Browser Hijacker yoursites123.com - wie entfernen?

Redbull0329 · 14.12.2015, 20:24

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-12-2015
durchgeführt von Philipp (2015-12-14 20:19:57)
Gestartet von C:\Users\Philipp\Downloads
Windows 10 Home (X64) (2015-07-30 15:16:56)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4170469713-2190753842-1125926178-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4170469713-2190753842-1125926178-503 - Limited - Disabled)
Gast (S-1-5-21-4170469713-2190753842-1125926178-501 - Limited - Disabled)
Philipp (S-1-5-21-4170469713-2190753842-1125926178-1001 - Administrator - Enabled) => C:\Users\Philipp

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-4170469713-2190753842-1125926178-1001\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.6.2.40658 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.18.1035 - Bitdefender)
Bitdefender Internet Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.18.1037 - Bitdefender)
Bloodbath Kavkaz (HKLM-x32\...\Steam App 348020) (Version:  - Dagestan Technology)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Corsair Utility Engine (HKLM-x32\...\{791216E9-E76E-4C76-9C6E-C968A8C253D9}) (Version: 1.10.67 - Corsair)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo 6.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hacker Evolution (HKLM-x32\...\Steam App 70100) (Version:  - exosyphen studios)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.17 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6001.1043 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6001.1043 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1043 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6001.1043 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenIV (HKU\S-1-5-21-4170469713-2190753842-1125926178-1001\...\OpenIV) (Version: 2.6.4.646 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rainbow Six Siege - Closed Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-4170469713-2190753842-1125926178-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 7.3 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Philipp\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-07-30 17:09 - 2015-12-14 19:35 - 00001853 ____A C:\WINDOWS\system32\Drivers\etc\hosts



==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07B90955-7B9F-4851-968C-215EDB7C532C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {23E09CE4-A510-4607-A8FC-EB288E342FAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-12-11] (Microsoft Corporation)
Task: {278F4293-2545-4F9D-B4C9-B995BE6D1532} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {299CB8D4-2C2A-498D-8ADB-502E250038EB} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)
Task: {4B535349-E1C6-4791-8C00-00B26D03CDC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {5DF2764E-C7BF-4552-B404-DDC2958F82FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {6371C1E1-2B24-410B-9F32-E9D897D2AE1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2015-12-11] (Microsoft Corporation)
Task: {95FB1CD6-79AC-4850-A22B-9F739C2130B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-19] (Microsoft Corporation)
Task: {A9B2D110-3A3C-42E1-97D7-4C7FB6349220} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-19] (Microsoft Corporation)
Task: {A9B80965-C1AE-46FC-A72D-08DC2A1A434F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {E78F91C2-6A4C-4EF9-A31C-3CF1E41A67E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2015-12-11] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-30 16:44 - 2015-07-15 03:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-01 12:37 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2015-12-04 01:15 - 2015-12-04 01:15 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttpbr.mdl
2015-12-04 01:15 - 2015-12-04 01:15 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttpdsp.mdl
2015-12-04 01:15 - 2015-12-04 01:15 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttpph.mdl
2015-12-04 01:15 - 2015-12-04 01:15 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttprbl.mdl
2015-08-19 13:46 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-31 13:08 - 2015-08-26 19:47 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-12-11 17:39 - 2015-11-19 04:26 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-01 14:46 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 14:46 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 14:46 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-30 16:14 - 2015-11-05 16:08 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-09 19:38 - 2015-11-25 05:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 19:38 - 2015-11-25 05:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 19:38 - 2015-11-25 05:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:46 - 2015-09-17 06:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 17:45 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-31 11:57 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\syswow64\HsMgr.exe
2015-07-31 11:57 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2015-10-08 14:17 - 2015-11-12 19:39 - 00708912 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-10-08 14:17 - 2015-11-12 19:39 - 00854320 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-12-10 14:40 - 2015-12-10 14:40 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 14:40 - 2015-12-10 14:40 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-12-09 07:46 - 2015-12-09 07:46 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-09 07:45 - 2015-12-09 07:45 - 03492352 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-10-08 14:16 - 2015-11-12 19:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-08 20:48 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 20:48 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-07-31 11:57 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\UNi Xonar Audio\Customapp\VmixP8.dll
2015-07-30 16:37 - 2015-11-10 20:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-30 16:37 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-30 16:37 - 2015-12-10 21:11 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-30 16:37 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-30 16:37 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-30 16:37 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-30 16:37 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-30 16:37 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-30 16:37 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-30 16:37 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-30 16:37 - 2015-12-10 21:11 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-30 16:37 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-09-02 11:13 - 2015-12-02 01:03 - 01016832 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00028160 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00029696 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00256000 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00346112 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-07-30 16:45 - 2015-12-02 01:03 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-09-02 11:13 - 2015-12-02 01:03 - 00243200 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll
2015-08-04 23:07 - 2015-05-21 13:27 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2015-08-04 23:07 - 2015-11-05 12:26 - 01435240 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2015-12-13 11:12 - 2014-04-18 03:20 - 03378688 _____ () C:\Program Files\CyberGhost 5\data\xulrunner\mozjs.dll
2015-07-30 16:42 - 2015-12-02 01:03 - 50679920 _____ () C:\Users\Philipp\AppData\Roaming\Spotify\libcef.dll
2015-07-30 16:42 - 2015-12-02 01:03 - 01882224 _____ () C:\Users\Philipp\AppData\Roaming\Spotify\libglesv2.dll
2015-07-30 16:42 - 2015-12-02 01:03 - 00082544 _____ () C:\Users\Philipp\AppData\Roaming\Spotify\libegl.dll
2015-07-30 16:37 - 2015-11-17 01:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-28 18:11 - 2015-08-28 18:11 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2015-08-28 18:09 - 2015-08-28 18:09 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2015-08-28 18:09 - 2015-08-28 18:09 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2015-12-11 00:03 - 2015-12-14 11:04 - 00158720 _____ () C:\Users\Philipp\AppData\Local\Temp\sfareca00001.dll
2015-12-11 00:03 - 2015-12-14 11:04 - 00192512 _____ () C:\Users\Philipp\AppData\Local\Temp\sfamcc00001.dll
2015-07-03 06:09 - 2015-07-03 06:09 - 20930744 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 00:34 - 2015-03-17 00:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-07-03 06:09 - 2015-07-03 06:09 - 45080248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2015-12-08 20:48 - 2015-12-04 22:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Philipp\Desktop\hw64_506.exe:BDU
AlternateDataStreams: C:\Users\Philipp\Downloads\AdwCleaner_5.024.exe:BDU
AlternateDataStreams: C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe:BDU
AlternateDataStreams: C:\Users\Philipp\Downloads\KeyboardVisualizerVC 1.05.exe:BDU
AlternateDataStreams: C:\Users\Philipp\Downloads\NDP46-KB3045560-Web.exe:BDU
AlternateDataStreams: C:\Users\Philipp\Downloads\SpyHunter-installer.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4170469713-2190753842-1125926178-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Philipp\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{45cf0c9f-e8ba-4a7f-b112-1b506451cf43}.png
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C31CCCF5-D4A5-4B92-B324-5F69F7D1EFE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9948567-0519-4C90-A1A4-28B09485E1ED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{328FE4BF-CEF9-474C-9B7D-9DE5BE970960}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{15EEBD87-8DF2-48BB-8838-771FA50374B3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{4CBC0480-6332-47C1-B9E6-0CA7D2B4DD42}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BCACE126-4688-43B2-A42B-95BB83456EDD}C:\users\philipp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philipp\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{84A385D8-3D52-4ED2-928D-E46B09A7D372}D:\program files (x86)\war thunder\aces.exe] => (Allow) D:\program files (x86)\war thunder\aces.exe
FirewallRules: [UDP Query User{21816CEA-C4EF-4BE1-BB9B-B70CA4FEE059}D:\program files (x86)\war thunder\aces.exe] => (Allow) D:\program files (x86)\war thunder\aces.exe
FirewallRules: [{7904BC90-A8FF-432B-B3FB-CC24775BA5CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9493FF77-5477-42D9-98C6-51F049C5C940}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C3EC7BD5-C115-489B-B545-0C7CC5A9205C}] => (Allow) E:\Programme\Battlefield 4\bf4_x86.exe
FirewallRules: [{DABF8CEE-FE25-43A3-990A-D9562E421CA6}] => (Allow) E:\Programme\Battlefield 4\bf4_x86.exe
FirewallRules: [{9253C317-FC26-4D83-99A3-60F1D9CC0064}] => (Allow) E:\Programme\Battlefield 4\bf4.exe
FirewallRules: [{820A1E92-797E-4CAB-A677-06ADA96316E3}] => (Allow) E:\Programme\Battlefield 4\bf4.exe
FirewallRules: [{847D8D52-6644-45AD-9253-C54CE7C94BE3}] => (Allow) E:\SteamLibrary\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{961C8840-1C15-442A-935B-E6FE72882E67}] => (Allow) E:\SteamLibrary\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{FECEFC85-2458-4C7C-BDCA-A12716E7D8F3}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D08C9B5F-F967-4096-BD92-9F7ABE7BE1FE}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{480F2B8C-A448-41E2-9446-5E4945646BB5}D:\program files (x86)\rockstar games\gta v\gta5.exe] => (Allow) D:\program files (x86)\rockstar games\gta v\gta5.exe
FirewallRules: [UDP Query User{D9398D92-5515-4CA9-BFFB-7AF3981F451C}D:\program files (x86)\rockstar games\gta v\gta5.exe] => (Allow) D:\program files (x86)\rockstar games\gta v\gta5.exe
FirewallRules: [{951FE9B3-561C-4BD9-BEB2-0B5C4FC61753}] => (Allow) E:\Programme\Ubisoft\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{922C8F2C-1FAB-4E9A-95CF-0964045230EF}] => (Allow) E:\Programme\Ubisoft\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{A294B7FD-7CB0-40BE-882F-41798197C0DF}] => (Allow) E:\Programme\Ubisoft\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{EF949252-03BC-4778-854C-4677C4637DB4}] => (Allow) E:\Programme\Ubisoft\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{B07EA1C3-BBFD-4129-9A9B-E45DF25F3739}] => (Allow) E:\Programme\Ubisoft\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{B1054CA5-F4BE-4E11-A178-F0A62CDE80ED}] => (Allow) E:\Programme\Ubisoft\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{C34AEEB2-D9A9-4A12-9F4A-B8957846680A}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{7DBBA5C6-CD42-4297-AE43-7DABC4BD93A6}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{F78F822C-072D-4E50-819A-31A1E169C9C6}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{C2943677-B03F-41E7-BAC1-96AAF1DBA67D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [TCP Query User{F450EA15-0A6C-471A-BA69-A50DFEBC9CE4}E:\steamlibrary\steamapps\common\red orchestra 2\binaries\win32\rogame.exe] => (Allow) E:\steamlibrary\steamapps\common\red orchestra 2\binaries\win32\rogame.exe
FirewallRules: [UDP Query User{0F4DB4B9-0278-4440-AFAC-8A83BE24BA6F}E:\steamlibrary\steamapps\common\red orchestra 2\binaries\win32\rogame.exe] => (Allow) E:\steamlibrary\steamapps\common\red orchestra 2\binaries\win32\rogame.exe
FirewallRules: [TCP Query User{88E2CE57-2FDD-4E22-9ADB-DDAD5A437876}E:\steamlibrary\steamapps\common\the stanley parable\stanley.exe] => (Allow) E:\steamlibrary\steamapps\common\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{1600E8BC-6862-48CA-902D-ED962239228B}E:\steamlibrary\steamapps\common\the stanley parable\stanley.exe] => (Allow) E:\steamlibrary\steamapps\common\the stanley parable\stanley.exe
FirewallRules: [TCP Query User{4E1BD533-88D0-41D1-BC09-48B1FA2F743A}D:\program files (x86)\war thunder\launcher.exe] => (Allow) D:\program files (x86)\war thunder\launcher.exe
FirewallRules: [UDP Query User{5DF5411F-ED0A-4ED6-BEE0-53EF4D7B4251}D:\program files (x86)\war thunder\launcher.exe] => (Allow) D:\program files (x86)\war thunder\launcher.exe
FirewallRules: [{8B21CCB9-EFDC-4EE6-BB22-7BF733062D51}] => (Allow) E:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{DAA1E1BD-B6B5-4456-9C89-1BF2D21CE970}] => (Allow) E:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{97DAADB2-6718-4026-B7CD-975D048BD524}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{3242B6AF-5408-4CFC-9877-A9D317898856}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{A224DA0D-DAEB-4355-851E-40E1C2677B4F}] => (Allow) E:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E36AD41F-324B-4A05-9567-CA4038199160}] => (Allow) E:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{63D24425-B1D1-45A0-801A-E973961D4BC4}] => (Allow) E:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{87A5B8BD-6811-49EC-8DD3-851FC1BF82D5}] => (Allow) E:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{0CE9113B-B5FF-4185-8676-99AFD9558468}] => (Allow) E:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{064B6DF2-3C65-4852-8AEA-7C0798665778}] => (Allow) E:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{FB7BDCD6-258F-4D03-8A9D-3841C87E5442}] => (Allow) E:\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{701EEF98-5AFD-4CA2-BCD9-11EF825435D2}] => (Allow) E:\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{1E7BCDE9-4D4A-4559-A6BB-A4186F08B8D1}] => (Allow) E:\Programme\Ubisoft\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{A4B1DA04-19D5-48BC-851B-402A57DEEE42}] => (Allow) E:\Programme\Ubisoft\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{4FB5AF06-4D4E-4A63-93C5-85DBA053864C}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{6C2FDF79-646B-43B3-8DAB-2C2DA64F7C99}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{A0530DD0-06D4-45A6-8333-67D8DA8E3425}] => (Allow) E:\SteamLibrary\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{D342B72D-34B8-4D07-8569-3D65E5D81C34}] => (Allow) E:\SteamLibrary\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{8F3FBB03-1827-4D09-A62F-B655303BFE4A}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F1AF0BA-D828-4249-8D13-30DBB28884D0}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4B96B13-23A9-4184-93BE-D6E9CC067736}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9823FC22-FE23-4BA1-AB8F-47CC4024C9AA}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21BDC749-6C56-4FBA-A7E7-187F4B8F2CDF}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0688F1A1-65E7-4695-B9BA-1D213AE7F3CC}] => (Allow) C:\Users\Philipp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{73B809C4-D43D-45E5-9157-79BB7B13CE2D}] => (Allow) E:\Programme\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{B52AC790-BD14-4FE8-9592-6C8EC5C4DEA1}] => (Allow) E:\Programme\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{AA6281A4-097B-4F37-8E1F-E3F3FB3C020A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB3E3924-5E9F-4D8F-9C2E-26BD50D8F8E0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5C98B5E3-0B17-4988-B4E5-A2DAF7B62931}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3902AB21-0B78-4415-B88B-9D019A110930}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5AAF6307-9EE5-493F-AFB5-7A34E36F0A07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C0DF0787-E12F-4629-AAB2-29C0619BF2D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D69D743-BDC4-4CE5-92EB-CC9E4F6EF9D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{924EF213-C416-4E3D-8866-5CC16A7E913D}] => (Allow) E:\Programme\GTA 5\GTA5.exe
FirewallRules: [{CCC9AED4-1427-43D3-B028-F9966A004700}] => (Allow) E:\Programme\GTA 5\GTA5.exe
FirewallRules: [{FB8D369E-B4D9-4401-BAC8-1A0E1D5CEF70}] => (Allow) E:\Programme\GTA 5\GTA5.exe
FirewallRules: [{6C1CBC35-3449-4AA1-BE6E-50CF061017B6}] => (Allow) E:\Programme\GTA 5\GTA5.exe
FirewallRules: [{8716A849-D98F-43DB-92E2-3ACD4EF000F1}] => (Allow) E:\SteamLibrary\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{D30E12A9-01F5-4956-910F-723926B09E52}] => (Allow) E:\SteamLibrary\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{8F1DBBCE-4E15-4215-ADD5-C11FC24D1B7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{8FCC2077-CAA4-48DA-9A4F-24D8D0B96D49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{EF4F405B-5F93-4D10-B00C-0606FEBC66A5}] => (Allow) E:\Programme\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{21903DBD-40D6-4E36-8A05-6E7F97F85DD2}] => (Allow) E:\Programme\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{9A46D119-BA34-450D-ACF8-ACE66EF6BECA}] => (Allow) E:\Programme\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E78921E4-DCFC-4AEE-B28C-35CA2709F327}] => (Allow) E:\Programme\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{F4E4454A-1C47-4BDE-A21A-CD77BA69F406}] => (Allow) E:\Programme\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{6CE9509C-D95E-4BF6-BC9A-23F1685A281E}] => (Allow) E:\Programme\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{5DE2FD8B-43B0-42FE-B481-931006FDCA67}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6FA07783-D5DA-44FD-87C4-464E4DA0A93B}] => (Allow) LPort=2869
FirewallRules: [{08D48334-5E40-40E9-A9E9-36181E1FF7CA}] => (Allow) LPort=1900
FirewallRules: [{3A1B17F6-98EF-43BB-B5D1-13CA0DA6284E}] => (Allow) E:\SteamLibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{EC27722E-59D5-4705-B901-18E3890605AF}] => (Allow) E:\SteamLibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{AF49A56C-2FC1-4D59-88AF-8BF51770A188}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{6D1D3BAE-F1FC-4A47-A506-30C36A8C8A5C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F68865B2-FD9A-4E6E-ABAB-FE007ABDAAD3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2CF8B826-F4FD-493D-A438-00850EDE7611}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E0BC01D0-8723-49A4-AB5E-5C1DB9D0D770}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2A8BDE3B-0043-4BF9-A860-E2694C8E4C24}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2D26C1D9-CACC-4F49-A387-B33014D3AB17}] => (Allow) E:\Programme\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{AB25D4E9-E0D0-42F0-B270-DD1A8542CC89}] => (Allow) E:\Programme\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{A17F7ABB-F778-4781-A0AD-3BC5B42F7A32}] => (Allow) E:\SteamLibrary\steamapps\common\Hacker Evolution\HackerEvolution.exe
FirewallRules: [{5C2569F5-D4E0-4A14-961D-2F6F8F5FC71A}] => (Allow) E:\SteamLibrary\steamapps\common\Hacker Evolution\HackerEvolution.exe
FirewallRules: [{9BDADF26-451A-4597-965D-FC7FFD2E192A}] => (Allow) E:\SteamLibrary\steamapps\common\Hacker Evolution\HackerEvolutionModEditor.exe
FirewallRules: [{79B4627B-8057-46E7-B742-3055CBEEFE4E}] => (Allow) E:\SteamLibrary\steamapps\common\Hacker Evolution\HackerEvolutionModEditor.exe
FirewallRules: [{39FC7B8E-44F7-41CC-8662-D75BF25C820D}] => (Allow) E:\SteamLibrary\steamapps\common\Bloodbath Kavkaz\nw.exe
FirewallRules: [{4C2EE1EE-61F9-478B-A50B-315F5EC135F9}] => (Allow) E:\SteamLibrary\steamapps\common\Bloodbath Kavkaz\nw.exe
FirewallRules: [{42C1BBB5-49E5-4733-AC72-135CD2AC0AF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{574428CD-31D1-4E8E-966E-F2EDB73DA952}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{57F53975-B8D4-4560-8CEA-ADEF3843A6EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E4EFC3DF-62C6-4D63-9B42-5D3283407CA3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CCBFE4F5-154C-4898-B76F-52FA559B1FC5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BCBFECDA-B280-46BC-9989-76769D15F886}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4F41D938-0619-46D0-AFA5-49B8D09959D7}] => (Allow) E:\SteamLibrary\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{F1731E2B-33D8-4682-A267-F23F4C1EA323}] => (Allow) E:\SteamLibrary\steamapps\common\DiRT Rally\drt.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/14/2015 07:32:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

Error: (12/14/2015 12:35:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ET8PTI7)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/14/2015 11:13:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-ET8PTI7)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/14/2015 11:11:46 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/14/2015 11:01:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-ET8PTI7)
Description: Bei der Aktivierung der App „Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/13/2015 07:45:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/13/2015 07:38:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/13/2015 07:37:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/13/2015 07:37:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/13/2015 07:00:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (12/14/2015 08:19:35 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (12/14/2015 08:19:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (12/14/2015 08:19:34 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (12/14/2015 08:19:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (12/14/2015 08:19:34 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (12/14/2015 08:19:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (12/14/2015 08:19:33 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (12/14/2015 08:19:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (12/14/2015 08:19:33 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (12/14/2015 08:19:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.


CodeIntegrity:
===================================
  Date: 2015-11-05 21:45:54.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-05 21:45:54.940
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-05 21:45:54.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-05 21:45:54.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-05 21:45:54.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-24 22:25:32.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-24 22:25:32.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-20 20:00:32.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-20 20:00:32.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-20 20:00:32.493
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 16333.7 MB
Verfügbarer physikalischer RAM: 11761.11 MB
Summe virtueller Speicher: 29293.7 MB
Verfügbarer virtueller Speicher: 22669.21 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:45.69 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:272.84 GB) (Free:86.7 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: () (Fixed) (Total:931.51 GB) (Free:90.53 GB) NTFS
Drive f: (Musik) (Fixed) (Total:25.25 GB) (Free:14.66 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 190E99FE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F9D9866B)
Partition 1: (Active) - (Size=272.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A8EDA91D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== Ende von Addition.txt ============================

deeprybka · 15.12.2015, 11:24

Schritt 1
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind 
yoursites123
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Redbull0329 · 19.01.2016, 21:29

Hat einige Zeit gedauert

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 21:27 on 19/01/2016 by Philipp
Administrator - Elevation successful

========== regfind ==========

Searching for "yoursites123"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yoursites123.com]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yoursites123.com]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com]
[HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com]

-= EOF =-

deeprybka · 19.01.2016, 21:43

Der Scan?

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yoursites123.com]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yoursites123.com]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com]
[-HKEY_USERS\S-1-5-21-4170469713-2190753842-1125926178-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com]

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Entfernen-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Browser Hijacker yoursites123.com - wie entfernen?

Log-Analyse und Auswertung: Browser Hijacker yoursites123.com - wie entfernen?