ok 16:20:15.0652 0x0a88 mshidumdf - ok 16:20:15.0654 0x0a88 msisadrv - ok 16:20:15.0657 0x0a88 MSiSCSI - ok 16:20:15.0659 0x0a88 msiserver - ok 16:20:15.0661 0x0a88 MSKSSRV - ok 16:20:15.0663 0x0a88 MsLldp - ok 16:20:15.0665 0x0a88 MSPCLOCK - ok 16:20:15.0667 0x0a88 MSPQM - ok 16:20:15.0669 0x0a88 MsRPC - ok 16:20:15.0672 0x0a88 mssmbios - ok 16:20:15.0674 0x0a88 MSTEE - ok 16:20:15.0677 0x0a88 MTConfig - ok 16:20:15.0680 0x0a88 Mup - ok 16:20:15.0682 0x0a88 mvumis - ok 16:20:15.0685 0x0a88 NativeWifiP - ok 16:20:15.0695 0x0a88 [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 16:20:15.0701 0x0a88 NAUpdate - ok 16:20:15.0704 0x0a88 NcaSvc - ok 16:20:15.0706 0x0a88 NcbService - ok 16:20:15.0708 0x0a88 NcdAutoSetup - ok 16:20:15.0711 0x0a88 ndfltr - ok 16:20:15.0713 0x0a88 NDIS - ok 16:20:15.0716 0x0a88 NdisCap - ok 16:20:15.0718 0x0a88 NdisImPlatform - ok 16:20:15.0719 0x0a88 NdisTapi - ok 16:20:15.0721 0x0a88 Ndisuio - ok 16:20:15.0724 0x0a88 NdisVirtualBus - ok 16:20:15.0726 0x0a88 NdisWan - ok 16:20:15.0728 0x0a88 ndiswanlegacy - ok 16:20:15.0730 0x0a88 ndproxy - ok 16:20:15.0732 0x0a88 Ndu - ok 16:20:15.0734 0x0a88 NetBIOS - ok 16:20:15.0737 0x0a88 NetBT - ok 16:20:15.0739 0x0a88 Netlogon - ok 16:20:15.0742 0x0a88 Netman - ok 16:20:15.0744 0x0a88 netprofm - ok 16:20:15.0747 0x0a88 NetSetupSvc - ok 16:20:15.0751 0x0a88 NetTcpPortSharing - ok 16:20:15.0753 0x0a88 netvsc - ok 16:20:15.0757 0x0a88 NgcCtnrSvc - ok 16:20:15.0759 0x0a88 NgcSvc - ok 16:20:15.0761 0x0a88 NlaSvc - ok 16:20:15.0763 0x0a88 Npfs - ok 16:20:15.0766 0x0a88 npsvctrig - ok 16:20:15.0768 0x0a88 nsi - ok 16:20:15.0769 0x0a88 nsiproxy - ok 16:20:15.0772 0x0a88 NTFS - ok 16:20:15.0775 0x0a88 Null - ok 16:20:15.0780 0x0a88 [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys 16:20:15.0783 0x0a88 NVHDA - ok 16:20:15.0979 0x0a88 [ DC64CB97227915552607E46543E3AA07, 75B812C3CF1720B9E7122A485C6283E06D9159019BF981DC4038CA5ADF41EA11 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys 16:20:16.0103 0x0a88 nvlddmkm - ok 16:20:16.0146 0x0a88 [ 2CCD9A74A0F9C7605EAFA3F3AC8DC476, DEE95B0C0CA4525850E06AD3C1233A6C6E88D97EE874F83801686B87FD23F0BC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 16:20:16.0168 0x0a88 NvNetworkService - ok 16:20:16.0171 0x0a88 nvraid - ok 16:20:16.0174 0x0a88 nvstor - ok 16:20:16.0176 0x0a88 [ 2F61DB46C84CCBB5D9F75065A85D2173, 79049D42F0D82BD3C5A9C8231CF2F412B50C9E6483DB14F41CD48301D85C166C ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 16:20:16.0177 0x0a88 NvStreamKms - ok 16:20:16.0306 0x0a88 [ 6F5AC1C495DA6D19AF99A59DC44BC13F, 61E8C0C0B9EEEF6ADE86AD4BC8D43256A6B20AEEB43BBC3C44B3B6140544259F ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe 16:20:16.0397 0x0a88 NvStreamNetworkSvc - ok 16:20:16.0500 0x0a88 [ 73FA6B2DF3348AF05E1F98310854BD4F, F0B7CF54495C81EE4C8B44580E399F3B22E190CB553AC7BA8E2DC13A28477566 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe 16:20:16.0564 0x0a88 NvStreamSvc - ok 16:20:16.0583 0x0a88 [ C7C75E4D199802EFCE0BEC2F6F823E31, 97084D9D0711242DBBC06E96B52A926159DCA2EBB9199C542FB8013E31F989BE ] NvStUSB C:\WINDOWS\System32\drivers\nvstusb.sys 16:20:16.0589 0x0a88 NvStUSB - ok 16:20:16.0608 0x0a88 [ 12559BAED24D0FC17DB92D2B4150E6EB, 3DD5D19B4BCDBCE7B6B7600D91261C794E6479388E4C52D4BE62F2DC1F9EF5FD ] nvsvc C:\WINDOWS\system32\nvvsvc.exe 16:20:16.0623 0x0a88 nvsvc - ok 16:20:16.0627 0x0a88 [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys 16:20:16.0629 0x0a88 nvvad_WaveExtensible - ok 16:20:16.0631 0x0a88 nv_agp - ok 16:20:16.0640 0x0a88 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:20:16.0645 0x0a88 odserv - ok 16:20:16.0648 0x0a88 OneSyncSvc - ok 16:20:16.0736 0x0a88 [ 4F9FFCF12B6ED0B4DAC95427772C226E, 4A79AEC410ED1034366FAC1388FB29381EE6541AA17E3652BE86265D09541C56 ] Origin Client Service D:\Programme\Origin\OriginClientService.exe 16:20:16.0760 0x0a88 Origin Client Service - ok 16:20:16.0767 0x0a88 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:20:16.0770 0x0a88 ose - ok 16:20:16.0773 0x0a88 p2pimsvc - ok 16:20:16.0776 0x0a88 p2psvc - ok 16:20:16.0778 0x0a88 Parport - ok 16:20:16.0780 0x0a88 partmgr - ok 16:20:16.0782 0x0a88 PcaSvc - ok 16:20:16.0784 0x0a88 pci - ok 16:20:16.0786 0x0a88 pciide - ok 16:20:16.0788 0x0a88 pcmcia - ok 16:20:16.0790 0x0a88 pcw - ok 16:20:16.0794 0x0a88 pdc - ok 16:20:16.0796 0x0a88 PEAUTH - ok 16:20:16.0798 0x0a88 percsas2i - ok 16:20:16.0801 0x0a88 percsas3i - ok 16:20:16.0819 0x0a88 PerfHost - ok 16:20:16.0825 0x0a88 PimIndexMaintenanceSvc - ok 16:20:16.0830 0x0a88 pla - ok 16:20:16.0833 0x0a88 PlugPlay - ok 16:20:16.0835 0x0a88 PNRPAutoReg - ok 16:20:16.0837 0x0a88 PNRPsvc - ok 16:20:16.0839 0x0a88 PolicyAgent - ok 16:20:16.0842 0x0a88 Power - ok 16:20:16.0844 0x0a88 PptpMiniport - ok 16:20:16.0896 0x0a88 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 16:20:16.0930 0x0a88 PrintNotify - ok 16:20:16.0935 0x0a88 Processor - ok 16:20:16.0937 0x0a88 ProfSvc - ok 16:20:16.0939 0x0a88 Psched - ok 16:20:16.0941 0x0a88 QWAVE - ok 16:20:16.0943 0x0a88 QWAVEdrv - ok 16:20:16.0945 0x0a88 RasAcd - ok 16:20:16.0948 0x0a88 RasAgileVpn - ok 16:20:16.0950 0x0a88 RasAuto - ok 16:20:16.0951 0x0a88 Rasl2tp - ok 16:20:16.0954 0x0a88 RasMan - ok 16:20:16.0956 0x0a88 RasPppoe - ok 16:20:16.0959 0x0a88 RasSstp - ok 16:20:16.0961 0x0a88 rdbss - ok 16:20:16.0963 0x0a88 rdpbus - ok 16:20:16.0965 0x0a88 RDPDR - ok 16:20:16.0969 0x0a88 RdpVideoMiniport - ok 16:20:16.0971 0x0a88 rdyboost - ok 16:20:16.0973 0x0a88 ReFSv1 - ok 16:20:16.0977 0x0a88 RemoteAccess - ok 16:20:16.0979 0x0a88 RemoteRegistry - ok 16:20:16.0982 0x0a88 RetailDemo - ok 16:20:16.0984 0x0a88 RpcEptMapper - ok 16:20:16.0986 0x0a88 RpcLocator - ok 16:20:16.0988 0x0a88 RpcSs - ok 16:20:16.0993 0x0a88 rspndr - ok 16:20:16.0995 0x0a88 rt640x64 - ok 16:20:16.0997 0x0a88 s3cap - ok 16:20:16.0999 0x0a88 SamSs - ok 16:20:17.0001 0x0a88 sbp2port - ok 16:20:17.0003 0x0a88 SCardSvr - ok 16:20:17.0005 0x0a88 ScDeviceEnum - ok 16:20:17.0007 0x0a88 scfilter - ok 16:20:17.0010 0x0a88 Schedule - ok 16:20:17.0012 0x0a88 SCPolicySvc - ok 16:20:17.0019 0x0a88 [ 004C66464D8FE76D5DA78BE6777D61AF, 58B5C436798EEBBE7081D54B55B70DEB15331856802CD45E3FF8BDE794F06A27 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys 16:20:17.0023 0x0a88 sdbus - ok 16:20:17.0026 0x0a88 SDRSVC - ok 16:20:17.0057 0x0a88 [ 2100C3E7E1D060DE822677DDE41FCCCF, 82F645A981C91ABD237AA8DD730F4490EF566371946E56A498146B7C8FC3C44A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 16:20:17.0077 0x0a88 SDScannerService - ok 16:20:17.0081 0x0a88 sdstor - ok 16:20:17.0115 0x0a88 [ B89DF0D2410759A6C826C136AEBC2416, 5EF86212BE1E075B2B7E0783FDA6EB2CA6938546145428FC7B39EE9D5817F0B1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 16:20:17.0140 0x0a88 SDUpdateService - ok 16:20:17.0147 0x0a88 [ 6B4E097AD063AEED188629CB9A542602, 0342CD807ADD430E4EC14308464EB0E1BF74F95AD0D32356210A832E6C3FE6CF ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 16:20:17.0150 0x0a88 SDWSCService - ok 16:20:17.0153 0x0a88 seclogon - ok 16:20:17.0155 0x0a88 SENS - ok 16:20:17.0158 0x0a88 SensorDataService - ok 16:20:17.0161 0x0a88 SensorService - ok 16:20:17.0164 0x0a88 SensrSvc - ok 16:20:17.0166 0x0a88 SerCx - ok 16:20:17.0168 0x0a88 SerCx2 - ok 16:20:17.0170 0x0a88 Serenum - ok 16:20:17.0172 0x0a88 Serial - ok 16:20:17.0175 0x0a88 sermouse - ok 16:20:17.0180 0x0a88 SessionEnv - ok 16:20:17.0182 0x0a88 sfloppy - ok 16:20:17.0185 0x0a88 SharedAccess - ok 16:20:17.0187 0x0a88 ShellHWDetection - ok 16:20:17.0190 0x0a88 SiSRaid2 - ok 16:20:17.0192 0x0a88 SiSRaid4 - ok 16:20:17.0201 0x0a88 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:20:17.0204 0x0a88 SkypeUpdate - ok 16:20:17.0208 0x0a88 smphost - ok 16:20:17.0211 0x0a88 SmsRouter - ok 16:20:17.0214 0x0a88 SNMPTRAP - ok 16:20:17.0217 0x0a88 spaceport - ok 16:20:17.0219 0x0a88 SpbCx - ok 16:20:17.0236 0x0a88 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\WINDOWS\SysWOW64\speedfan.sys 16:20:17.0241 0x0a88 speedfan - ok 16:20:17.0244 0x0a88 Spooler - ok 16:20:17.0245 0x0a88 sppsvc - ok 16:20:17.0248 0x0a88 srv - ok 16:20:17.0250 0x0a88 srv2 - ok 16:20:17.0252 0x0a88 srvnet - ok 16:20:17.0256 0x0a88 SSDPSRV - ok 16:20:17.0258 0x0a88 SstpSvc - ok 16:20:17.0261 0x0a88 StateRepository - ok 16:20:17.0276 0x0a88 [ 5852D5FADD589643B6C1B5BE9D257A50, 38DC6CEB0AA6AF4FD046A9CF7571E345E52D30471E248E2B99FC6D5622257145 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 16:20:17.0286 0x0a88 Steam Client Service - ok 16:20:17.0296 0x0a88 [ F6EA204FFB05C2A491B2D29B9482B4FC, D7662D6B63AC205849782BA9BA916F6FEEB405A551AA3902B15DCF22EBA50125 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 16:20:17.0301 0x0a88 Stereo Service - ok 16:20:17.0303 0x0a88 stexstor - ok 16:20:17.0306 0x0a88 stisvc - ok 16:20:17.0308 0x0a88 storahci - ok 16:20:17.0311 0x0a88 storflt - ok 16:20:17.0313 0x0a88 stornvme - ok 16:20:17.0315 0x0a88 storqosflt - ok 16:20:17.0317 0x0a88 StorSvc - ok 16:20:17.0320 0x0a88 storufs - ok 16:20:17.0322 0x0a88 storvsc - ok 16:20:17.0325 0x0a88 svsvc - ok 16:20:17.0338 0x0a88 swenum - ok 16:20:17.0340 0x0a88 swprv - ok 16:20:17.0343 0x0a88 Synth3dVsc - ok 16:20:17.0345 0x0a88 SysMain - ok 16:20:17.0347 0x0a88 SystemEventsBroker - ok 16:20:17.0350 0x0a88 TabletInputService - ok 16:20:17.0352 0x0a88 TapiSrv - ok 16:20:17.0355 0x0a88 Tcpip - ok 16:20:17.0357 0x0a88 Tcpip6 - ok 16:20:17.0360 0x0a88 tcpipreg - ok 16:20:17.0365 0x0a88 tdx - ok 16:20:17.0367 0x0a88 terminpt - ok 16:20:17.0369 0x0a88 TermService - ok 16:20:17.0371 0x0a88 Themes - ok 16:20:17.0373 0x0a88 tiledatamodelsvc - ok 16:20:17.0376 0x0a88 TimeBroker - ok 16:20:17.0378 0x0a88 TPM - ok 16:20:17.0381 0x0a88 TrkWks - ok 16:20:17.0383 0x0a88 TrustedInstaller - ok 16:20:17.0386 0x0a88 TsUsbFlt - ok 16:20:17.0388 0x0a88 TsUsbGD - ok 16:20:17.0390 0x0a88 tunnel - ok 16:20:17.0392 0x0a88 uagp35 - ok 16:20:17.0395 0x0a88 UASPStor - ok 16:20:17.0397 0x0a88 UcmCx0101 - ok 16:20:17.0399 0x0a88 UcmUcsi - ok 16:20:17.0401 0x0a88 Ucx01000 - ok 16:20:17.0403 0x0a88 UdeCx - ok 16:20:17.0405 0x0a88 udfs - ok 16:20:17.0407 0x0a88 UEFI - ok 16:20:17.0410 0x0a88 Ufx01000 - ok 16:20:17.0412 0x0a88 UfxChipidea - ok 16:20:17.0417 0x0a88 ufxsynopsys - ok 16:20:17.0422 0x0a88 UI0Detect - ok 16:20:17.0424 0x0a88 uliagpkx - ok 16:20:17.0427 0x0a88 umbus - ok 16:20:17.0429 0x0a88 UmPass - ok 16:20:17.0432 0x0a88 UmRdpService - ok 16:20:17.0434 0x0a88 UnistoreSvc - ok 16:20:17.0439 0x0a88 upnphost - ok 16:20:17.0443 0x0a88 UrsChipidea - ok 16:20:17.0445 0x0a88 UrsCx01000 - ok 16:20:17.0447 0x0a88 UrsSynopsys - ok 16:20:17.0450 0x0a88 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys 16:20:17.0451 0x0a88 USBAAPL64 - ok 16:20:17.0453 0x0a88 usbccgp - ok 16:20:17.0456 0x0a88 usbcir - ok 16:20:17.0459 0x0a88 usbehci - ok 16:20:17.0461 0x0a88 usbhub - ok 16:20:17.0472 0x0a88 [ C08449092043601887A1743350888635, 5CD916649D2CD8823B89C9E7459AD76AA8E54D70B6D9F40AD4A41144E22ACBE0 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys 16:20:17.0479 0x0a88 USBHUB3 - ok 16:20:17.0482 0x0a88 usbohci - ok 16:20:17.0505 0x0a88 [ 538233FBBC748AA1D57B7B53F150DE9A, 2ACE7539E3A79D609DD11229708F7DB1822C36189844A40E2F4971766229039B ] USBPNPA C:\WINDOWS\system32\drivers\CM10864.sys 16:20:17.0520 0x0a88 USBPNPA - ok 16:20:17.0524 0x0a88 usbprint - ok 16:20:17.0526 0x0a88 usbser - ok 16:20:17.0528 0x0a88 USBSTOR - ok 16:20:17.0531 0x0a88 usbuhci - ok 16:20:17.0533 0x0a88 USBXHCI - ok 16:20:17.0536 0x0a88 UserDataSvc - ok 16:20:17.0542 0x0a88 UserManager - ok 16:20:17.0544 0x0a88 UsoSvc - ok 16:20:17.0546 0x0a88 VaultSvc - ok 16:20:17.0548 0x0a88 VBoxAswDrv - ok 16:20:17.0552 0x0a88 vdrvroot - ok 16:20:17.0554 0x0a88 vds - ok 16:20:17.0556 0x0a88 VerifierExt - ok 16:20:17.0559 0x0a88 vhdmp - ok 16:20:17.0561 0x0a88 vhf - ok 16:20:17.0563 0x0a88 vmbus - ok 16:20:17.0565 0x0a88 VMBusHID - ok 16:20:17.0567 0x0a88 vmicguestinterface - ok 16:20:17.0570 0x0a88 vmicheartbeat - ok 16:20:17.0573 0x0a88 vmickvpexchange - ok 16:20:17.0575 0x0a88 vmicrdv - ok 16:20:17.0577 0x0a88 vmicshutdown - ok 16:20:17.0579 0x0a88 vmictimesync - ok 16:20:17.0581 0x0a88 vmicvmsession - ok 16:20:17.0583 0x0a88 vmicvss - ok 16:20:17.0585 0x0a88 volmgr - ok 16:20:17.0589 0x0a88 volmgrx - ok 16:20:17.0591 0x0a88 volsnap - ok 16:20:17.0593 0x0a88 vpci - ok 16:20:17.0595 0x0a88 vsmraid - ok 16:20:17.0598 0x0a88 VSS - ok 16:20:17.0600 0x0a88 VSTXRAID - ok 16:20:17.0602 0x0a88 vwifibus - ok 16:20:17.0605 0x0a88 vwififlt - ok 16:20:17.0608 0x0a88 W32Time - ok 16:20:17.0610 0x0a88 WacomPen - ok 16:20:17.0613 0x0a88 WalletService - ok 16:20:17.0616 0x0a88 wanarp - ok 16:20:17.0618 0x0a88 wanarpv6 - ok 16:20:17.0620 0x0a88 wbengine - ok 16:20:17.0622 0x0a88 WbioSrvc - ok 16:20:17.0625 0x0a88 Wcmsvc - ok 16:20:17.0627 0x0a88 wcncsvc - ok 16:20:17.0629 0x0a88 WcsPlugInService - ok 16:20:17.0632 0x0a88 WdBoot - ok 16:20:17.0634 0x0a88 Wdf01000 - ok 16:20:17.0636 0x0a88 WdFilter - ok 16:20:17.0638 0x0a88 WdiServiceHost - ok 16:20:17.0640 0x0a88 WdiSystemHost - ok 16:20:17.0643 0x0a88 wdiwifi - ok 16:20:17.0645 0x0a88 WdNisDrv - ok 16:20:17.0648 0x0a88 WdNisSvc - ok 16:20:17.0652 0x0a88 WebClient - ok 16:20:17.0654 0x0a88 Wecsvc - ok 16:20:17.0656 0x0a88 WEPHOSTSVC - ok 16:20:17.0659 0x0a88 wercplsupport - ok 16:20:17.0662 0x0a88 WerSvc - ok 16:20:17.0664 0x0a88 wfpcapture - ok 16:20:17.0666 0x0a88 WFPLWFS - ok 16:20:17.0668 0x0a88 WiaRpc - ok 16:20:17.0671 0x0a88 WIMMount - ok 16:20:17.0672 0x0a88 WinDefend - ok 16:20:17.0677 0x0a88 WindowsTrustedRT - ok 16:20:17.0680 0x0a88 WindowsTrustedRTProxy - ok 16:20:17.0683 0x0a88 WinHttpAutoProxySvc - ok 16:20:17.0685 0x0a88 WinMad - ok 16:20:17.0690 0x0a88 Winmgmt - ok 16:20:17.0693 0x0a88 WinRM - ok 16:20:17.0698 0x0a88 WINUSB - ok 16:20:17.0700 0x0a88 WinVerbs - ok 16:20:17.0702 0x0a88 WlanSvc - ok 16:20:17.0705 0x0a88 wlidsvc - ok 16:20:17.0707 0x0a88 WmiAcpi - ok 16:20:17.0712 0x0a88 wmiApSrv - ok 16:20:17.0714 0x0a88 WMPNetworkSvc - ok 16:20:17.0717 0x0a88 Wof - ok 16:20:17.0720 0x0a88 workfolderssvc - ok 16:20:17.0723 0x0a88 wpcfltr - ok 16:20:17.0726 0x0a88 WPDBusEnum - ok 16:20:17.0728 0x0a88 WpdUpFltr - ok 16:20:17.0730 0x0a88 WpnService - ok 16:20:17.0733 0x0a88 ws2ifsl - ok 16:20:17.0735 0x0a88 wscsvc - ok 16:20:17.0737 0x0a88 WSearch - ok 16:20:17.0741 0x0a88 WSService - ok 16:20:17.0744 0x0a88 wuauserv - ok 16:20:17.0747 0x0a88 WudfPf - ok 16:20:17.0749 0x0a88 WUDFRd - ok 16:20:17.0752 0x0a88 wudfsvc - ok 16:20:17.0755 0x0a88 WUDFWpdFs - ok 16:20:17.0758 0x0a88 WUDFWpdMtp - ok 16:20:17.0760 0x0a88 WwanSvc - ok 16:20:17.0763 0x0a88 XblAuthManager - ok 16:20:17.0766 0x0a88 XblGameSave - ok 16:20:17.0768 0x0a88 xboxgip - ok 16:20:17.0771 0x0a88 XboxNetApiSvc - ok 16:20:17.0775 0x0a88 xinputhid - ok 16:20:17.0777 0x0a88 ================ Scan global =============================== 16:20:17.0787 0x0a88 [ Global ] - ok 16:20:17.0787 0x0a88 ================ Scan MBR ================================== 16:20:17.0789 0x0a88 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 16:20:17.0794 0x0a88 \Device\Harddisk0\DR0 - ok 16:20:17.0796 0x0a88 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 16:20:17.0799 0x0a88 \Device\Harddisk1\DR1 - ok 16:20:17.0800 0x0a88 ================ Scan VBR ================================== 16:20:17.0801 0x0a88 [ 7AD42DD26B172EDB8FCD00D07CBAC239 ] \Device\Harddisk0\DR0\Partition1 16:20:17.0802 0x0a88 \Device\Harddisk0\DR0\Partition1 - ok 16:20:17.0803 0x0a88 [ D5E5BE67AE084DF0D2D7228F0B894CAE ] \Device\Harddisk0\DR0\Partition2 16:20:17.0803 0x0a88 \Device\Harddisk0\DR0\Partition2 - ok 16:20:17.0805 0x0a88 [ 3D61297944DB6FF886D01E74BA051A03 ] \Device\Harddisk0\DR0\Partition3 16:20:17.0807 0x0a88 \Device\Harddisk0\DR0\Partition3 - ok 16:20:17.0808 0x0a88 [ 98F962453147190E3704B8D71070A215 ] \Device\Harddisk1\DR1\Partition1 16:20:17.0847 0x0a88 \Device\Harddisk1\DR1\Partition1 - ok 16:20:17.0847 0x0a88 ================ Scan generic autorun ====================== 16:20:18.0097 0x0a88 [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 16:20:18.0247 0x0a88 RTHDVCPL - ok 16:20:18.0267 0x0a88 [ BA5E62B4485B83737579749DCE43EE85, 49D82BF54DEFA2505F26AC7DBD5CEC7766E23CE24F5AC887564A8AE15BC99FEC ] C:\Windows\system32\igfxtray.exe 16:20:18.0273 0x0a88 IgfxTray - ok 16:20:18.0290 0x0a88 Cm108Sound - ok 16:20:18.0334 0x0a88 [ DD37DC13DF1224A8719208AE5CDE2B63, EA365A7358637C555D8CDEDD59BCA574C8B6EB8BB3C1B8790FEC7D76A37FC4AB ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 16:20:18.0364 0x0a88 NvBackend - ok 16:20:18.0368 0x0a88 ShadowPlay - ok 16:20:18.0372 0x0a88 [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe 16:20:18.0375 0x0a88 iTunesHelper - ok 16:20:18.0531 0x0a88 [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] D:\Programme\Avast\AvastUI.exe 16:20:18.0606 0x0a88 AvastUI.exe - ok 16:20:18.0625 0x0a88 [ E43A851F7B12DE589424D6C656155CFC, FD42172921C18D1BBDFC0C5CFFFD6D0534764D770E210CA3E1DF61A66A99BE62 ] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe 16:20:18.0632 0x0a88 AdobeCS4ServiceManager - ok 16:20:18.0707 0x0a88 [ 35FD33EAE23AF69715EE3231A9F15B82, C7351F3537F4B938E4E8A8A8DD59039298F9B09678A4BC09B2A362DC4B25E2C0 ] D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 16:20:18.0709 0x0a88 Adobe Acrobat Speed Launcher - ok 16:20:18.0713 0x0a88 OneDriveSetup - ok 16:20:18.0716 0x0a88 OneDriveSetup - ok 16:20:18.0825 0x0a88 [ 5353A34090BABE3CD48B70569AF0DD12, A211D0B06DC05BFCBD13EBC71275C644B7616E95485ED8336DEFF257B7AE7E80 ] D:\Programme\Steam\steam.exe 16:20:18.0858 0x0a88 Steam - ok 16:20:18.0980 0x238c Object required for P2P: [ 6F5AC1C495DA6D19AF99A59DC44BC13F ] NvStreamNetworkSvc 16:20:19.0109 0x0a88 [ 374878A85C70346867BCC80496F03354, 310F71D26914D939665F4197BE844A7A38C0565357F97158E6855FAFEFC3F7DE ] D:\Programme\Adobe\Adobe Bridge CS4\Bridge.exe 16:20:19.0251 0x0a88 AdobeBridge - ok 16:20:19.0302 0x0a88 [ A1BAEE2F2AA71318D08A81EB1AE60F1F, 8CEE7310553205E2047B2168CA7C578FBD80B403D644EC3E2DE7E4CECC9717FC ] C:\Users\Florian\AppData\Roaming\Spotify\SpotifyWebHelper.exe 16:20:19.0327 0x0a88 Spotify Web Helper - ok 16:20:19.0466 0x0a88 [ 47DBCC66CF9A3DCEF2D42051431160D3, 5E99CB8333471E80590AED8CA139EF859AD617D1C7BD9406913A86016DCA08F6 ] C:\Program Files\CCleaner\CCleaner64.exe 16:20:19.0556 0x0a88 CCleaner Monitoring - ok 16:20:19.0582 0x0a88 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe 16:20:19.0593 0x0a88 SpybotPostWindows10UpgradeReInstall - ok 16:20:19.0606 0x0a88 [ 9F2ECA252720B25E8FEC1CAB2984B98D, 476EE2929901CD43F15869B763376393AA0942A3B934532055E037C6DCE3CD2D ] C:\Users\Florian\AppData\Local\Microsoft\OneDrive\OneDrive.exe 16:20:19.0612 0x0a88 OneDrive - ok 16:20:19.0614 0x0a88 Skype - ok 16:20:19.0766 0x0a88 [ E9D5B153D89878EA4A0A73DB229649F9, DB19A242CDA809BA53EBA0577244B1678A5B2689EC1CA26B6F3707E171D5A893 ] C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe 16:20:19.0854 0x0a88 Spotify - ok 16:20:19.0867 0x0a88 Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok 16:20:19.0871 0x0a88 Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 - ok 16:20:19.0875 0x0a88 Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok 16:20:19.0879 0x0a88 Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok 16:20:19.0880 0x0a88 Waiting for KSN requests completion. In queue: 34 16:20:20.0881 0x0a88 Waiting for KSN requests completion. In queue: 34 16:20:21.0524 0x238c Object send P2P result: true 16:20:21.0527 0x238c Object required for P2P: [ 73FA6B2DF3348AF05E1F98310854BD4F ] NvStreamSvc 16:20:21.0882 0x0a88 Waiting for KSN requests completion. In queue: 33 16:20:22.0246 0x1ba8 Object required for P2P: [ 12559BAED24D0FC17DB92D2B4150E6EB ] nvsvc 16:20:22.0883 0x0a88 Waiting for KSN requests completion. In queue: 33 16:20:23.0884 0x0a88 Waiting for KSN requests completion. In queue: 33 16:20:23.0998 0x238c Object send P2P result: true 16:20:24.0783 0x1ba8 Object send P2P result: true 16:20:24.0790 0x1ba8 Object required for P2P: [ 8A312D5764B4FC4C55CEDDEED4652CF1 ] D:\Programme\Avast\AvastUI.exe 16:20:24.0884 0x0a88 Waiting for KSN requests completion. In queue: 10 16:20:25.0885 0x0a88 Waiting for KSN requests completion. In queue: 10 16:20:26.0885 0x0a88 Waiting for KSN requests completion. In queue: 10 16:20:27.0355 0x1ba8 Object send P2P result: true 16:20:27.0355 0x1ba8 Object required for P2P: [ 5353A34090BABE3CD48B70569AF0DD12 ] D:\Programme\Steam\steam.exe 16:20:27.0886 0x0a88 Waiting for KSN requests completion. In queue: 7 16:20:28.0887 0x0a88 Waiting for KSN requests completion. In queue: 7 16:20:29.0806 0x1ba8 Object send P2P result: true 16:20:29.0806 0x1ba8 Object required for P2P: [ A1BAEE2F2AA71318D08A81EB1AE60F1F ] C:\Users\Florian\AppData\Roaming\Spotify\SpotifyWebHelper.exe 16:20:29.0888 0x0a88 Waiting for KSN requests completion. In queue: 5 16:20:30.0888 0x0a88 Waiting for KSN requests completion. In queue: 5 16:20:31.0889 0x0a88 Waiting for KSN requests completion. In queue: 5 16:20:32.0252 0x1ba8 Object send P2P result: true 16:20:32.0252 0x1ba8 Object required for P2P: [ E9D5B153D89878EA4A0A73DB229649F9 ] C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe 16:20:32.0889 0x0a88 Waiting for KSN requests completion. In queue: 1 16:20:33.0890 0x0a88 Waiting for KSN requests completion. In queue: 1 16:20:34.0741 0x1ba8 Object send P2P result: true 16:20:34.0942 0x0a88 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated ) 16:20:34.0962 0x0a88 AV detected via SS2: avast! Antivirus, D:\Programme\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated ) 16:20:34.0980 0x0a88 Win FW state via NFP2: enabled ( trusted ) 16:20:37.0638 0x0a88 ============================================================ 16:20:37.0638 0x0a88 Scan finished 16:20:37.0638 0x0a88 ============================================================ 16:20:37.0661 0x2ac0 Detected object count: 0 16:20:37.0661 0x2ac0 Actual detected object count: 0 16:21:39.0981 0x2220 Deinitialize success |
05.12.2015, 16:44 | #3 |
/// the machine /// TB-Ausbilder | Watch4 Virus hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
06.12.2015, 11:40 | #4 |
| Watch4 Virus mbar Lauf 1: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.12.05.03 rootkit: v2015.11.26.01 Windows 10 x64 NTFS Internet Explorer 11.0.10240.16590 Florian :: SN_1402860 [administrator] 05.12.2015 16:51:51 mbar-log-2015-12-05 (16-51-51).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 395615 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Für den zweiten Lauf benötigt er einen DDA Driver und möchte den PC neustarten, was er aber nicht macht. Nun hat auch der zweite Lauf funktioniert. Wieder kein Cleanup. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.12.06.02 rootkit: v2015.11.26.01 Windows 10 x64 NTFS Internet Explorer 11.0.10240.16590 Florian :: SN_1402860 [administrator] 06.12.2015 10:39:09 mbar-log-2015-12-06 (10-39-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 397184 Time elapsed: 9 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Geändert von fefl (05.12.2015 um 17:20 Uhr) |
07.12.2015, 16:07 | #5 |
/// the machine /// TB-Ausbilder | Watch4 Virus Nutzt Du Skype?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.12.2015, 18:39 | #6 |
| Watch4 Virus Ja ich nutze Skype täglich. Wie gefährlich ist denn dieser Virus? Muss ich meine Passwörter wechseln? Ich bin mir auch nicht sicher ob ich den Virus noch habe. Kann ich mich beruhigt in meinen Online Banking Account einloggen? Geändert von fefl (07.12.2015 um 17:51 Uhr) |
08.12.2015, 20:19 | #7 |
/// the machine /// TB-Ausbilder | Watch4 Virus Ja da passiert nix Änderung der Privatsphäre-Einstellungen (Häkchen entfernen) Bitte lade Dir von hier BlueLifeHosts editor herunter und entpacke die Datei auf Deinem Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.12.2015, 20:39 | #8 |
| Watch4 Virus Danke für die Hilfe, ich habe aber die Hostdatei selbst beartbeitet Ist mein Pc damit sauber? |
10.12.2015, 21:04 | #9 |
| Watch4 Virus Nochmal mbar und FRTS drüberlaufen lassen und die Logs posten? |
10.12.2015, 21:28 | #10 |
/// TB-Ausbilder | Watch4 Virus Servus, ich übernehme für schrauber, er hat gerade viel um die Ohren. Es geht so weiter: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
11.12.2015, 14:51 | #11 |
| Watch4 Virus Ok Danke fürs weiterhelfen. Zuerst der AdwCleaner Log: Code:
ATTFilter # AdwCleaner v5.024 - Bericht erstellt am 11/12/2015 um 14:21:13 # Aktualisiert am 07/12/2015 von Xplode # Datenbank : 2015-12-07.3 [Server] # Betriebssystem : Windows 10 Home (x64) # Benutzername : Florian - SN_1402860 # Gestartet von : C:\Users\Florian\Desktop\AdwCleaner_5.024.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** [-] Datei Gelöscht : C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.watch4.de_0.localstorage [-] Datei Gelöscht : C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.watch4.de_0.localstorage-journal ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** [-] [C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : minecraft-forge.en.softonic.com [-] [C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : www.yahoo.com [-] [C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : audacity.softonic.de ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [1474 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.12.2015 Suchlaufzeit: 14:33 Protokolldatei: mbar log2.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.11.03 Rootkit-Datenbank: v2015.12.07.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Florian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 398512 Abgelaufene Zeit: 8 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 10 Home x64 Ran by Florian (Administrator) on 11.12.2015 at 14:42:35,92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.12.2015 at 14:44:07,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015 durchgeführt von Florian (Administrator) auf SN_1402860 (11-12-2015 14:46:12) Gestartet von C:\Users\Florian\Desktop Geladene Profile: Florian (Verfügbare Profile: Florian) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) D:\Programme\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Hi-Rez Studios) D:\Programme\Hi-Rez Studios\HiPatchService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVAST Software) D:\Programme\Avast\AvastUI.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Users\Florian\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] () HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [7021880 2015-12-02] (AVAST Software) HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc) HKLM-x32\...\Run: [RoccatKonePureOptical] => C:\Program Files (x86)\ROCCAT\Kone Pure Optical Mouse\KonePureOpticalMonitor.exe [561152 2014-01-20] (ROCCAT GmbH) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Steam] => D:\Programme\Steam\steam.exe [3013200 2015-12-10] (Valve Corporation) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [AdobeBridge] => D:\Programme\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Spotify Web Helper] => C:\Users\Florian\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-11-27] (Spotify Ltd) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50143872 2015-11-17] (Skype Technologies S.A.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Run: [Spotify] => C:\Users\Florian\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-11-27] (Spotify Ltd) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\RunOnce: [Uninstall C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei [ ] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll [2015-12-02] (AVAST Software) ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll Keine Datei Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-17] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\..\Interfaces\{00b8752d-135d-4ff7-8453-242fedd2975c}: [NameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://de.yahoo.com?fr=hp-avast&type=prc265 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-26] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll [2015-12-02] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll => Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-26] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll [2015-12-02] (AVAST Software) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programme\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.1.5157423\npmathplugin.dll [2014-09-09] (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF FF Extension: Avast Online Security - D:\Programme\Avast\WebRep\FF [2015-12-02] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - D:\Programme\Avast\SafePrice\FF FF Extension: Avast SafePrice - D:\Programme\Avast\SafePrice\FF [2015-12-02] Chrome: ======= CHR HomePage: Default -> hxxps://de.yahoo.com?fr=hp-avast&type=prc265 CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://de.yahoo.com?fr=hp-avast&type=prc265" CHR Session Restore: Default -> ist aktiviert. CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => Keine Datei CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Keine Datei CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => Keine Datei CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Keine Datei CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Keine Datei CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Keine Datei CHR Profile: C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14] CHR Extension: (Google Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Battlefield Heroes) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-10-02] CHR Extension: (Adblock Plus) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05] CHR Extension: (Avast Online Security) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03] CHR Extension: (Plants vs Zombies) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-02-11] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Google Mail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-02] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [226440 2015-12-02] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-09-30] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation) R2 HiPatchService; D:\Programme\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [Datei ist nicht signiert] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.) S3 Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation) S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [2057736 2015-09-16] (Electronic Arts) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S3 AvastVBoxSvc; "D:\Programme\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 amdiommu; C:\Windows\System32\drivers\amdkiomd.sys [77312 2013-12-06] (Advanced Micro Devices, Inc.) S3 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-02] (AVAST Software) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S2 VBoxAswDrv; \??\D:\Programme\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-11 14:46 - 2015-12-11 14:46 - 00024908 _____ C:\Users\Florian\Desktop\FRST.txt 2015-12-11 14:44 - 2015-12-11 14:44 - 00000549 _____ C:\Users\Florian\Desktop\JRT.txt 2015-12-11 14:41 - 2015-12-11 14:41 - 00001186 _____ C:\Users\Florian\Desktop\mbar log2.txt 2015-12-11 14:41 - 2015-12-11 14:41 - 00001186 _____ C:\mbar log2.txt 2015-12-11 14:32 - 2015-12-11 14:32 - 00001333 _____ C:\Users\Florian\Downloads\auf2 (1).cpp 2015-12-11 14:32 - 2015-12-11 14:32 - 00000569 _____ C:\Users\Florian\Downloads\vektoren.cpp 2015-12-11 14:32 - 2015-12-11 14:32 - 00000529 _____ C:\Users\Florian\Downloads\skalarprodukt2.cpp 2015-12-11 14:32 - 2015-12-11 14:32 - 00000497 _____ C:\Users\Florian\Downloads\skalarprodukt.cpp 2015-12-11 14:32 - 2015-12-11 14:32 - 00000491 _____ C:\Users\Florian\Downloads\aufg1 (1).cpp 2015-12-11 14:29 - 2015-12-11 14:29 - 00001175 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-11 14:29 - 2015-12-11 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-11 14:29 - 2015-12-11 14:29 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-11 14:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-11 14:29 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-12-11 14:29 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-11 14:25 - 2015-12-11 14:29 - 22908888 _____ (Malwarebytes ) C:\Users\Florian\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-11 14:24 - 2015-12-11 14:24 - 00001556 _____ C:\Users\Florian\Desktop\AdwCleaner[C8].txt 2015-12-11 14:23 - 2015-12-11 14:23 - 00016148 _____ C:\WINDOWS\system32\SN_1402860_Florian_HistoryPrediction.bin 2015-12-11 14:19 - 2015-12-11 14:19 - 01738240 _____ C:\Users\Florian\Downloads\AdwCleaner_5.024.exe 2015-12-11 14:19 - 2015-12-11 14:19 - 01738240 _____ C:\Users\Florian\Desktop\AdwCleaner_5.024.exe 2015-12-11 13:49 - 2015-12-11 13:49 - 00000000 ___HD C:\OneDriveTemp 2015-12-10 19:47 - 2015-12-10 19:47 - 00034895 _____ C:\Users\Florian\Downloads\Regenbogen.nb 2015-12-10 19:31 - 2015-12-10 19:31 - 00000307 _____ C:\Users\Florian\Downloads\beispiel (1).cpp 2015-12-10 19:27 - 2015-12-10 19:27 - 00004896 _____ C:\Users\Florian\Downloads\beispiel.o 2015-12-10 19:27 - 2015-12-10 19:27 - 00001608 _____ C:\Users\Florian\Downloads\zeit.cpp 2015-12-10 19:27 - 2015-12-10 19:27 - 00000643 _____ C:\Users\Florian\Downloads\zeit.hpp 2015-12-10 19:27 - 2015-12-10 19:27 - 00000374 _____ C:\Users\Florian\Downloads\Makefile (1) 2015-12-10 19:20 - 2015-12-10 19:20 - 00000380 _____ C:\Users\Florian\Downloads\Makefile 2015-12-10 19:16 - 2015-12-10 19:16 - 00001332 _____ C:\Users\Florian\Downloads\integrate.cpp 2015-12-10 19:16 - 2015-12-10 19:16 - 00000939 _____ C:\Users\Florian\Downloads\resultate.cpp 2015-12-10 19:16 - 2015-12-10 19:16 - 00000349 _____ C:\Users\Florian\Downloads\beispiel.cpp 2015-12-10 19:16 - 2015-12-10 19:16 - 00000333 _____ C:\Users\Florian\Downloads\resultate.hpp 2015-12-09 17:54 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-09 17:54 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-09 17:54 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-09 17:54 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-09 17:54 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-09 17:54 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-09 17:54 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-09 17:54 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-09 17:54 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-09 17:54 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-09 17:54 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-09 17:54 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-09 17:54 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-09 17:54 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-09 17:54 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-09 17:54 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-09 17:54 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-09 17:54 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-09 17:54 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-09 17:54 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-09 17:54 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-09 17:54 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-09 17:54 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-09 17:54 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-09 17:54 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-09 17:54 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-09 17:54 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-09 17:54 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-09 17:54 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-09 17:54 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-09 17:54 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-09 17:54 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-09 17:54 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-09 17:54 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-09 17:54 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-09 17:54 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-09 17:54 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-09 17:54 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-09 17:54 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-09 17:54 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-09 17:54 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-09 17:54 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-09 17:54 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-09 17:54 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-09 17:54 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-09 17:54 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-09 17:54 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-09 17:54 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-09 17:54 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-09 17:54 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-09 17:54 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-09 17:54 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-09 17:54 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-09 17:54 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-09 17:54 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-09 17:54 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-09 17:54 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-09 17:54 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-09 17:54 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-09 17:54 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-09 17:54 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-09 17:54 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-09 17:54 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-09 17:54 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-09 17:54 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-09 17:54 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-09 17:54 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-09 17:54 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-09 17:54 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-09 17:54 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-09 17:54 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-09 17:54 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-09 17:54 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-09 17:54 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-09 17:54 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-09 17:54 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-09 17:54 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-09 17:54 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-09 17:54 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-09 17:54 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-08 20:37 - 2015-12-08 20:37 - 00000215 _____ C:\Users\Florian\Downloads\antiskypewerbung.zip 2015-12-08 20:35 - 2015-12-08 20:35 - 00508823 _____ C:\Users\Florian\Downloads\bl_hst_edit.zip 2015-12-07 19:32 - 2015-12-07 19:32 - 00014619 _____ C:\Users\Florian\Downloads\beispiel (1) 2015-12-07 19:32 - 2015-12-07 19:32 - 00014619 _____ C:\Users\Florian\Downloads\beispiel 2015-12-07 19:32 - 2015-12-07 19:32 - 00001333 _____ C:\Users\Florian\Downloads\auf2.cpp 2015-12-07 19:32 - 2015-12-07 19:32 - 00000491 _____ C:\Users\Florian\Downloads\aufg1.cpp 2015-12-06 11:00 - 2015-12-06 11:00 - 01736704 _____ C:\Users\Florian\Downloads\AdwCleaner_5.023.exe 2015-12-06 10:56 - 2015-12-06 10:56 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-05 16:51 - 2015-12-06 10:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-05 16:48 - 2015-12-05 16:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Florian\Downloads\mbar-1.09.3.1001.exe 2015-12-05 16:17 - 2015-12-11 14:46 - 00000000 ____D C:\FRST 2015-12-05 16:15 - 2015-12-05 16:17 - 02369024 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe 2015-12-05 16:15 - 2015-12-05 16:15 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Downloads\tdsskiller.exe 2015-12-05 16:14 - 2015-12-05 16:14 - 02369024 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe 2015-12-05 16:08 - 2015-12-11 14:44 - 00000000 ____D C:\Users\Florian\Desktop\Antivirenzeug 2015-12-05 16:08 - 2015-12-05 16:08 - 00050477 _____ C:\Users\Florian\Downloads\Defogger.exe 2015-12-05 15:55 - 2015-11-17 20:39 - 00450863 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151205-155503.backup 2015-12-05 14:25 - 2015-12-05 14:25 - 01599336 _____ (Malwarebytes) C:\Users\Florian\Desktop\JRT.exe 2015-12-02 21:18 - 2015-12-02 21:18 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-12-02 21:18 - 2015-12-02 21:18 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-11-29 00:39 - 2015-11-29 00:39 - 00877568 _____ C:\Users\Florian\Downloads\setup-x86_64.exe 2015-11-24 12:36 - 2015-11-24 12:36 - 00007606 _____ C:\Users\Florian\AppData\Local\Resmon.ResmonCfg 2015-11-24 12:29 - 2015-11-24 12:29 - 00006794 _____ C:\Users\Florian\Downloads\Brechungsgesetz.ggb 2015-11-24 12:29 - 2015-11-24 12:29 - 00006794 _____ C:\Users\Florian\Downloads\Brechungsgesetz (1).ggb 2015-11-24 12:28 - 2015-11-24 12:28 - 00000791 _____ C:\Users\Public\Desktop\GeoGebra.lnk 2015-11-24 12:28 - 2015-11-24 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5 2015-11-24 12:19 - 2015-11-24 12:27 - 50552792 _____ (International GeoGebra Institute) C:\Users\Florian\Downloads\GeoGebra-Windows-Installer-5-0-175-0.exe 2015-11-22 20:16 - 2015-11-22 20:16 - 00000819 _____ C:\Users\Public\Desktop\WarThunder.lnk 2015-11-22 20:16 - 2015-11-22 20:16 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2015-11-22 20:15 - 2015-11-22 20:16 - 05079176 _____ (Gaijin Entertainment ) C:\Users\Florian\Downloads\wt_launcher_1.0.1.571.exe 2015-11-21 19:23 - 2015-11-21 19:23 - 00002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2015-11-21 19:22 - 2015-12-11 13:52 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1D020E9A-2A23-4A20-ABD3-84517DE41149} 2015-11-21 19:22 - 2015-11-14 07:12 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-11-21 19:21 - 2015-11-16 04:54 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 37881976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 22345848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 18390832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 14844112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 13533608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 02496632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 01016544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00877688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00823232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00674096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00503416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00501056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00446584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00422752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00413816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00369456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00177600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-11-21 19:21 - 2015-11-16 04:54 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2015-11-21 18:31 - 2015-11-12 19:37 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2015-11-17 20:39 - 2015-11-17 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-11-17 20:39 - 2015-11-17 20:39 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-11-12 09:06 - 2015-11-12 09:07 - 00000725 _____ C:\Users\Florian\Desktop\musik.lnk 2015-11-11 18:03 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-11 18:03 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-11 18:03 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-11 18:03 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-11 18:03 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-11 18:03 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-11 18:03 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-11 18:03 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-11 18:03 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-11 18:03 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-11 18:03 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-11 18:03 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-11 18:03 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-11 18:03 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-11 18:03 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-11 18:03 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-11 18:03 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-11 18:03 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-11 18:03 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-11 18:03 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-11 18:03 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-11 18:03 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-11 18:03 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-11 18:03 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-11 18:03 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-11 18:03 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-11 18:03 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-11 18:03 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-11 18:03 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-11 18:03 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-11 18:03 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-11 18:03 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-11 18:03 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-11 18:03 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-11 18:03 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-11 18:03 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-11 18:02 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-11 18:02 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-11 18:02 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-11 18:02 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-11 18:02 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-11 14:45 - 2014-03-04 20:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-11 14:42 - 2014-03-17 13:44 - 00000000 __RDO C:\Users\Florian\SkyDrive 2015-12-11 14:31 - 2014-07-17 23:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-11 14:28 - 2015-08-07 01:34 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-11 14:28 - 2015-07-10 17:34 - 00771100 _____ C:\WINDOWS\system32\perfh007.dat 2015-12-11 14:28 - 2015-07-10 17:34 - 00153964 _____ C:\WINDOWS\system32\perfc007.dat 2015-12-11 14:28 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-11 14:26 - 2014-02-15 17:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Skype 2015-12-11 14:26 - 2014-02-12 19:27 - 00000000 ____D C:\Users\Florian\AppData\Local\Spotify 2015-12-11 14:26 - 2014-02-12 19:26 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Spotify 2015-12-11 14:24 - 2014-07-16 20:40 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Raptr 2015-12-11 14:23 - 2015-08-07 02:15 - 00000000 __SHD C:\Users\Florian\IntelGraphicsProfiles 2015-12-11 14:23 - 2015-08-07 01:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-12-11 14:23 - 2014-02-11 18:59 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-11 14:22 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-11 14:22 - 2014-02-10 12:14 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-11 14:21 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-11 14:21 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-12-11 14:21 - 2015-07-10 10:05 - 00000000 ____D C:\Windows 2015-12-11 14:21 - 2015-02-09 20:17 - 00000000 ____D C:\AdwCleaner 2015-12-11 14:12 - 2014-02-11 18:59 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-11 13:54 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-11 13:54 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-12-11 13:52 - 2014-02-11 18:50 - 00000000 ____D C:\Users\Florian\AppData\Local\Packages 2015-12-10 19:43 - 2015-11-06 20:19 - 00001791 _____ C:\Users\Florian\AppData\Roaming\gnuplot_history 2015-12-09 21:38 - 2015-08-07 02:18 - 00002393 _____ C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-09 19:03 - 2014-03-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-09 19:02 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-09 18:54 - 2014-08-28 15:14 - 00000000 ____D C:\Users\Florian\Documents\ProfileCache 2015-12-09 18:52 - 2014-08-28 15:14 - 00000000 ____D C:\Users\Florian\Documents\The Crew 2015-12-09 17:52 - 2015-05-10 15:31 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Telegram Desktop 2015-12-06 11:05 - 2014-02-11 19:59 - 00004242 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-12-06 10:58 - 2015-08-07 02:21 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-06 02:09 - 2014-02-11 18:50 - 00000000 ____D C:\Users\Florian\AppData\Local\VirtualStore 2015-12-05 22:38 - 2014-02-12 19:01 - 00000000 ____D C:\Users\Florian\AppData\Roaming\.minecraft 2015-12-05 17:04 - 2014-02-12 21:34 - 00000000 ____D C:\Users\Florian\AppData\Local\LogMeIn Hamachi 2015-12-05 16:02 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-12-05 14:50 - 2015-09-15 11:55 - 00000000 ____D C:\WINDOWS\Minidump 2015-12-05 14:50 - 2014-08-05 09:33 - 00000000 ____D C:\Users\Florian\AppData\Roaming\TS3Client 2015-12-04 15:06 - 2014-02-11 18:59 - 00004198 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-04 15:06 - 2014-02-11 18:59 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 21:34 - 2014-07-16 20:40 - 00000000 ____D C:\Program Files (x86)\Raptr 2015-12-02 21:18 - 2014-05-31 02:11 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-12-02 21:18 - 2014-02-11 19:59 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-12-01 22:12 - 2014-07-29 02:30 - 00000000 ____D C:\Users\Florian\AppData\Local\Battle.net 2015-12-01 01:32 - 2015-10-14 17:12 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-01 01:32 - 2015-10-01 18:14 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-30 17:50 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2015-11-29 00:20 - 2015-11-01 21:06 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Notepad++ 2015-11-27 21:19 - 2015-10-31 20:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 19:56 - 2014-06-07 21:24 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Audacity 2015-11-22 20:16 - 2014-02-12 04:44 - 00000000 ____D C:\Users\Florian\Documents\My Games 2015-11-21 22:58 - 2014-05-20 10:31 - 00000000 ____D C:\Users\Florian\AppData\Local\Arma 3 2015-11-21 19:23 - 2015-08-07 01:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-11-21 19:23 - 2014-11-20 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\LocalLow\EmieUserList 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\LocalLow\EmieSiteList 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\Local\EmieUserList 2015-11-21 19:22 - 2014-06-01 15:03 - 00000000 __SHD C:\Users\Florian\AppData\Local\EmieSiteList 2015-11-21 18:31 - 2014-11-20 22:30 - 00000000 ____D C:\Users\Florian\AppData\Local\NVIDIA Corporation 2015-11-21 16:33 - 2014-12-01 13:25 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-11-18 23:34 - 2014-02-15 17:42 - 00000000 ____D C:\ProgramData\Skype 2015-11-17 20:39 - 2015-08-04 18:23 - 00001979 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-11-17 11:32 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-17 07:27 - 2015-08-07 02:51 - 11228816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2015-11-16 04:54 - 2015-08-13 18:24 - 15839200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2015-11-16 04:54 - 2015-08-07 02:59 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2015-11-16 04:54 - 2015-08-07 02:59 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2015-11-16 04:54 - 2015-08-07 02:51 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 12870192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 03540544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2015-11-16 04:54 - 2015-08-07 02:51 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb 2015-11-15 22:17 - 2015-08-07 01:27 - 00000000 ____D C:\Users\Florian 2015-11-15 00:49 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-14 07:20 - 2015-08-07 02:57 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 02983216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-11-14 07:20 - 2015-08-07 02:57 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-11-14 07:20 - 2015-08-07 02:57 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-11-13 21:52 - 2015-04-22 10:52 - 00000000 ____D C:\Users\Florian\Desktop\Papa schicken 2015-11-12 19:37 - 2014-11-20 22:30 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-11-12 19:37 - 2014-11-20 22:30 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-11-12 19:37 - 2014-11-20 22:30 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-11-12 19:37 - 2014-11-20 22:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-11-11 18:22 - 2014-02-17 19:16 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-11 18:22 - 2014-02-17 19:16 - 00000000 ____D C:\WINDOWS\system32\MRT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-06 20:19 - 2015-12-10 19:43 - 0001791 _____ () C:\Users\Florian\AppData\Roaming\gnuplot_history 2015-11-24 12:36 - 2015-11-24 12:36 - 0007606 _____ () C:\Users\Florian\AppData\Local\Resmon.ResmonCfg 2015-08-07 01:26 - 2015-08-07 01:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-12-12 23:09 - 2014-12-12 23:09 - 0000093 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Einige Dateien in TEMP: ==================== C:\Users\Florian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-08 19:29 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015 durchgeführt von Florian (2015-12-11 14:46:29) Gestartet von C:\Users\Florian\Desktop Windows 10 Home (X64) (2015-08-07 01:15:39) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1274701302-3454042151-3049584581-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1274701302-3454042151-3049584581-503 - Limited - Disabled) Florian (S-1-5-21-1274701302-3454042151-3049584581-1001 - Administrator - Enabled) => C:\Users\Florian Gast (S-1-5-21-1274701302-3454042151-3049584581-501 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) A Game of Thrones version 1.0 (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 1.0 - AGOT TEAM) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated) Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Assassin's Creed(R) III v1.04 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.04 - Ubisoft) Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield Heroes (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward) Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland) Cartes du Ciel V3.10 (HKLM-x32\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.114.1010 - Electronic Arts Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.24.20150630 - Landesfinanzdirektion Thüringen) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Flixster (x32 Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Hidden GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.175.0 - International GeoGebra Institute) gnuplot 5.0 patchlevel 1 (HKLM-x32\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 5.0 patchlevel 1 - gnuplot development team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation) Keep Talking and Nobody Explodes (HKLM-x32\...\Steam App 341800) (Version: - Steel Crate Games) Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.1.0.3 - GOG.com) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.) Medal of Honor(TM) Multiplayer (HKLM-x32\...\Steam App 47830) (Version: - Electronic Arts) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.5.0.15 - GOG.com) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.00 - NVIDIA Corporation) NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation) NVIDIA Grafiktreiber 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version: - Moon Studios GmbH) Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{db19eca9-528e-475f-9260-e56831abfad0}) (Version: latest - ppy Pty Ltd) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) ROCCAT Kone Pure Optical Mouse Driver (HKLM-x32\...\{22D40E66-0D41-45A3-A8A1-90B8A38D9A68}) (Version: - Roccat GmbH) ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games) SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games) Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.19.3116.2 - Hi-Rez Studios) Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version: - City Interactive) Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Telegram Desktop version 0.9.13 (HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.13 - Telegram Messenger LLP) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.6.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com) Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft) USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: - ) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) War Thunder Launcher 1.0.1.571 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) WinZip 18.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. ) Wolfram Extras 10.0 (5157423) (HKLM\...\A-WIN-Extras 10.0.1 5157423_is1) (Version: 10.0.1 - Wolfram Research, Inc.) Wolfram Mathematica 10 (M-WIN-L 10.0.1 5157734) (HKLM\...\M-WIN-L 10.0.1 5157734_is1) (Version: 10.0.1 - Wolfram Research, Inc.) Worms Revolution (HKLM-x32\...\Steam App 200170) (Version: - Team17 Digital Ltd.) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Florian\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2015-12-06 14:37 - 00451105 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 rad.msn.com 127.0.0.1 live.rads.msn.com 127.0.0.1 ads1.msn.com 127.0.0.1 g.msn.com 127.0.0.1 a.ads2.msads.net 127.0.0.1 b.ads2.msads.net 127.0.0.1 ac3.msn.com 127.0.0.1 apps.skype.com 127.0.0.1 static.2mdn.net127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com Da befinden sich 15472 zusätzliche Einträge. ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0891CDAC-24AC-46E7-8ED5-846A0B9A888A} - System32\Tasks\{C85A94F3-3425-4FDC-8FD3-88A08CB3004F} => pcalua.exe -a "D:\Programme\Ubisoft\Ubisoft Game Launcher\Uplay.exe" -c uplay://uninstall/750 Task: {13C13C87-3E88-42DB-BE39-3CAF37A74C13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.) Task: {417D94CE-C13E-48DF-B1B0-921F7E6CE17E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {48B9DE0F-86F2-4A48-93BE-A2253FD4FB1C} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast\AvastEmUpdate.exe [2015-12-02] (AVAST Software) Task: {533FEC54-55B2-43DD-89CC-1BD0CF3D785E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {699FBD71-67AA-4CE0-89CE-07BB87C256AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {6B40E16E-BF63-4FA6-B632-E1B2D5E8687A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {716EA70A-EB53-4179-92F4-D443FE9C734F} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe Task: {73DE3684-E7BB-439B-B660-0A13D52FC0D5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {7416F2FE-447D-4268-837A-5CB1A40CFA75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {74EB9A21-8438-4F06-B8BD-54DE43A8C1FF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {77869D6C-AAB7-4765-B9A8-65239AF1F7D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {77F72D61-A4B1-4D83-B1D4-1CC7C2A8273F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {7FD65435-8EA9-43BC-B6AA-986743A05975} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.) Task: {8C4D05CD-062D-4D47-9544-AC49D1E2B5EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation) Task: {90E0189E-C667-4A6A-AC1A-EC9ADD436A2E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {9DD166C9-EE79-47BA-B2B5-A6BE0EF71CB4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {AE007107-8C7E-4E23-87CE-ECE3B57FD4CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {B98B0C8E-FCA4-45D8-B55F-B38405C48464} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {BFA285AC-0522-43E9-9318-C7E2FA860B31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {CACA0A95-0027-45A1-8D52-27D495484BAC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.) Task: {CF84F592-4DF8-465B-9611-B39FF9B10D49} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {D4179BD1-FC33-4FC0-B58D-04872762C5E5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG Task: {D9919C1C-2187-43A9-B87F-4F064462F91C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-08-07 02:19 - 2015-08-07 02:19 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-19 14:53 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-10-01 17:33 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 17:33 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-17 18:34 - 2015-07-17 18:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-10-01 17:33 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-09 17:54 - 2015-11-25 05:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-09 17:54 - 2015-11-25 05:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-09 17:54 - 2015-11-25 05:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-01 17:33 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 00103888 _____ () D:\Programme\Avast\log.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 00125512 _____ () D:\Programme\Avast\JsonRpcServer.dll 2015-12-11 13:53 - 2015-12-11 13:53 - 02803200 _____ () D:\Programme\Avast\defs\15121100\algo.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 00469008 _____ () D:\Programme\Avast\ffl2.dll 2015-08-07 11:58 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-08-07 11:58 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-08-07 11:58 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-08-07 11:58 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-12-02 21:18 - 2015-12-02 21:18 - 40539648 _____ () D:\Programme\Avast\libcef.dll 2015-04-07 19:25 - 2015-11-12 19:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7866 mehr Seiten. IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\...\123simsen.com -> www.123simsen.com Da befinden sich 7867 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{B53672C9-1522-4402-BDB8-95561B5D8CB4}] => (Allow) D:\Programme\Steam\Steam.exe FirewallRules: [{76363BEE-248A-4EBE-A279-B826AA290C89}] => (Allow) D:\Programme\Steam\Steam.exe FirewallRules: [{C2F1784C-36CE-4B04-86AD-860040F3C5F2}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe FirewallRules: [{64BD7FFE-8C40-4A33-9D99-952854062CEB}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{A28096FA-10F9-47D6-B24E-C33059558666}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{07613F22-3A97-4C55-A893-2515BBBEE63D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{2CB5AC22-7F36-4517-9B02-19212FDC64C5}C:\users\florian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\florian\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{98E1E5DC-D6D7-4430-895E-249876D6DB58}C:\users\florian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\florian\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{82DC9568-5231-409B-BCFA-7AAE65BD0A12}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{C6B3B9BE-0412-4F01-844F-1D68EB79498B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{BC0DF19B-E13C-46AD-BE65-9A1F4764240A}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_20\bin\javaw.exe FirewallRules: [UDP Query User{FD3845FE-0653-42C5-A0B5-7EEE40B347DD}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_20\bin\javaw.exe FirewallRules: [{D2B959A9-988C-4624-8E8B-9DDC80E2BF63}] => (Allow) D:\Programme\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{350C2C8F-32F3-4A92-AA9E-385FA9323A5C}] => (Allow) D:\Programme\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [TCP Query User{3A438703-0BAA-4A41-9F54-EE7087A78EBE}D:\programme\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe] => (Allow) D:\programme\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe FirewallRules: [UDP Query User{C31A2D83-864D-4CED-942A-D467E00C65A9}D:\programme\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe] => (Allow) D:\programme\ubisoft\ubisoft game launcher\games\far cry 4\bin\farcry4.exe FirewallRules: [TCP Query User{5BF353B2-9D94-48E2-A910-C0FDCD7745B7}D:\programme\ubisoft\ubisoft game launcher\games\the crew (worldwide)\thecrew.exe] => (Allow) D:\programme\ubisoft\ubisoft game launcher\games\the crew (worldwide)\thecrew.exe FirewallRules: [UDP Query User{EFC77169-B356-4D40-91ED-5A9457173EC1}D:\programme\ubisoft\ubisoft game launcher\games\the crew (worldwide)\thecrew.exe] => (Allow) D:\programme\ubisoft\ubisoft game launcher\games\the crew (worldwide)\thecrew.exe FirewallRules: [{DFA6A562-D4ED-4AAF-BC58-43F52625EC8A}] => (Allow) D:\Programme\Steam\SteamApps\common\Arma 3\arma3launcher.exe FirewallRules: [{7821E164-D18F-4B62-A942-3E2B72F19741}] => (Allow) D:\Programme\Steam\SteamApps\common\Arma 3\arma3launcher.exe FirewallRules: [{F1579E9B-129C-4654-927B-1869D207A5F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5967BBE6-F2F8-4EA0-AE42-622FCB4ABD19}] => (Allow) D:\Programme\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{3082FE88-D807-4D8C-8CE8-41DF26D86A95}] => (Allow) D:\Programme\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/10/2015 09:39:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/09/2015 10:07:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/08/2015 09:39:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/08/2015 08:37:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3028 Startzeit: 01d131efca861193 Beendigungszeit: 4 Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe Berichts-ID: 257283d0-9de3-11e5-8361-94de8078c2d4 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (12/08/2015 08:36:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 199c Startzeit: 01d131a7d3825118 Beendigungszeit: 5 Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe Berichts-ID: f9a766d6-9de2-11e5-8361-94de8078c2d4 Vollständiger Name des fehlerhaften Pakets: Auf das fehlerhafte Paket bezogene Anwendungs-ID: Error: (12/08/2015 05:54:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SN_1402860) Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (12/08/2015 03:12:21 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4352) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032. Error: (12/08/2015 03:12:21 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4352) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Error: (12/08/2015 03:12:11 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4352) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032. Error: (12/08/2015 03:12:11 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4352) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien. Systemfehler: ============= Error: (12/11/2015 02:42:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/11/2015 02:26:42 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (12/11/2015 02:26:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:26:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:25:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:25:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:25:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:25:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:25:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/11/2015 02:25:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz Prozentuale Nutzung des RAM: 15% Installierter physikalischer RAM: 16267.55 MB Verfügbarer physikalischer RAM: 13765.57 MB Summe virtueller Speicher: 18699.55 MB Verfügbarer virtueller Speicher: 16161.94 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:111.57 GB) (Free:33.48 GB) NTFS Drive d: () (Fixed) (Total:1863.02 GB) (Free:735.16 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: 7C9DF0AC) Partition: GPT. ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 7C9DF0A9) Partition: GPT. ==================== Ende von Addition.txt ============================ |
11.12.2015, 15:24 | #12 | ||||||||
/// TB-Ausbilder | Watch4 Virus Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: CHR HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG Task: {533FEC54-55B2-43DD-89CC-1BD0CF3D785E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {699FBD71-67AA-4CE0-89CE-07BB87C256AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {6B40E16E-BF63-4FA6-B632-E1B2D5E8687A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {73DE3684-E7BB-439B-B660-0A13D52FC0D5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {74EB9A21-8438-4F06-B8BD-54DE43A8C1FF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {77F72D61-A4B1-4D83-B1D4-1CC7C2A8273F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {90E0189E-C667-4A6A-AC1A-EC9ADD436A2E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {AE007107-8C7E-4E23-87CE-ECE3B57FD4CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {BFA285AC-0522-43E9-9318-C7E2FA860B31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {CF84F592-4DF8-465B-9611-B39FF9B10D49} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {D4179BD1-FC33-4FC0-B58D-04872762C5E5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank: Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
11.12.2015, 17:55 | #13 |
| Watch4 Virus Vielen Dank für die Hilfe Hier das Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015 durchgeführt von Florian (2015-12-11 17:51:06) Run:1 Gestartet von C:\Users\Florian\Desktop Geladene Profile: Florian (Verfügbare Profile: Florian) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: CHR HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG Task: {533FEC54-55B2-43DD-89CC-1BD0CF3D785E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {699FBD71-67AA-4CE0-89CE-07BB87C256AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {6B40E16E-BF63-4FA6-B632-E1B2D5E8687A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG Task: {73DE3684-E7BB-439B-B660-0A13D52FC0D5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG Task: {74EB9A21-8438-4F06-B8BD-54DE43A8C1FF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG Task: {77F72D61-A4B1-4D83-B1D4-1CC7C2A8273F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG Task: {90E0189E-C667-4A6A-AC1A-EC9ADD436A2E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG Task: {AE007107-8C7E-4E23-87CE-ECE3B57FD4CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG Task: {BFA285AC-0522-43E9-9318-C7E2FA860B31} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {CF84F592-4DF8-465B-9611-B39FF9B10D49} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {D4179BD1-FC33-4FC0-B58D-04872762C5E5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG EmptyTemp: end ***************** Prozess erfolgreich geschlossen. "HKU\S-1-5-21-1274701302-3454042151-3049584581-1001\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{533FEC54-55B2-43DD-89CC-1BD0CF3D785E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{533FEC54-55B2-43DD-89CC-1BD0CF3D785E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{699FBD71-67AA-4CE0-89CE-07BB87C256AA}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{699FBD71-67AA-4CE0-89CE-07BB87C256AA}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B40E16E-BF63-4FA6-B632-E1B2D5E8687A}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B40E16E-BF63-4FA6-B632-E1B2D5E8687A}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73DE3684-E7BB-439B-B660-0A13D52FC0D5}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73DE3684-E7BB-439B-B660-0A13D52FC0D5}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74EB9A21-8438-4F06-B8BD-54DE43A8C1FF}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74EB9A21-8438-4F06-B8BD-54DE43A8C1FF}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77F72D61-A4B1-4D83-B1D4-1CC7C2A8273F}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F72D61-A4B1-4D83-B1D4-1CC7C2A8273F}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90E0189E-C667-4A6A-AC1A-EC9ADD436A2E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90E0189E-C667-4A6A-AC1A-EC9ADD436A2E}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE007107-8C7E-4E23-87CE-ECE3B57FD4CF}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE007107-8C7E-4E23-87CE-ECE3B57FD4CF}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFA285AC-0522-43E9-9318-C7E2FA860B31}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA285AC-0522-43E9-9318-C7E2FA860B31}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF84F592-4DF8-465B-9611-B39FF9B10D49}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF84F592-4DF8-465B-9611-B39FF9B10D49}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4179BD1-FC33-4FC0-B58D-04872762C5E5}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4179BD1-FC33-4FC0-B58D-04872762C5E5}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt EmptyTemp: => 939.5 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 17:51:13 ==== |
11.12.2015, 20:25 | #14 |
/// TB-Ausbilder | Watch4 Virus Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Watch4 Virus |
abmelden, adresse, adresszeile, anti, button, dnsapi.dll, ebenfalls, ergebnisse, fehlermeldung, interne, internetverbindung, laptop, löschen, neuer, neustarten, nicht mehr, onedrive, robot, runter, skype, tab, thread, uplay, verbindung, virus, watch, watch4 virus, werbung, windows, wunder |